ALL POSTS

Key Findings A critical SQL injection vulnerability (CVE-2026-21643) with a CVSS score of 9.1 has been discovered in Fortinet's FortiClient Enterprise Management Server (EMS) The flaw allows unauthenticated remote code execution, enabling attackers to take full control of the management server without any credentials The vulnerability is caused by improper sanitization of user input, allowing malicious SQL commands to be injected and executed The vulnerability affects FortiCl

Key Findings Critical vulnerability (CVE-2026-1868) discovered in GitLab self-hosted AI Gateway with a CVSS score of 9.9 Flaw allows attackers to execute arbitrary code or trigger a Denial of Service on affected systems The vulnerability is caused by improper sanitization of user-supplied templates in the Duo Workflow Service Affects versions 18.1.6, 18.2.6, and 18.3.1 of the GitLab AI Gateway Patched versions 18.6.2, 18.7.1, and 18.8.1 have been released to address the issue

Key Findings DKnife is a Linux-based toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks The toolkit is designed for deep packet inspection, traffic manipulation, credential harvesting, and malware delivery DKnife has been linked to China-nexus threat actors with high confidence The toolkit targets Chinese-speaking users, stealing credentials from Chinese services and popular Chinese apps DKnife hijacks software downloads and Androi

Firefox Will Give Users an AI Kill Switch for Better Privacy Key Findings: Mozilla is releasing Firefox 148 on February 24, 2026, which introduces a dedicated AI controls section in the desktop settings. This includes a "global kill switch" that allows users to opt out of AI features entirely by flipping a single toggle. Turning off AI features stops the browser from sending data to external companies for processing through API calls. Users can also customize which AI tools t

Key Findings On February 6, 2026, South Korean cryptocurrency exchange Bithumb accidentally credited 620,000 bitcoins (worth around $40 billion) to 695 customer accounts instead of the small rewards (worth around $1.40) they were supposed to receive. The error occurred due to a system configuration mistake during a promotional event, where the payment unit was mistakenly set as "BTC" instead of "Korean won". Bithumb was able to recover 99.7% of the mistakenly distributed bitc

Key Findings: German security agencies BfV and BSI have issued a joint advisory warning of a malicious cyber campaign targeting high-ranking individuals in politics, military, diplomacy, and investigative journalism in Germany and Europe. The campaign involves phishing attacks over the Signal messaging app, aiming to gain unauthorized access to victims' accounts and compromise their confidential communications. The attacks do not involve malware or technical vulnerabilities,

Key Findings DKnife is a gateway-monitoring and adversary-in-the-middle (AitM) framework operated by China-nexus threat actors since at least 2019 It comprises seven Linux-based implants designed for deep packet inspection, traffic manipulation, and malware delivery via routers and edge devices The framework's primary targets appear to be Chinese-speaking users, based on the presence of credential harvesting phishing pages for Chinese email services and exfiltration modules f

Key Findings The AISURU/Kimwolf botnet hit a record-breaking 31.4 Tbps DDoS attack that lasted just 35 seconds in November 2025. Cloudflare automatically detected and blocked the attack as part of a surge in hyper-volumetric HTTP DDoS attacks observed in late 2025. The number and size of DDoS attacks increased significantly in 2025, with a 40% rise in hyper-volumetric attacks in Q4 2025 compared to the previous quarter. The largest attacks targeted Cloudflare customers in the

Key Findings IBM has disclosed a critical vulnerability, CVE-2025-13375, in its Common Cryptographic Architecture (CCA) software with a CVSS score of 9.8. The flaw allows unauthenticated attackers to execute arbitrary commands with elevated privileges on the system, exposing the IBM Hardware Security Modules (HSMs). The vulnerability affects specific versions of the CCA software running on IBM's 4769 and 4770 cryptographic coprocessors, as well as the IBM i platform. The impa

