AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
2026 January(89) February(123) March(106) April(63) May(0) June(0) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 11.4.26 | Adobe Reader zero-day vulnerability in active exploitation | On April 7, 2026, a security researcher described an Adobe Reader zero-day vulnerability that has been exploited since at least December 2025. The vulnerability allows threat actors to execute privileged Acrobat APIs via specially crafted malicious PDF files that execute obfuscated JavaScript when opened. Exploitation allows attackers to steal sensitive user and system data and to potentially launch additional attacks and remotely execute code. | Exploit blog | SOPHOS |
| 11.4.26 | We let OpenClaw loose on an internal network. Here’s what it found | “Even the most ‘risk-on’ organizations with deep AI and security experience, will likely find it challenging to configure OpenClaw in a way that effectively mitigates the risk of compromise or data loss, while still retaining any productivity value.” | AI blog | SOPHOS |
| 11.4.26 | Axios npm package compromised to deploy malware | On March 30, 2026, a supply chain security attack targeted Axios, a widely used JavaScript HTTP client for web and Node.js applications. Third-party researchers identified that Axios versions 1.14.1 and 0.30.4 published to the npm registry were compromised following the apparent takeover of a legitimate maintainer account. An attacker published unauthorized package updates that appeared legitimate. | Incident blog | SOPHOS |
| 11.4.26 | FCC Bans Routers Made Outside USA. But What IS a Router? | The FCC recently announced a ban on the sale of consumer-grade internet routers manufactured outside the United States. More specifically, the FCC received a National Security Determination that caused them to update their “Covered List,” to include all foreign-made consumer-grade routers. | BigBrother blog | Eclypsium |
| 11.4.26 | Eclypsium Detects F5 BIG-IP Remote Code Execution Vulnerability (CVE-2025-53521) | A vulnerability in F5 BIG-IP systems that allows unauthenticated remote code execution by attackers has been added to the CISA Known Exploited Vulnerabilities catalog. CVE-2025-53521 was disclosed on October 15, 2025, but only added to the KEV on March 27, 2026. The vulnerability was originally given a severity score of 7.5, but was adjusted upward to 9.8 when new information emerged in March. | Vulnerebility blog | Eclypsium |
| 11.4.26 | When Geopolitical Conflict Spills into Cyberspace — How US Organizations Should Respond | The 2026 Iran-US-Israel escalation shows how cyber warfare attacks are reshaping conflict, merging cyber warfare attacks with kinetic operations AI. | AI blog | Cyble |
| 11.4.26 | The Week in Vulnerabilities: OpenClaw, FreeBSD, F5 BIG-IP, and Critical ICS Bugs | Vulnerabilities in OpenClaw, FreeBSD, F5 BIG-IP, and industrial control systems show risks growing across enterprise and critical infrastructure environments. | Vulnerebility blog | Cyble |
| 11.4.26 | Dual-Brain Architecture: The Cybersecurity AI Innovation That Changes Everything | Agentic AI architecture enables dual-brain cybersecurity with predictive intelligence, autonomous response, and faster, smarter threat defense. | AI blog | Cyble |
| 11.4.26 | UK Businesses Are Being Targeted Through Their Middle East Supply Chains — What to Do Now | Middle East supply chain risk is exposing UK businesses to indirect cyber threats through vendors, dependencies, and geopolitical tensions. | BigBrother blog | Cyble |
| 11.4.26 | Remus: Unmasking The 64-bit Variant of the Infamous Lumma Stealer | When the security industry talks about information stealers, Lumma Stealer, without a doubt, has become the notorious icon of this landscape. Not only could it count itself among the most sophisticated, technically advanced, and widespread stealers-as-a-service in the world, but it was also described in a variety of blog posts from basically everyone in the industry, including us. | Malware blog | GENDIGITAL |
| 11.4.26 | Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees | Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. | Hacking blog | Microsoft blog |
| 11.4.26 | SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks | Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure. | BigBrother blog | Microsoft blog |
