ALL POSTS

Key Findings * Critical remote code execution vulnerability in Langflow (CVE-2026-33017) * CVSS score: 9.3 * Exploited within 20 hours of advisory publication * Allows unauthenticated remote code execution via API endpoint * Affects all Langflow versions prior to 1.8.1 * Attackers can execute arbitrary Python code with full server privileges * Observed exploitation includes credential harvesting and potential supply chain compromise Background Langflow, an open-source AI plat

Key Findings * Trivy GitHub Actions repositories compromised for second time in a month * 75 out of 76 version tags force-pushed with malicious payload * Attacker aims to steal CI/CD secrets including cloud credentials, cryptocurrency wallets * Likely perpetrated by TeamPCP threat actor group * Compromise stems from incomplete mitigation of previous security incident Background The Trivy vulnerability scanner, maintained by Aqua Security, has experienced a significant securit

Key Findings Justice Department disrupted four botnets affecting 3 million devices Botnets responsible for over 300,000 DDoS attacks Infected devices include digital video recorders, web cameras, Wi-Fi routers, and TV boxes Operation involved international cooperation with Canada and Germany Botnets used for various cybercrime activities including extortion Background The Justice Department conducted a major cybersecurity operation targeting four significant botnets: Aisuru,

Key Findings * Coruna and DarkSword exploit kits target outdated iOS versions * Apple warns users to update iOS to prevent data theft * Exploit kits can compromise iPhones through malicious web content * Devices running latest iOS versions are protected * Multiple threat actors are utilizing these exploit techniques Background Apple has identified significant security vulnerabilities in older iOS versions that can be exploited by sophisticated web-based attack frameworks. The

Key Findings DarkSword is a sophisticated iOS exploit kit targeting devices running iOS 18.4-18.7 Developed by UNC6353, likely a Russia-linked group Exploits six vulnerabilities, including three zero-days Enables full device compromise with minimal user interaction Targets sensitive data, including credentials and crypto wallet information Operates in a "hit-and-run" approach, exfiltrating data quickly and then cleaning traces Background DarkSword emerged in late 2025 as a po

Key Findings DoJ disrupted command-and-control infrastructure for 4 IoT botnets Botnets infected approximately 3 million devices worldwide Attacks measured up to 31.4 Tbps, causing potential massive internet disruption Botnets launched hundreds of thousands of DDoS attack commands Potential suspects include a 23-year-old Canadian and a 15-year-old German Multiple international law enforcement agencies and tech companies collaborated on the operation Background The botnet disr

Key Findings * 54 endpoint detection and response (EDR) killer tools detected * 34 unique signed vulnerable drivers exploited * Technique known as Bring Your Own Vulnerable Driver (BYOVD) widely used * Primarily targeting ransomware defense evasion * Three main categories of threat actors develop these tools * Kernel-mode privilege escalation is primary attack mechanism Background Endpoint detection and response (EDR) killer tools have emerged as a critical threat in modern c

Here's the article in the requested format: Key Findings * Malicious Windsurf IDE extension targeting software developers * Uses Solana blockchain to retrieve encrypted malware instructions * Selectively avoids targeting systems with Russian connections * Steals passwords and browser session cookies * Creates persistent hidden task for continued system access Background A new cybersecurity threat has emerged targeting software developers through a sophisticated malware campai

Key Findings CISA added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog Vulnerabilities affect Microsoft SharePoint and Zimbra Collaboration Suite Federal agencies required to patch these vulnerabilities by specific deadlines One vulnerability allows remote code execution, the other enables cross-site scripting Background The U.S. Cybersecurity and Infrastructure Security Agency (CISA) continues its proactive approach to identifying and addressing

Key Findings * Interlock ransomware group exploited CVE-2026-20131 in Cisco FMC 36 days before public disclosure * Zero-day vulnerability allows unauthenticated remote code execution with root privileges * Amazon Threat Intelligence discovered exploitation using global honeypot network * Attackers used sophisticated multi-stage attack with custom tools and evasion techniques * Targeted sectors include education, healthcare, industry, and government Background The Interlock ra

