ALL POSTS

Key Findings North Korea-linked threat actor UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive victims UNC1069 has a history of conducting social engineering campaigns for financial gain using fake meeting invites and posing as investors from reput

Key Findings A new Linux botnet called SSHStalker has been discovered, leveraging IRC for command-and-control (C2) purposes The botnet combines old-school 2009-era Linux kernel exploits with automated mass-compromise techniques to infect around 7,000 systems, primarily cloud servers Unlike typical botnets focused on DDoS attacks or cryptocurrency mining, SSHStalker maintains persistent access without immediate follow-on activities, suggesting potential infrastructure staging

Key Findings GitGuardian, a leading secrets and Non-Human Identity (NHI) security platform, has raised $50 million in a Series C funding round. The funding round was led by global software investor Insight Partners, alongside Quadrille Capital and existing investors. The investment will fuel GitGuardian's expansion in secrets and AI agent security as organizations grapple with exponential growth in non-human identities. Background GitGuardian is the #1 app on the GitHub Marke

Key Findings Microsoft released security updates to address 59 vulnerabilities, including 6 that are actively being exploited in the wild. Of the 59 flaws, 5 are rated Critical, 52 are rated Important, and 2 are rated Moderate in severity. 25 of the patched vulnerabilities are privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). The 6 actively e

Key Findings North Korean IT operatives are applying to remote positions using real LinkedIn accounts of individuals they are impersonating The goal is to secure jobs at Western companies and conduct espionage, data theft, and ransomware attacks The threat is tracked by the cybersecurity community as Jasper Sleet, PurpleDelta, and Wagemole The impersonated LinkedIn profiles often have verified workplace emails and identity badges to appear legitimate Once employed, the DPRK w

Key Findings Microsoft released security updates to address 58 new vulnerabilities across Windows, Office, Azure, Edge, Exchange, Hyper-V, and other components. The update includes fixes for 6 zero-day vulnerabilities that are being actively exploited in the wild. 5 of the vulnerabilities were rated as "Critical" by Microsoft. Several vulnerabilities affect high-profile targets like GitHub Copilot, IDEs, and Azure cloud services. Background This month's Patch Tuesday from Mic

Key Findings Dutch Data Protection Authority (AP) and Council for the Judiciary (Rvdr) confirmed cyber attacks exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities Attacks exposed employee contact information, including names, work emails, and phone numbers European Commission also detected a cyberattack on its mobile device management platform, exposing some staff names and phone numbers Ivanti acknowledged vulnerabilities (CVE-2026-1281 and CVE-2026-1340) have b

Key Findings China-nexus cyber espionage group UNC3886 targeted Singapore's telecommunications sector in a deliberate, targeted, and well-planned campaign All four of Singapore's major telecom operators - M1, SIMBA Telecom, Singtel, and StarHub - were targeted by UNC3886 UNC3886 used sophisticated tools, including a zero-day exploit to bypass a perimeter firewall, and deployed rootkits to establish persistent access and conceal their activities Background UNC3886 is an advanc

Key Findings The European Commission detected a cyber attack on its central mobile device management infrastructure on January 30, 2026. The attack may have exposed the personal details, including names and phone numbers, of some Commission staff members. However, the Commission's swift response contained the breach within 9 hours and ensured that no mobile devices were compromised. The attack is linked to critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti's

Key Findings Criminal IP (criminalip.io) integrates with IBM QRadar SIEM and QRadar SOAR to deliver real-time threat intelligence. The integration brings external, IP-based threat intelligence into QRadar's detection, investigation, and response workflows. This enables security teams to identify malicious activity faster and prioritize response actions more effectively. Background IBM QRadar is a widely adopted SIEM and SOAR platform used by enterprises and public-sector orga

Key Findings Critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products Tracked as CVE-2026-1731 with a CVSS score of 9.9 Allows unauthenticated remote attackers to execute OS commands and compromise systems Affects RS versions 25.3.1 and prior, and PRA versions 24.3.4 and prior Patches available in RS v25.3.2+ and PRA v25.1.1+ Customers with older versions (RS <21.3, PRA <22.1) must upgrade b

