top of page

ALL POSTS

Russian-Linked GREYVIBE Hacking Group Uses AI to Target Ukraine

Key Findings Russian-linked threat actor GREYVIBE has conducted persistent cyberattacks against Ukraine and Ukrainian entities since at least August 2025 The group operates from Russian time zones and aligns with Kremlin state interests, particularly intelligence gathering related to the Russo-Ukrainian war GREYVIBE employs five distinct attack chains using spear-phishing, fake CAPTCHA pages, and fraudulent websites to deliver custom malware The group leverages generative AI

19.6 Billion Open Files Exposed on the Internet Without Password Protection

Key Findings 19.6 billion files exposed across 535,480 publicly accessible cloud storage buckets on AWS S3, Google Cloud, Azure, DigitalOcean, and Alibaba 685,047 credential and key files including .env files, private keys, and password vault databases sitting unprotected 985,645 database exports (.sql files) and 733,040 backup files (.bak) accessible without authentication Over two-thirds of exposed storage located on AWS due to its dominance as the default cloud provider No

Critical FortiClient EMS Vulnerability Exploited in Active Campaign Delivering EKZ Infostealer

Key Findings Threat actors are actively exploiting CVE-2026-35616, a critical FortiClient EMS vulnerability with a CVSS score of 9.1, to deploy credential-stealing malware across enterprise networks Attackers abuse legitimate FortiClient management pathways to push malicious PowerShell commands, evading traditional network monitoring solutions A new infostealer payload named EKZ Infostealer masquerades as vendor software updates and extracts credentials from Chrome and Firefo

Critical Security Updates: Privilege Escalation and Remote Code Execution Vulnerabilities Patched in OpenVPN Connect and Veeam

Key Findings Critical privilege escalation vulnerability (CVE-2026-9560, CVSS 9.4) in OpenVPN Connect for macOS allows local attackers to gain root access Affected versions 3.5.1 through 3.8.1 contain insecure local IPC handling in the privileged helper component Version 3.8.2 patches the vulnerability along with authentication and profile management bugs Enterprise deployments require immediate updates to secure corporate endpoints Multiple critical flaws discovered in Veeam

The CISO Whisperer's Essential Guide to Gartner's Security & Risk Management Summit 2026

Key Findings Twelve cybersecurity vendors identified as high-activity players ahead of Gartner Security & Risk Management Summit 2026 (June 1-3, National Harbor, Maryland) Market shift driven by enterprise demand for autonomous, continuous validation and remediation rather than detection alone AI serving dual role as both accelerant of threats and enabler of enterprise-scale automation Vendors clustering around security operations, exposure management, identity, compliance, a

Critical Flaw Found in Langflow AI's Architecture

Key Findings Critical vulnerability CVE-2026-7524 in Langflow OSS framework allows arbitrary file reading and remote code execution with CVSS score of 9.8 Flaw exploits symlink handling in archive extraction across Docling, Docling Serve, and Unstructured API modules Attackers can steal JWT secrets, forge authorization tokens, and execute arbitrary Python code through chatbot queries Affects versions 1.0.0 through 1.9.1; patch available in version 1.9.2 Separate critical vuln

CrowdStrike Dismantles Glassworm Botnet Targeting Open-Source Developer Supply Chain

Key Findings CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet by simultaneously taking down four command-and-control servers that powered a sophisticated supply chain attack campaign The Russia-based threat group infected over 300 GitHub repositories and compromised hundreds of open-source packages across npm, Python, and VSCode extensions since early 2025 Glassworm deployed a multi-layered resilience strategy using the Solana blockchain, BitTorrent DHT,

Link11 Expands European Operations with New Customer Excellence Hub in Lisbon

Key Findings Link11 is opening a Technical Customer Excellence Hub in Lisbon, Portugal to relocate technical support operations within the EU The hub becomes operational in Q4 2026 and will handle majority of technical support for the company's European customer base Move directly addresses tightened regulatory requirements including DORA, NIS2, and KRITIS legislation Link11 is building an in-house security engineer team rather than relying on third-party providers From Q4 20

Microsoft SharePoint's New RCE Flaw: Patch Now If You Haven't Already

Key Findings Critical remote code execution vulnerability CVE-2026-45659 identified in Microsoft SharePoint with CVSS score of 8.8 Flaw exploitable by any authenticated user with Site Member permissions or higher, requiring only network access Root cause is unsafe deserialization of untrusted data allowing arbitrary code execution on servers Security patches released for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016 Expl

Luxury and Financial Services - 586,705 breached accounts

Key Findings ShinyHunters group conducted two separate "pay or leak" extortion campaigns against major companies in early 2026 Mytheresa luxury fashion platform: 84,108 breached accounts containing emails, names, phone numbers, addresses, purchase history, and partial credit card data Ameriprise Financial: 502,597 breached accounts with emails, names, phone numbers, addresses, and employer information from Salesforce and SharePoint systems Both companies had ransom demands th