Key Findings CISA has issued a binding operational directive ordering federal civilian executive branch (FCEB) agencies to stop using "edge devices" like firewalls and routers that their manufacturers no longer support. The directive aims to tackle a persistent attack vector that has factored into major and common cyber exploits in recent years. Unsupported edge devices pose serious risks as they are vulnerable to newly discovered and unpatched flaws that can provide hackers

Key Findings Anthropic's latest AI model, Claude Opus 4.6, has found over 500 previously unknown high-severity security flaws in major open-source libraries like Ghostscript, OpenSC, and CGIF. The model was able to identify vulnerabilities by parsing commit histories, spotting dangerous functions, and understanding complex algorithmic concepts. Anthropic says Opus 4.6 can "read and reason about code the way a human researcher would", enabling it to find vulnerabilities that t

Key Findings The Aisuru/Kimwolf botnet launched a record-setting DDoS attack that peaked at 31.4 Tbps and 200 million requests per second. The attack was part of a broader campaign targeting multiple organizations, primarily in the telecommunications and IT sectors. Cloudflare automatically detected and mitigated the attack, which they dubbed "The Night Before Christmas" due to its timing in late December 2025. The Aisuru/Kimwolf botnet is a large-scale network of malware-inf

Key Findings Cisco has released urgent updates to address critical vulnerabilities in Cisco Meeting Management and Cisco TelePresence Collaboration Endpoint (CE) Software The vulnerabilities could allow attackers to seize control of meeting management systems or crash communication endpoints The most severe flaw, CVE-2026-20098, carries a high CVSS score of 8.8 and allows remote attackers to execute arbitrary commands with root privileges Background Cisco Meeting Management i

Key Findings Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. The activity cluster, tracked by Check Point Research under the moniker "Amaranth-Dragon," shares links to the APT 41 ecosystem. Targeted countries include Cambodia, Thailand, Laos, Indonesia, Singapore, and the Philippines. The campaigns were timed to coincide with sensitive

Key Findings: Microsoft warns that info-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments. Attackers are leveraging cross-platform languages like Python and abusing trusted platforms to distribute infostealer malware at scale. Background Since late 2025, Microsoft has observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix-style prompts and malicious DMG installers. These campaigns deploy macO

Key Findings MomentProof, Inc. has successfully deployed its patented digital asset certification and verification technology, MomentProof Enterprise, for insurance provider AXA. The technology enables cryptographically authentic and tamper-proof digital assets, including images, videos, and voice recordings, to be used in insurance claims processing. MomentProof's solution ensures claims evidence is protected against AI-based manipulation, deepfakes, and other digital altera

Key Findings One Identity, a leader in unified identity security, has appointed Gihan Munasinghe as Chief Technology Officer. Munasinghe brings over 15 years of experience leading global engineering organizations and delivering large-scale, customer-centric software platforms. In this role, he will lead the engineering organization and set technology strategy, prioritizing innovation to best serve customers. Prior to One Identity, Munasinghe held senior leadership roles at se

Key Findings Notepad++ update infrastructure was compromised from June to December 2025 Attackers rotated C2 server addresses, downloaders, and final payloads over 4 months Attacks targeted individuals, government, financial, and IT organizations in various countries Kaspersky solutions were able to block the identified attacks as they occurred Background On February 2, 2026, the developers of Notepad++, a popular text editor among developers, published a statement claiming t

Key Findings Threat actors have been observed exploiting a critical security flaw, CVE-2025-11953, impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. The vulnerability, also known as "Metro4Shell," allows remote unauthenticated attackers to execute arbitrary operating system commands on the underlying host. VulnCheck, a cybersecurity company, first observed the exploitation of this flaw on December 21, 2025, with a CVSS score of 9

Key Findings The notorious Russia-linked threat group APT28 (also known as Fancy Bear) has launched a new campaign dubbed "Operation Neusploit" targeting Central and Eastern Europe. The campaign leverages a recently patched Microsoft Office vulnerability, CVE-2026-21509, to deliver custom backdoors against strategic targets in Ukraine, Slovakia, and Romania. The attack uses specially crafted RTF documents as the initial vector, exploiting the vulnerability to initiate a multi