Key Findings A critical SQL injection vulnerability (CVE-2026-21643) with a CVSS score of 9.1 has been discovered in Fortinet's FortiClient Enterprise Management Server (EMS) The flaw allows unauthenticated remote code execution, enabling attackers to take full control of the management server without any credentials The vulnerability is caused by improper sanitization of user input, allowing malicious SQL commands to be injected and executed The vulnerability affects FortiCl

Key Findings Critical vulnerability (CVE-2026-1868) discovered in GitLab self-hosted AI Gateway with a CVSS score of 9.9 Flaw allows attackers to execute arbitrary code or trigger a Denial of Service on affected systems The vulnerability is caused by improper sanitization of user-supplied templates in the Duo Workflow Service Affects versions 18.1.6, 18.2.6, and 18.3.1 of the GitLab AI Gateway Patched versions 18.6.2, 18.7.1, and 18.8.1 have been released to address the issue

Key Findings DKnife is a Linux-based toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks The toolkit is designed for deep packet inspection, traffic manipulation, credential harvesting, and malware delivery DKnife has been linked to China-nexus threat actors with high confidence The toolkit targets Chinese-speaking users, stealing credentials from Chinese services and popular Chinese apps DKnife hijacks software downloads and Androi

Firefox Will Give Users an AI Kill Switch for Better Privacy Key Findings: Mozilla is releasing Firefox 148 on February 24, 2026, which introduces a dedicated AI controls section in the desktop settings. This includes a "global kill switch" that allows users to opt out of AI features entirely by flipping a single toggle. Turning off AI features stops the browser from sending data to external companies for processing through API calls. Users can also customize which AI tools t

Key Findings On February 6, 2026, South Korean cryptocurrency exchange Bithumb accidentally credited 620,000 bitcoins (worth around $40 billion) to 695 customer accounts instead of the small rewards (worth around $1.40) they were supposed to receive. The error occurred due to a system configuration mistake during a promotional event, where the payment unit was mistakenly set as "BTC" instead of "Korean won". Bithumb was able to recover 99.7% of the mistakenly distributed bitc

Key Findings: German security agencies BfV and BSI have issued a joint advisory warning of a malicious cyber campaign targeting high-ranking individuals in politics, military, diplomacy, and investigative journalism in Germany and Europe. The campaign involves phishing attacks over the Signal messaging app, aiming to gain unauthorized access to victims' accounts and compromise their confidential communications. The attacks do not involve malware or technical vulnerabilities,

Key Findings DKnife is a gateway-monitoring and adversary-in-the-middle (AitM) framework operated by China-nexus threat actors since at least 2019 It comprises seven Linux-based implants designed for deep packet inspection, traffic manipulation, and malware delivery via routers and edge devices The framework's primary targets appear to be Chinese-speaking users, based on the presence of credential harvesting phishing pages for Chinese email services and exfiltration modules f

Key Findings The AISURU/Kimwolf botnet hit a record-breaking 31.4 Tbps DDoS attack that lasted just 35 seconds in November 2025. Cloudflare automatically detected and blocked the attack as part of a surge in hyper-volumetric HTTP DDoS attacks observed in late 2025. The number and size of DDoS attacks increased significantly in 2025, with a 40% rise in hyper-volumetric attacks in Q4 2025 compared to the previous quarter. The largest attacks targeted Cloudflare customers in the

Key Findings IBM has disclosed a critical vulnerability, CVE-2025-13375, in its Common Cryptographic Architecture (CCA) software with a CVSS score of 9.8. The flaw allows unauthenticated attackers to execute arbitrary commands with elevated privileges on the system, exposing the IBM Hardware Security Modules (HSMs). The vulnerability affects specific versions of the CCA software running on IBM's 4769 and 4770 cryptographic coprocessors, as well as the IBM i platform. The impa