ALL POSTS

Key Findings CISA has issued a binding operational directive ordering federal civilian executive branch (FCEB) agencies to stop using "edge devices" like firewalls and routers that their manufacturers no longer support. The directive aims to tackle a persistent attack vector that has factored into major and common cyber exploits in recent years. Unsupported edge devices pose serious risks as they are vulnerable to newly discovered and unpatched flaws that can provide hackers

Key Findings Anthropic's latest AI model, Claude Opus 4.6, has found over 500 previously unknown high-severity security flaws in major open-source libraries like Ghostscript, OpenSC, and CGIF. The model was able to identify vulnerabilities by parsing commit histories, spotting dangerous functions, and understanding complex algorithmic concepts. Anthropic says Opus 4.6 can "read and reason about code the way a human researcher would", enabling it to find vulnerabilities that t

Key Findings The Aisuru/Kimwolf botnet launched a record-setting DDoS attack that peaked at 31.4 Tbps and 200 million requests per second. The attack was part of a broader campaign targeting multiple organizations, primarily in the telecommunications and IT sectors. Cloudflare automatically detected and mitigated the attack, which they dubbed "The Night Before Christmas" due to its timing in late December 2025. The Aisuru/Kimwolf botnet is a large-scale network of malware-inf

Key Findings Cisco has released urgent updates to address critical vulnerabilities in Cisco Meeting Management and Cisco TelePresence Collaboration Endpoint (CE) Software The vulnerabilities could allow attackers to seize control of meeting management systems or crash communication endpoints The most severe flaw, CVE-2026-20098, carries a high CVSS score of 8.8 and allows remote attackers to execute arbitrary commands with root privileges Background Cisco Meeting Management i

Key Findings Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. The activity cluster, tracked by Check Point Research under the moniker "Amaranth-Dragon," shares links to the APT 41 ecosystem. Targeted countries include Cambodia, Thailand, Laos, Indonesia, Singapore, and the Philippines. The campaigns were timed to coincide with sensitive

Key Findings: Microsoft warns that info-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments. Attackers are leveraging cross-platform languages like Python and abusing trusted platforms to distribute infostealer malware at scale. Background Since late 2025, Microsoft has observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix-style prompts and malicious DMG installers. These campaigns deploy macO

Key Findings MomentProof, Inc. has successfully deployed its patented digital asset certification and verification technology, MomentProof Enterprise, for insurance provider AXA. The technology enables cryptographically authentic and tamper-proof digital assets, including images, videos, and voice recordings, to be used in insurance claims processing. MomentProof's solution ensures claims evidence is protected against AI-based manipulation, deepfakes, and other digital altera

Key Findings One Identity, a leader in unified identity security, has appointed Gihan Munasinghe as Chief Technology Officer. Munasinghe brings over 15 years of experience leading global engineering organizations and delivering large-scale, customer-centric software platforms. In this role, he will lead the engineering organization and set technology strategy, prioritizing innovation to best serve customers. Prior to One Identity, Munasinghe held senior leadership roles at se

Key Findings Notepad++ update infrastructure was compromised from June to December 2025 Attackers rotated C2 server addresses, downloaders, and final payloads over 4 months Attacks targeted individuals, government, financial, and IT organizations in various countries Kaspersky solutions were able to block the identified attacks as they occurred Background On February 2, 2026, the developers of Notepad++, a popular text editor among developers, published a statement claiming t

Key Findings Threat actors have been observed exploiting a critical security flaw, CVE-2025-11953, impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. The vulnerability, also known as "Metro4Shell," allows remote unauthenticated attackers to execute arbitrary operating system commands on the underlying host. VulnCheck, a cybersecurity company, first observed the exploitation of this flaw on December 21, 2025, with a CVSS score of 9

Key Findings The notorious Russia-linked threat group APT28 (also known as Fancy Bear) has launched a new campaign dubbed "Operation Neusploit" targeting Central and Eastern Europe. The campaign leverages a recently patched Microsoft Office vulnerability, CVE-2026-21509, to deliver custom backdoors against strategic targets in Ukraine, Slovakia, and Romania. The attack uses specially crafted RTF documents as the initial vector, exploiting the vulnerability to initiate a multi

Key Findings The Notepad++ hosting infrastructure was compromised, allowing threat actors to hijack update traffic and deliver a previously undocumented backdoor codenamed Chrysalis The attack has been attributed with medium confidence to the China-linked advanced persistent threat (APT) group known as Lotus Blossom (aka Billbug, Bronze Elgin, Lotus Panda, Raspberry Typhoon, Spring Dragon, and Thrip) The compromise occurred at the hosting provider level, not due to vulnerabil

Key Findings Microsoft's latest cumulative updates for Windows 11 have caused technical issues, including devices failing to enter sleep mode or shutdown correctly, often resulting in involuntary reboots. The problems have also extended to Windows 10 systems with Virtualization-Based Security (VBS/VSM) enabled. Microsoft has acknowledged the defects and is working on a comprehensive resolution for both Windows 10 and 11. As an interim mitigation, affected users are advised to

Key Findings China-based espionage group Lotus Blossom compromised the internal systems of Notepad++, a popular open-source code editor, for nearly six months starting in June 2025. The group deployed various payloads, including a custom backdoor, to selectively spy on a limited set of Notepad++ users' activities. The campaign showcased resilience and stealth tradecraft, but did not result in a mass compromise of all Notepad++ users. The attackers exploited "insufficient upda

Key Findings The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers. The attack involved an infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. The incident is assessed to

Key Findings The $100 billion investment initiative between NVIDIA and OpenAI has reached an impasse, with the partnership being placed "on ice" NVIDIA CEO Jensen Huang has privately voiced skepticism about the viability of the original pact The two entities are currently recalibrating their alliance, potentially pivoting from a complex hardware-leasing and construction framework to a more straightforward equity investment Background The ambitious scope of the original partne

Key Findings An FBI informant claimed in 2017 that Jeffrey Epstein had a "personal hacker" who was an Italian born in Calabria. The hacker, whose name was redacted, reportedly sold zero-day exploits and offensive cyber tools to several countries, including the U.S. and the U.K. He allegedly created a zero-day exploit and sold it to Hezbollah in exchange for a trunk of cash. The hacker was known for finding vulnerabilities in iOS, BlackBerry, and Firefox. He surrounded himself

Key Findings Researchers at Point Wild have discovered a new Windows malware campaign using the Pulsar RAT and Stealerv37. The malware hides in the computer's memory to steal passwords, cryptocurrency, gaming accounts, and other sensitive data. Attackers are able to interact with victims through a live chat window while the malware operates in the background. The malware uses living-off-the-land techniques to bypass detection by most antivirus programs. Background The Lat61 T

Key Findings Mandiant has identified an "expansion in threat activity" using tactics consistent with extortion-themed attacks orchestrated by the ShinyHunters hacking group The attacks leverage advanced voice phishing (vishing) and fake credential harvesting sites to gain unauthorized access to victim environments by collecting sign-on (SSO) credentials and multi-factor authentication (MFA) codes The end goal is to target cloud-based software-as-a-service (SaaS) applications

Background The RedKitten cyber campaign is suspected to be linked to Iranian state interests and is targeting non-governmental organizations (NGOs) and individuals involved in documenting recent human rights abuses in Iran. The campaign was observed by the French cybersecurity company HarfangLab in January 2026, coinciding with the nationwide unrest in Iran that began towards the end of 2025. The unrest in Iran was sparked by soaring inflation, rising food prices, and currenc