ALL POSTS

Key Findings * Coruna and DarkSword exploit kits target outdated iOS versions * Apple warns users to update iOS to prevent data theft * Exploit kits can compromise iPhones through malicious web content * Devices running latest iOS versions are protected * Multiple threat actors are utilizing these exploit techniques Background Apple has identified significant security vulnerabilities in older iOS versions that can be exploited by sophisticated web-based attack frameworks. The

Key Findings DarkSword is a sophisticated iOS exploit kit targeting devices running iOS 18.4-18.7 Developed by UNC6353, likely a Russia-linked group Exploits six vulnerabilities, including three zero-days Enables full device compromise with minimal user interaction Targets sensitive data, including credentials and crypto wallet information Operates in a "hit-and-run" approach, exfiltrating data quickly and then cleaning traces Background DarkSword emerged in late 2025 as a po

Key Findings DoJ disrupted command-and-control infrastructure for 4 IoT botnets Botnets infected approximately 3 million devices worldwide Attacks measured up to 31.4 Tbps, causing potential massive internet disruption Botnets launched hundreds of thousands of DDoS attack commands Potential suspects include a 23-year-old Canadian and a 15-year-old German Multiple international law enforcement agencies and tech companies collaborated on the operation Background The botnet disr

Key Findings * 54 endpoint detection and response (EDR) killer tools detected * 34 unique signed vulnerable drivers exploited * Technique known as Bring Your Own Vulnerable Driver (BYOVD) widely used * Primarily targeting ransomware defense evasion * Three main categories of threat actors develop these tools * Kernel-mode privilege escalation is primary attack mechanism Background Endpoint detection and response (EDR) killer tools have emerged as a critical threat in modern c

Here's the article in the requested format: Key Findings * Malicious Windsurf IDE extension targeting software developers * Uses Solana blockchain to retrieve encrypted malware instructions * Selectively avoids targeting systems with Russian connections * Steals passwords and browser session cookies * Creates persistent hidden task for continued system access Background A new cybersecurity threat has emerged targeting software developers through a sophisticated malware campai

Key Findings CISA added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog Vulnerabilities affect Microsoft SharePoint and Zimbra Collaboration Suite Federal agencies required to patch these vulnerabilities by specific deadlines One vulnerability allows remote code execution, the other enables cross-site scripting Background The U.S. Cybersecurity and Infrastructure Security Agency (CISA) continues its proactive approach to identifying and addressing

Key Findings * Interlock ransomware group exploited CVE-2026-20131 in Cisco FMC 36 days before public disclosure * Zero-day vulnerability allows unauthenticated remote code execution with root privileges * Amazon Threat Intelligence discovered exploitation using global honeypot network * Attackers used sophisticated multi-stage attack with custom tools and evasion techniques * Targeted sectors include education, healthcare, industry, and government Background The Interlock ra

Key Findings * New .NET AOT malware campaign discovered by Howler Cell researchers * Uses Ahead-of-Time (AOT) compilation to evade standard security detection * Multi-stage attack with sophisticated evasion techniques * Targets individual systems through phishing emails * Employs complex scoring system to determine victim validity Background The emergence of this malware represents a sophisticated evolution in cyberthreat techniques. Traditional malware detection relies on an

Key Findings * Critical unauthenticated remote code execution vulnerability in GNU InetUtils telnetd * CVE-2026-32746 with CVSS score of 9.8 * Affects all versions through 2.7 * Exploitable by sending crafted message during initial connection handshake * No authentication required to trigger vulnerability * Potential for complete system compromise Background The vulnerability was discovered by Israeli cybersecurity company Dream on March 11, 2026. It impacts the GNU InetUtils

Key Findings * Ubuntu Desktop 24.04+ vulnerable to high-severity root privilege escalation (CVE-2026-3888) * CVSS score of 7.8 indicates critical security risk * Exploit involves timing manipulation of systemd-tmpfiles and snap-confine * Attack requires local access with 10-30 day window of opportunity * Potential for complete system compromise * Affects multiple Ubuntu versions and upstream snapd releases Background The vulnerability stems from an interaction between two cor