| 11.4.26 | Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations | The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware. | Ransom blog | Microsoft blog |
| 11.4.26 | Mitigating the Axios npm supply chain compromise | On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. | Hacking blog | Microsoft blog |
| 11.4.26 | TrendAI Insight: New U.S. National Cyber Strategy | TrendAI reviews the White House National Cyber Strategy, outlining six pillars to strengthen U.S. cybersecurity—from deterrence and regulation to federal modernization, critical infrastructure protection, AI leadership, and workforce development. | AI blog | Trend Micro |
| 11.4.26 | Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do | Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk. | Malware blog | Trend Micro |
| 11.4.26 | U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 | The first quarter of 2026 has reinforced a hard truth: U.S. government agencies and educational institutions are operating in the most hostile cyber threat environment ever recorded. | BigBrother blog | Trend Micro |
| 11.4.26 | n8n Expression Sandbox Bypass RCE | n8n AI Workflow Automation Expression Sandbox Bypass to Remote Code Execution Vulnerability (CVE-2026-1470) | ICS blog | SonicWall |
| 11.4.26 | Unpacking the Nursultan Client PyInstaller Telegram Malware | The SonicWall Capture Labs threat research team identified a PyInstaller-packed Windows executable distributed as "NursultanClient" — a full-featured Telegram RAT targeting Windows systems. | Malware blog | SonicWall |
| 11.4.26 | GPT Academic Pickle Deserialization Remote Code Execution | GPT Academic Pickle Deserialization Remote Code Execution(CVE-2026-0763) | AI blog | SonicWall |
| 11.4.26 | Double Agents: Exposing Security Blind Spots in GCP Vertex AI | Artificial intelligence (AI) agents are quickly advancing into powerful autonomous systems that can perform complex tasks. These agents can be integrated into enterprise workflows, interact with various services and make decisions with a degree of independence. Google Cloud Platform’s Vertex AI, with its Agent Engine and Application Development Kit (ADK), provides a comprehensive platform for developers to build and deploy these sophisticated agents. | AI blog | Palo Alto |
| 11.4.26 | When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications | Multi-agent AI systems extend beyond single-agent architectures by enabling groups of specialized agents to collaborate on complex tasks. This approach improves functionality and scalability, but it also expands the attack surface, introducing new pathways for exploitation through inter-agent communication and orchestration. | AI blog | Palo Alto |
| 11.4.26 | Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets | Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. The flaw stems from the abuse of TrueConf’s updater validation mechanism, allowing an attacker who controls the on-premises TrueConf server to distribute and execute arbitrary files across all connected endpoints. | Cyber blog | CHECKPOINT |
| 11.4.26 | From the field to the report and back again: How incident responders can use the Year in Review | The Year in Review distills Talos IR's observations into structured intelligence, but defenders should also be feeding this report back into their own preparation cycles. Here's how. | Incident blog | CISCO TALOS |
| 11.4.26 | New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations | Cisco Talos uncovered a cluster of activity we track as UAT-10362 conducting spear-phishing campaigns against Taiwanese non-governmental organizations (NGOs) and suspected universities to deliver a newly identified malware family, “LucidRook.” | Malware blog | CISCO TALOS |
| 11.4.26 | The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines | Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. | Phishing blog | CISCO TALOS |
| 11.4.26 | Year in Review: Vulnerabilities old and new and something React2 | The year was characterized by an unending beat-down on infrastructure that relied on older enmeshed dependencies (e.g., Log4j and PHPUnit), while React2Shell rocketed to the highest percentage of attacks for the entire year within the last three weeks of 2025. | Vulnerebility blog | CISCO TALOS |
| 11.4.26 | [Video] The TTP Ep. 22: The Collapse of the Patch Window | In this episode of The Talos Threat Perspective, we discuss how vulnerability exploitation is accelerating, and why attacker speed, AI, and exposed systems are affecting the patch window. | Cyber blog | CISCO TALOS |
