top of page
ALL POSTS
Russian-Linked GREYVIBE Hacking Group Uses AI to Target Ukraine
Key Findings Russian-linked threat actor GREYVIBE has conducted persistent cyberattacks against Ukraine and Ukrainian entities since at least August 2025 The group operates from Russian time zones and aligns with Kremlin state interests, particularly intelligence gathering related to the Russo-Ukrainian war GREYVIBE employs five distinct attack chains using spear-phishing, fake CAPTCHA pages, and fraudulent websites to deliver custom malware The group leverages generative AI
May 293 min read
19.6 Billion Open Files Exposed on the Internet Without Password Protection
Key Findings 19.6 billion files exposed across 535,480 publicly accessible cloud storage buckets on AWS S3, Google Cloud, Azure, DigitalOcean, and Alibaba 685,047 credential and key files including .env files, private keys, and password vault databases sitting unprotected 985,645 database exports (.sql files) and 733,040 backup files (.bak) accessible without authentication Over two-thirds of exposed storage located on AWS due to its dominance as the default cloud provider No
May 293 min read
Critical FortiClient EMS Vulnerability Exploited in Active Campaign Delivering EKZ Infostealer
Key Findings Threat actors are actively exploiting CVE-2026-35616, a critical FortiClient EMS vulnerability with a CVSS score of 9.1, to deploy credential-stealing malware across enterprise networks Attackers abuse legitimate FortiClient management pathways to push malicious PowerShell commands, evading traditional network monitoring solutions A new infostealer payload named EKZ Infostealer masquerades as vendor software updates and extracts credentials from Chrome and Firefo
May 283 min read
Critical Security Updates: Privilege Escalation and Remote Code Execution Vulnerabilities Patched in OpenVPN Connect and Veeam
Key Findings Critical privilege escalation vulnerability (CVE-2026-9560, CVSS 9.4) in OpenVPN Connect for macOS allows local attackers to gain root access Affected versions 3.5.1 through 3.8.1 contain insecure local IPC handling in the privileged helper component Version 3.8.2 patches the vulnerability along with authentication and profile management bugs Enterprise deployments require immediate updates to secure corporate endpoints Multiple critical flaws discovered in Veeam
May 282 min read
The CISO Whisperer's Essential Guide to Gartner's Security & Risk Management Summit 2026
Key Findings Twelve cybersecurity vendors identified as high-activity players ahead of Gartner Security & Risk Management Summit 2026 (June 1-3, National Harbor, Maryland) Market shift driven by enterprise demand for autonomous, continuous validation and remediation rather than detection alone AI serving dual role as both accelerant of threats and enabler of enterprise-scale automation Vendors clustering around security operations, exposure management, identity, compliance, a
May 283 min read
Critical Flaw Found in Langflow AI's Architecture
Key Findings Critical vulnerability CVE-2026-7524 in Langflow OSS framework allows arbitrary file reading and remote code execution with CVSS score of 9.8 Flaw exploits symlink handling in archive extraction across Docling, Docling Serve, and Unstructured API modules Attackers can steal JWT secrets, forge authorization tokens, and execute arbitrary Python code through chatbot queries Affects versions 1.0.0 through 1.9.1; patch available in version 1.9.2 Separate critical vuln
May 283 min read
CrowdStrike Dismantles Glassworm Botnet Targeting Open-Source Developer Supply Chain
Key Findings CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet by simultaneously taking down four command-and-control servers that powered a sophisticated supply chain attack campaign The Russia-based threat group infected over 300 GitHub repositories and compromised hundreds of open-source packages across npm, Python, and VSCode extensions since early 2025 Glassworm deployed a multi-layered resilience strategy using the Solana blockchain, BitTorrent DHT,
May 273 min read
Link11 Expands European Operations with New Customer Excellence Hub in Lisbon
Key Findings Link11 is opening a Technical Customer Excellence Hub in Lisbon, Portugal to relocate technical support operations within the EU The hub becomes operational in Q4 2026 and will handle majority of technical support for the company's European customer base Move directly addresses tightened regulatory requirements including DORA, NIS2, and KRITIS legislation Link11 is building an in-house security engineer team rather than relying on third-party providers From Q4 20
May 272 min read
Microsoft SharePoint's New RCE Flaw: Patch Now If You Haven't Already
Key Findings Critical remote code execution vulnerability CVE-2026-45659 identified in Microsoft SharePoint with CVSS score of 8.8 Flaw exploitable by any authenticated user with Site Member permissions or higher, requiring only network access Root cause is unsafe deserialization of untrusted data allowing arbitrary code execution on servers Security patches released for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016 Expl
May 272 min read
Luxury and Financial Services - 586,705 breached accounts
Key Findings ShinyHunters group conducted two separate "pay or leak" extortion campaigns against major companies in early 2026 Mytheresa luxury fashion platform: 84,108 breached accounts containing emails, names, phone numbers, addresses, purchase history, and partial credit card data Ameriprise Financial: 502,597 breached accounts with emails, names, phone numbers, addresses, and employer information from Salesforce and SharePoint systems Both companies had ransom demands th
May 272 min read
MuddyWater's DLL Side-Loading Espionage Campaign Spans 9 Countries