MuddyWater's DLL Side-Loading Espionage Campaign Spans 9 Countries

Key Findings MuddyWater conducted a widespread espionage campaign affecting at least nine organizations across nine countries on four continents in Q1 2026 Targets included a major South Korean electronics manufacturer, a Middle Eastern airport, Southeast Asian industrial firms, and Latin American financial services Attackers used DLL side-loading with legitimate binaries (fmapp.exe and sentinelmemoryscanner.exe) to execute malicious code while evading detection ChromElevator

Anthropic's Claude Mythos AI Uncovers 10,000+ Critical Software Vulnerabilities in First Month

Key Findings Project Glasswing, Anthropic's month-old initiative using Claude Mythos AI, uncovered over 10,000 high or critical-severity vulnerabilities in systemically important software Partner bug discovery rates increased more than tenfold, with Cloudflare identifying 2,000 bugs across critical systems Independent security evaluations confirmed over 90% validity of flagged vulnerabilities, with over 62% confirmed as high or critical severity A critical certificate forgery

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Organizations

Key Findings North Korea-linked Lazarus Group deployed RemotePE, a memory-only RAT, against financial and cryptocurrency organizations RemotePE executes entirely in memory with no filesystem artifacts, making it difficult to detect and analyze Attack chain uses two loaders (DPAPILoader and RemotePELoader) to decrypt and deploy the final payload using Windows DPAPI Malware employs advanced evasion techniques including Hell's Gate and Event Tracing for Windows (ETW) patching Re

Apache CXF and ECharts Frameworks Patch Critical Security Vulnerabilities

Key Findings Apache CXF framework patches three severe vulnerabilities including remote code execution, LDAP injection, and XXE attacks LDAP injection flaw (CVE-2026-44930) allows attackers to retrieve arbitrary certificates from internal repositories WS-Transfer XXE vulnerability (CVE-2026-44618) enables adversaries to read sensitive files and map internal networks Incomplete RCE fix (CVE-2026-44417) creates another code execution path through JMS configuration Apache EChart

Ghost CMS Vulnerability Exploited in Large-Scale ClickFix Campaign Affecting Hundreds of Sites

Key Findings Attackers are actively exploiting CVE-2026-26980, a patched SQL injection flaw in Ghost CMS, to compromise over 700 unpatched websites The vulnerability allows unauthorized access to admin API keys, enabling attackers to inject malicious JavaScript into published articles Compromised sites are being weaponized to deliver ClickFix attacks, tricking users into running malicious commands via fake CAPTCHA pages Affected organizations include universities, media outle

Netherlands Dismantles Bulletproof Hosting Network Behind Cyberattacks and Disinformation Campaign

Key Findings Dutch authorities arrested two suspects and dismantled a bulletproof hosting network operating approximately 800 servers linked to cyberattacks, disinformation, and sanctions evasion The operation, led by the FIOD financial crime agency, involved coordinated raids across multiple European countries targeting infrastructure used by sanctioned Russian and Belarusian entities The hosting service, operating under the name Stark Industries and later rebranded as THE.H

Cloud Under Siege: P2Pinfect Botnet Threats Targeting Kubernetes Infrastructure

Key Findings FortiGuard Labs identified persistent P2Pinfect botnet activity within Google Kubernetes Engine clusters targeting multiple enterprise clients One network compromise persisted for six months, demonstrating advanced operational dedication Initial infections originated from exposed Redis instances requiring no complex exploitation, only basic misconfigurations P2Pinfect uses peer-to-peer mesh architecture written in Rust, eliminating single points of failure and de

Critical RCE Vulnerabilities in Backup and CMS Infrastructure: Unauthenticated Exploits in Kopia and TYPO3

Key Findings Critical unauthenticated remote code execution flaw in Kopia backup server HTTP implementation tracked as CVE-2026-45695 with CVSS score of 9.8 Vulnerability stems from improper command argument parsing in SSH backend handling without input validation or quote handling Attack exploits SSH ProxyCommand injection via the /api/v1/repo/exists endpoint when server runs with --without-password flag Requires only single HTTP request with no user interaction to achieve f

Supply Chain Attack: 700+ Laravel Lang Versions Infected with RCE Backdoor

Key Findings Over 700 historical versions of laravel-lang localization packages compromised with RCE backdoors across multiple repositories Attack occurred May 22-23, 2026 with automated mass tag publishing seconds apart, indicating infrastructure-level breach Malicious code executes automatically via composer autoload.files on every PHP request in affected applications Second-stage payload deploys 17 specialized credential collectors targeting cloud keys, Kubernetes tokens,

Cloud Atlas: Upcoming Operations, New Tools, and Payload Deployments (2025-2026)

Key Findings Cloud Atlas, active since 2014, conducted pervasive SSH tunnel operations affecting government and commercial organizations in Russia and Belarus throughout late 2025 and into 2026 The group introduced new tools and malicious payloads, including VBCloud and PowerShower backdoors Primary infection vector remains phishing with ZIP archives containing malicious LNK shortcuts that execute PowerShell scripts Multi-stage attack chain includes persistence mechanisms, de

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page