| 11.4.26 | The threat hunter’s gambit | Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors. | Cyber blog | CISCO TALOS |
| 11.4.26 | Talos Takes: 2025's ransomware trends and zombie vulnerabilities | In this episode of Talos Takes, Amy and Pierre Cadieux unpack the ransomware and vulnerability trends that defined 2025. | Cyber blog | CISCO TALOS |
| 11.4.26 | Do not get high(jacked) off your own supply (chain) | In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. If we are all building on such shaky foundation, what can we do to keep safe? | Hacking blog | CISCO TALOS |
| 11.4.26 | Axios NPM supply chain incident | Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure. | Incident blog | CISCO TALOS |
| 11.4.26 | Recovery scammers hit you when you’re down: Here’s how to avoid a second strike | If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. | Spam blog | Eset |
| 11.4.26 | As breakout time accelerates, prevention-first cybersecurity takes center stage | Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. | AI blog | Eset |
| 11.4.26 | Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion | Masjesu Botnet: Deep dive into the commercially-run IoT threat, its stealth, multi-XOR evasion, and expanded architecture targets. Secure your network! | BotNet blog | Trelix |
| 4.4.26 | Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtualized environments. These operations directly target the VMware vSphere ecosystem, specifically the vCenter Server Appliance (VCSA) and ESXi hypervisors. To help organizations stay ahead of these risks, we will focus on the essential hardening strategies and mitigating controls necessary to secure these critical assets. | Malware blog | GTI | |
| 4.4.26 | Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targeting the popular Node Package Manager (NPM) package "axios." Between March 31, 2026, 00:21 and 03:20 UTC, an attacker introduced a malicious dependency named "plain-crypto-js" into axios NPM releases versions 1.14.1 and 0.30.4. Axios is the most popular JavaScript library used to simplify HTTP requests, and these packages typically have over 100 million and 83 million weekly downloads, respectively. | APT blog | GTI | |
| 4.4.26 | Eclypsium Detects F5 BIG-IP Remote Code Execution Vulnerability (CVE-2025-53521) | A vulnerability in F5 BIG-IP systems that allows unauthenticated remote code execution by attackers has been added to the CISA Known Exploited Vulnerabilities catalog. CVE-2025-53521 was disclosed on October 15, 2025, but only added to the KEV on March 27, 2026. | Vulnerebility blog | Eclypsium |
| 4.4.26 | Operation DualScript – A Multi-Stage PowerShell Malware Campaign Targeting Cryptocurrency and Financial Activity | Operation DualScript – A Multi-Stage PowerShell Malware Campaign Targeting Cryptocurrency and Financial Activity Introduction During our investigation, we identified a multi-stage malware infection leveraging Scheduled Task persistence, VBScript launchers, and PowerShell-based execution. The attack operates through two parallel chains:... | Cyber blog | Seqrite |
| 4.4.26 | The Week in Vulnerabilities: AI Frameworks, VMware, and Critical ICS Exposure | Critical vulnerabilities in AI frameworks, VMware environments, EV charging platforms, and ICS systems show growing risks across enterprise and industrial ecosystems. | Cyber blog | Cyble |
| 4.4.26 | How Cyble Blaze AI Predicts Cyber Threats 6 Months in Advance Using Agentic Intelligence | Predictive Cybersecurity with Cyble Blaze AI uses agentic AI to forecast threats months ahead and automate faster, smarter responses. | AI blog | Cyble |
| 4.4.26 | Professional Networks Under Attack: Vietnam-Linked Actors Deploy PXA Stealer in Global Infostealer Campaign | Cyble dissects a LinkedIn job‑lure campaign, exposing its multi‑stage PXA Stealer tactic that hijacks accounts and steals sensitive data. | APT blog | Cyble |
| 4.4.26 | Hybrid Warfare 2026: When Cyber Operations and Kinetic Attacks Converge | In 2026, hybrid warfare blends cyberattacks and physical strikes, disrupting infrastructure and shaping global security dynamics. | Cyber blog | Cyble |
| 4.4.26 | Mitigating the Axios npm supply chain compromise | On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. | Incident blog | Microsoft blog |
| 4.4.26 | TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM | Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows. | Hacking blog | Trend Micro |
