ALL POSTS

Key Findings A China-linked APT group, tracked as UAT-8837, has been targeting critical infrastructure sectors in North America since at least 2025. The threat actor has recently exploited a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS 9.0) to gain initial access to target networks. After obtaining a foothold, UAT-8837 deploys a range of open-source tools to harvest sensitive information, including credentials, security configurations, and Active Director

Key Findings NHIcon 2026 is a virtual conference organized by Aembit examining the technical, operational, and security challenges of agentic artificial intelligence systems in enterprise environments. The event features keynote addresses from industry leaders including Phil Venables, Misam Abbas, and Jason Clinton. The agenda includes over 20 practitioner-led sessions on topics like large language model evaluation, agent behavior, secrets management, and the OWASP Top 10 for

Key Findings AI-enhanced malware is making malware even more difficult to detect AI is used by adversaries to assess, adapt, and move faster than any cyber stack can keep up The industry is trapped in a futile chase, piling on detection tools and adding AI enhancements that still fail to close the foundational gap Enterprises now face an overwhelming flood of alerts, with many organizations reportedly beginning to limit the amount of data they ingest Background AppGuard has r

Key Findings BreachLock expands its Adversarial Exposure Validation (AEV) solution to support autonomous red teaming at the web application layer. BreachLock AEV's generative AI-powered engine can now emulate real-world attacker behavior and validate exploitable weaknesses in web applications. AEV goes beyond identifying theoretical risks and validates their real-world exploitability and business impact. The solution provides deep contextual insights to help security teams pr

Key Findings Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal. A proof-of-concept (PoC) exploit for the vulnerability exists. The flaw allows an unauthenticated attacker to cause a denial-of-service (DoS) condition that can force the firewall into maintenance mode, disrupting network traffic and firewall protection. The vulnerability affects multiple versions of Palo Alto Network

Key Findings Microsoft, in collaboration with law enforcement authorities, has taken coordinated legal action to disrupt the cybercrime subscription service called RedVDS, which has allegedly fueled millions in fraud losses. RedVDS provided criminals with access to disposable virtual computers running unlicensed software, enabling them to operate anonymously and carry out various illicit activities, including phishing, business email compromise (BEC), and financial fraud. Sin

Key Findings HPE Networking has released critical software patches for vulnerabilities in its Instant On series of access points and routers. The flaws include a high-severity Denial-of-Service (DoS) vulnerability (CVE-2025-37166) that can crash devices, and an information exposure issue (CVE-2025-37165) that could leak network configuration details. The update also addresses legacy kernel-level vulnerabilities (CVE-2023-52340, CVE-2022-48839) that could lead to DoS and memor

Key Findings Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. The flaw allows for OS command injection via crafted TCP requests to the phMonitor service running on port 7900. Fortinet has also patched a critical vulnerability in FortiFone (CVE-2025-47

Key Findings GitGuardian, the leading secrets and Non-Human Identity (NHI) security platform, experienced record growth in ARR and customer expansion throughout 2025. 60% of new enterprise customers signed multi-year agreements, demonstrating confidence in GitGuardian's long-term value. GitGuardian's platform now protects more than 115K developers across enterprise customers globally, with over 610K enterprise repositories continuously monitored for exposed secrets. The platf

Key Findings and Insights Preparedness is dangerously low: While 77% of CISOs see third-party risk as a major threat, only 21% have tested crisis response plans in place. Most organizations are blind to vendors: Although 60% report rising third-party breaches, just 41% monitor risk beyond direct suppliers. Shadow AI is creating new attack paths: Despite rapid AI adoption, only 22% of CISOs have formal vetting processes, leaving unmanaged third-party AI tools embedded in core

Key Findings Microsoft released its first security update for 2026, addressing 114 security flaws 8 vulnerabilities were rated Critical, and 106 were rated Important in severity The update includes 58 privilege escalation, 22 information disclosure, 21 remote code execution, and 5 spoofing flaws The update marks the third-largest January Patch Tuesday after January 2025 and January 2022 2 previously disclosed zero-day vulnerabilities were also addressed Background Microsoft r

Key Findings Microsoft released its January 2026 security update, addressing 112 vulnerabilities, including 8 critical flaws One of the "important" vulnerabilities, CVE-2026-20805, is being exploited in the wild 6 out of the 8 critical vulnerabilities are remote code execution (RCE) affecting Windows services and Microsoft Office The remaining 2 critical vulnerabilities are elevation of privilege (EoP) affecting Windows Graphic Component and Windows Virtualization-Based Secur

Key Findings Researchers have discovered a malicious Google Chrome extension named "MEXC API Automator" that steals API keys from MEXC cryptocurrency exchange users. The extension masquerades as a tool to simplify the management of MEXC API keys for automated trading. In reality, the extension programmatically creates new API keys, enables withdrawal permissions, hides the withdrawal permission in the UI, and exfiltrates the API keys to a Telegram bot controlled by the threat

Key Findings: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw impacting Gogs, a lightweight, open-source, self-hosted Git service, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110, has a CVSS score of 8.7 and is a path traversal issue in the PutContents API that allows for local execution of code. The flaw is a bypass for a previously patched remote code execution (RCE) vulnerability, CVE-2024-

Key Findings A critical vulnerability (CVE-2025-12420) has been discovered in the ServiceNow AI Platform, allowing unauthenticated attackers to impersonate legitimate users. The vulnerability has a severity score of 9.3 out of 10 and poses a significant risk of privilege escalation. ServiceNow has released security updates to address the flaw, but self-hosted customers and partners need to take immediate action. Background The vulnerability, dubbed CVE-2025-12420, is a failur

Key Findings: Spanish National Police, in cooperation with Europol and Bavarian authorities, arrested 34 alleged members of the Black Axe criminal network, including 10 Nigerian nationals believed to be leaders. The coordinated law enforcement operation took place in Seville, Madrid, Malaga, and Barcelona, significantly disrupting the group's activities. Black Axe is a highly structured, hierarchical criminal organization with origins in Nigeria and a global presence in dozen

Here is the article with the key findings in bullet point format, the background as the first major point, and the headers formatted with ##: Key Findings Threat actors uploaded 8 malicious packages on the npm registry masquerading as n8n workflow automation integrations to steal OAuth credentials One such package, "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit", mimicked a Google Ads integration and prompted users to link their advertising account to siphon the credentials This atta

Here is an article in the requested format: Key Findings Cybersecurity researchers have uncovered two service providers that supply online criminal networks with tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy. Since 2016, Chinese-speaking criminal groups have established industrial-scale scam centers across Southeast Asia, creating special economic zones devoted to fraudulent investment and impersonation operations. These compounds host thous

Key Findings: Aaron Swartz's life, work, and ideals continue to shape the internet, digital rights, and the concept of knowledge as a public good. Swartz believed that access to knowledge was a fundamental right and challenged the monopolization of information by academic publishers and institutions. His decision to download and share academic papers was an act of civil disobedience, which led to aggressive government prosecution and his tragic death at the age of 26. Swartz'

Key Findings A new vulnerability, CVE-2025-68493, has been discovered in the Apache Struts 2 web application framework. The flaw, which affects multiple versions of Struts 2, allows for XML External Entity (XXE) injection attacks. The vulnerability can lead to data disclosure, denial of service, and server-side request forgery (SSRF). The issue stems from improper validation of XML configurations in the XWork component of Struts 2. Background Apache Struts 2 is a popular open