Posts

Key Findings Three Microsoft Defender zero-day vulnerabilities are being actively exploited in the wild by threat actors BlueHammer (CVE-2026-33825) has been patched as of April Patch Tuesday; RedSun and UnDefend remain unpatched All three flaws were released by researcher Chaotic Eclipse in response to Microsoft's vulnerability disclosure handling BlueHammer and RedSun enable local privilege escalation while UnDefend causes denial-of-service and blocks security definition up

Key Findings 53 DDoS-for-hire domains seized across 21 countries in coordinated operation Four suspects arrested in connection with commercial DDoS services Databases containing over 3 million criminal user accounts accessed More than 75,000 cybercriminals identified and warned via email and letters 25 search warrants issued as part of ongoing investigation Operation PowerOFF demonstrates escalating law enforcement focus on dismantling DDoS infrastructure Background Operation

Key Findings New malware strain named ZionSiphon discovered targeting Israeli water treatment and desalination plants Malware designed to alter chlorine levels and water pressure in critical infrastructure systems Contains hardcoded targeting for specific Israeli facilities and IP ranges Includes political messaging supporting Iran, Yemen, and Palestine Critical flaw in targeting logic prevents malware from executing payload, rendering current sample ineffective Threat actors

Key Findings A European bank's approved Taboola pixel silently redirected authenticated users to a Temu tracking endpoint without bank knowledge or user consent The redirect chain exploited "first-hop bias" — security tools validate the declared origin domain but not the runtime destination of 302 redirects Temu's tracking pixel included Access-Control-Allow-Credentials headers, enabling cross-origin cookie access to the banking session Standard security controls including WA

Key Findings PowMix botnet has been actively targeting Czech workforce since at least December 2025 with previously undocumented malware Campaign uses randomized C2 beaconing intervals and encrypted heartbeat data embedded in REST API-mimicking URLs to evade detection Multi-stage attack chain initiated via phishing emails containing malicious ZIP files with Windows Shortcut (LNK) files PowerShell loader employs AMSI bypass techniques to execute botnet payload directly in memo