Key Findings * RondoDox botnet targeting 174 different vulnerabilities between May 2025 and February 2026 * Daily exploit attempts peaked at 49, stabilized around 40, then sharply declined in early 2026 * Nearly half of exploited flaws used only once, indicating rapid testing and selection * Quickly adopts newly disclosed vulnerabilities, sometimes within weeks * Targets diverse device types including routers, DVRs, NVRs, CCTV systems, and web servers * Demonstrates inconsist

Key Findings • 29 million new secrets leaked on GitHub in 2025 • 81% increase in AI service credential leaks • Public GitHub commits increased 43% year-over-year • Secret leak rates in AI-assisted code are 2× baseline • Internal repositories 6× more likely to contain hardcoded secrets Background The year 2025 marked a transformative period in software development, characterized by unprecedented AI adoption and acceleration of software creation workflows. GitGuardian's annual

Key Findings * Amazon Bedrock AgentCore Code Interpreter enables DNS-based data exfiltration and RCE * LangSmith vulnerable to token theft via URL parameter injection (CVE-2026-25750) * Sandbox mode in AI services can be exploited to bypass network isolation * Potential for unauthorized data access and command execution across multiple platforms Background BeyondTrust cybersecurity researchers discovered critical vulnerabilities in AI execution environments that compromise ne

Key Findings * Researchers discovered a vulnerability in AWS Bedrock AgentCore Code Interpreter * DNS queries can be exploited to leak sensitive data from supposedly isolated AI systems * Vulnerability received a high-risk severity score of 7.5/10 * AWS responded by updating documentation instead of creating a full patch * Potential risks include data breaches and infrastructure compromise Background AWS Bedrock is a platform for building AI applications, with the AgentCore C

Key Findings * GlassWorm malware campaign targeting Python repositories * Attackers use stolen GitHub tokens to force-push malicious code * Targets Python projects including Django apps, ML code, and PyPI packages * Earliest injections traced to March 8, 2026 * Uses a new offshoot called "ForceMemo" * Leverages malicious VS Code and Cursor extensions to steal credentials * Payload includes cryptocurrency theft and data exfiltration capabilities Background The GlassWorm attack

Key Findings * Russia-linked APT group targets Ukrainian organizations using DRILLAPP backdoor * Utilizes Microsoft Edge debugging to evade detection * Two campaign variants observed in February 2026 * Capability to access file systems, microphone, camera, and screen recordings * Linked to Laundry Bear (UAC-0190/Void Blizzard) APT group Background The DRILLAPP backdoor campaign represents a sophisticated cyber espionage effort targeting Ukrainian entities. Attributed to a Rus

Key Findings * FBI investigating malware spread through eight Steam games * Timeframe of infection: May 2024 to January 2026 * Games include BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova * Investigation focuses on cryptocurrency theft and account hijacking * Victims invited to voluntarily provide information to aid investigation Background The FBI's Seattle Division has launched a comprehensive investigation into malicious Steam games that ha

Here's the article in the requested format: Key Findings * Android 17 Beta 2 blocks non-accessibility apps from using Accessibility Services API * Advanced Protection Mode (AAPM) automatically revokes permissions for non-accessibility tools * Only verified accessibility tools can use the API when AAPM is enabled * Targets malware that has historically abused accessibility services for data theft Background Android's Accessibility Services API has long been a double-edged swor

Key Findings Payload Ransomware claims to have breached Royal Bahrain Hospital (RBH) 110 GB of data allegedly stolen Threat to release data if ransom not paid by March 23, 2026 Attack targets a healthcare facility serving multiple Middle Eastern countries Background Royal Bahrain Hospital, established in 2011, is a 70-bed healthcare facility providing comprehensive medical services including surgery, maternity care, and diagnostics. Located in Bahrain, the hospital serves pat

Here's the markdown-formatted article based on the source material: Key Findings OpenClaw AI agent has multiple critical security vulnerabilities Prompt injection attacks can lead to data exfiltration and unauthorized system access Chinese authorities have moved to restrict OpenClaw usage in government and military environments Malicious actors are exploiting the platform's popularity to distribute malware Background OpenClaw is an open-source, self-hosted autonomous AI agent