Key Findings MuddyWater conducted a widespread espionage campaign affecting at least nine organizations across nine countries on four continents in Q1 2026 Targets included a major South Korean electronics manufacturer, a Middle Eastern airport, Southeast Asian industrial firms, and Latin American financial services Attackers used DLL side-loading with legitimate binaries (fmapp.exe and sentinelmemoryscanner.exe) to execute malicious code while evading detection ChromElevator
May 263 min read
Anthropic's Claude Mythos AI Uncovers 10,000+ Critical Software Vulnerabilities in First Month
Key Findings Project Glasswing, Anthropic's month-old initiative using Claude Mythos AI, uncovered over 10,000 high or critical-severity vulnerabilities in systemically important software Partner bug discovery rates increased more than tenfold, with Cloudflare identifying 2,000 bugs across critical systems Independent security evaluations confirmed over 90% validity of flagged vulnerabilities, with over 62% confirmed as high or critical severity A critical certificate forgery
May 263 min read
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Organizations
Key Findings North Korea-linked Lazarus Group deployed RemotePE, a memory-only RAT, against financial and cryptocurrency organizations RemotePE executes entirely in memory with no filesystem artifacts, making it difficult to detect and analyze Attack chain uses two loaders (DPAPILoader and RemotePELoader) to decrypt and deploy the final payload using Windows DPAPI Malware employs advanced evasion techniques including Hell's Gate and Event Tracing for Windows (ETW) patching Re
May 262 min read
Apache CXF and ECharts Frameworks Patch Critical Security Vulnerabilities
Key Findings Apache CXF framework patches three severe vulnerabilities including remote code execution, LDAP injection, and XXE attacks LDAP injection flaw (CVE-2026-44930) allows attackers to retrieve arbitrary certificates from internal repositories WS-Transfer XXE vulnerability (CVE-2026-44618) enables adversaries to read sensitive files and map internal networks Incomplete RCE fix (CVE-2026-44417) creates another code execution path through JMS configuration Apache EChart
May 252 min read
Ghost CMS Vulnerability Exploited in Large-Scale ClickFix Campaign Affecting Hundreds of Sites
Key Findings Attackers are actively exploiting CVE-2026-26980, a patched SQL injection flaw in Ghost CMS, to compromise over 700 unpatched websites The vulnerability allows unauthorized access to admin API keys, enabling attackers to inject malicious JavaScript into published articles Compromised sites are being weaponized to deliver ClickFix attacks, tricking users into running malicious commands via fake CAPTCHA pages Affected organizations include universities, media outle
May 254 min read
Netherlands Dismantles Bulletproof Hosting Network Behind Cyberattacks and Disinformation Campaign
Key Findings Dutch authorities arrested two suspects and dismantled a bulletproof hosting network operating approximately 800 servers linked to cyberattacks, disinformation, and sanctions evasion The operation, led by the FIOD financial crime agency, involved coordinated raids across multiple European countries targeting infrastructure used by sanctioned Russian and Belarusian entities The hosting service, operating under the name Stark Industries and later rebranded as THE.H
May 253 min read
Cloud Under Siege: P2Pinfect Botnet Threats Targeting Kubernetes Infrastructure
Key Findings FortiGuard Labs identified persistent P2Pinfect botnet activity within Google Kubernetes Engine clusters targeting multiple enterprise clients One network compromise persisted for six months, demonstrating advanced operational dedication Initial infections originated from exposed Redis instances requiring no complex exploitation, only basic misconfigurations P2Pinfect uses peer-to-peer mesh architecture written in Rust, eliminating single points of failure and de
May 253 min read
Critical RCE Vulnerabilities in Backup and CMS Infrastructure: Unauthenticated Exploits in Kopia and TYPO3
Key Findings Critical unauthenticated remote code execution flaw in Kopia backup server HTTP implementation tracked as CVE-2026-45695 with CVSS score of 9.8 Vulnerability stems from improper command argument parsing in SSH backend handling without input validation or quote handling Attack exploits SSH ProxyCommand injection via the /api/v1/repo/exists endpoint when server runs with --without-password flag Requires only single HTTP request with no user interaction to achieve f
May 242 min read
Supply Chain Attack: 700+ Laravel Lang Versions Infected with RCE Backdoor
Key Findings Over 700 historical versions of laravel-lang localization packages compromised with RCE backdoors across multiple repositories Attack occurred May 22-23, 2026 with automated mass tag publishing seconds apart, indicating infrastructure-level breach Malicious code executes automatically via composer autoload.files on every PHP request in affected applications Second-stage payload deploys 17 specialized credential collectors targeting cloud keys, Kubernetes tokens,
May 233 min read
Cloud Atlas: Upcoming Operations, New Tools, and Payload Deployments (2025-2026)
Key Findings Cloud Atlas, active since 2014, conducted pervasive SSH tunnel operations affecting government and commercial organizations in Russia and Belarus throughout late 2025 and into 2026 The group introduced new tools and malicious payloads, including VBCloud and PowerShower backdoors Primary infection vector remains phishing with ZIP archives containing malicious LNK shortcuts that execute PowerShell scripts Multi-stage attack chain includes persistence mechanisms, de
May 233 min read
bottom of page