| 4.4.26 | Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads | A supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging. | Incident blog | Trend Micro |
| 4.4.26 | Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads | A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks. | AI blog | Trend Micro |
| 4.4.26 | Three Decades for a 3-Line Fix: The Critical telnetd Bug Hiding in Plain Sight (CVE-2026-32746) | The SonicWall Capture Labs threat research team became aware of an out-of-bounds write vulnerability in the Telnet server shipped with GNU Inetutils, assessed its impact and developed mitigation measures. Telnetd hardly needs an introduction. It is one of the oldest and most widely distributed network utilities on Linux systems. | Vulnerebility blog | SonicWall |
| 4.4.26 | GPT Academic Pickle Deserialization Remote Code Execution | SonicWall Capture Labs threat research team became aware of the threat CVE-2026-0763, assessed its impact, and developed mitigation measures for this vulnerability. The flaw, also tracked as ZDI-26-029, is a critical unauthenticated remote code execution vulnerability affecting GPT Academic in versions 3.91 and earlier. | AI blog | SonicWall |
| 4.4.26 | Double Agents: Exposing Security Blind Spots in GCP Vertex AI | Artificial intelligence (AI) agents are quickly advancing into powerful autonomous systems that can perform complex tasks. These agents can be integrated into enterprise workflows, interact with various services and make decisions with a degree of independence. Google Cloud Platform’s Vertex AI, with its Agent Engine and Application Development Kit (ADK), provides a comprehensive platform for developers to build and deploy these sophisticated agents. | AI blog | Palo Alto |
| 4.4.26 | ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime | Sensitive data shared with ChatGPT conversations could be silently exfiltrated without the user’s knowledge or approval. | AI blog | CHECKPOINT |
| 4.4.26 | Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets | Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. The flaw stems from the abuse of TrueConf’s updater validation mechanism, allowing an attacker who controls the on-premises TrueConf server to distribute and execute arbitrary files across all connected endpoints. | Hacking blog | CHECKPOINT |
| 4.4.26 | UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications | Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we currently track as UAT-10608. The campaign is primarily leveraging a collection framework dubbed “NEXUS Listener.” | Hacking blog | CISCO TALOS |
| 4.4.26 | Qilin EDR killer infection chain | This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. | Hacking blog | CISCO TALOS |
| 4.4.26 | Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders | A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defenders should prioritize now. | Cyber blog | CISCO TALOS |
| 4.4.26 | An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases | There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024. | Ransom blog | CISCO TALOS |
| 4.4.26 | Do not get high(jacked) off your own supply (chain) | In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. If we are all building on such shaky foundation, what can we do to keep safe? | Hacking blog | CISCO TALOS |
| 4.4.26 | Axios NPM supply chain incident | Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure. | Incident blog | CISCO TALOS |
| 4.4.26 | The democratisation of business email compromise fraud | This week, Martin tells the story of a crime he encountered and how it shows that the threat landscape is changing. | BigBrother blog | CISCO TALOS |
| 4.4.26 | [Video] The TTP Ep 21: When Attackers Become Trusted Users | An episode of the Talos Threat Perspective on the 2025 Year in Review trends. We explore how identity is being used to gain, extend, and maintain access inside environments. | Cyber blog | CISCO TALOS |
| 4.4.26 | Ransomware in 2025: Blending in is the strategy | A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. | Ransom blog | CISCO TALOS |
| 4.4.26 | Digital assets after death: Managing risks to your loved one’s digital estate | Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay. | Spam blog | Eset |
| 4.4.26 | This month in security with Tony Anscombe – March 2026 edition | The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan | Cyber blog | Eset |