Key Findings * New .NET AOT malware campaign discovered by Howler Cell researchers * Uses Ahead-of-Time (AOT) compilation to evade standard security detection * Multi-stage attack with sophisticated evasion techniques * Targets individual systems through phishing emails * Employs complex scoring system to determine victim validity Background The emergence of this malware represents a sophisticated evolution in cyberthreat techniques. Traditional malware detection relies on an

Key Findings * Critical unauthenticated remote code execution vulnerability in GNU InetUtils telnetd * CVE-2026-32746 with CVSS score of 9.8 * Affects all versions through 2.7 * Exploitable by sending crafted message during initial connection handshake * No authentication required to trigger vulnerability * Potential for complete system compromise Background The vulnerability was discovered by Israeli cybersecurity company Dream on March 11, 2026. It impacts the GNU InetUtils

Key Findings * Ubuntu Desktop 24.04+ vulnerable to high-severity root privilege escalation (CVE-2026-3888) * CVSS score of 7.8 indicates critical security risk * Exploit involves timing manipulation of systemd-tmpfiles and snap-confine * Attack requires local access with 10-30 day window of opportunity * Potential for complete system compromise * Affects multiple Ubuntu versions and upstream snapd releases Background The vulnerability stems from an interaction between two cor

Key Findings * RondoDox botnet targeting 174 different vulnerabilities between May 2025 and February 2026 * Daily exploit attempts peaked at 49, stabilized around 40, then sharply declined in early 2026 * Nearly half of exploited flaws used only once, indicating rapid testing and selection * Quickly adopts newly disclosed vulnerabilities, sometimes within weeks * Targets diverse device types including routers, DVRs, NVRs, CCTV systems, and web servers * Demonstrates inconsist

Key Findings • 29 million new secrets leaked on GitHub in 2025 • 81% increase in AI service credential leaks • Public GitHub commits increased 43% year-over-year • Secret leak rates in AI-assisted code are 2× baseline • Internal repositories 6× more likely to contain hardcoded secrets Background The year 2025 marked a transformative period in software development, characterized by unprecedented AI adoption and acceleration of software creation workflows. GitGuardian's annual

Key Findings * Amazon Bedrock AgentCore Code Interpreter enables DNS-based data exfiltration and RCE * LangSmith vulnerable to token theft via URL parameter injection (CVE-2026-25750) * Sandbox mode in AI services can be exploited to bypass network isolation * Potential for unauthorized data access and command execution across multiple platforms Background BeyondTrust cybersecurity researchers discovered critical vulnerabilities in AI execution environments that compromise ne

Key Findings * Researchers discovered a vulnerability in AWS Bedrock AgentCore Code Interpreter * DNS queries can be exploited to leak sensitive data from supposedly isolated AI systems * Vulnerability received a high-risk severity score of 7.5/10 * AWS responded by updating documentation instead of creating a full patch * Potential risks include data breaches and infrastructure compromise Background AWS Bedrock is a platform for building AI applications, with the AgentCore C

Key Findings * GlassWorm malware campaign targeting Python repositories * Attackers use stolen GitHub tokens to force-push malicious code * Targets Python projects including Django apps, ML code, and PyPI packages * Earliest injections traced to March 8, 2026 * Uses a new offshoot called "ForceMemo" * Leverages malicious VS Code and Cursor extensions to steal credentials * Payload includes cryptocurrency theft and data exfiltration capabilities Background The GlassWorm attack

Key Findings * Russia-linked APT group targets Ukrainian organizations using DRILLAPP backdoor * Utilizes Microsoft Edge debugging to evade detection * Two campaign variants observed in February 2026 * Capability to access file systems, microphone, camera, and screen recordings * Linked to Laundry Bear (UAC-0190/Void Blizzard) APT group Background The DRILLAPP backdoor campaign represents a sophisticated cyber espionage effort targeting Ukrainian entities. Attributed to a Rus

Key Findings * FBI investigating malware spread through eight Steam games * Timeframe of infection: May 2024 to January 2026 * Games include BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova * Investigation focuses on cryptocurrency theft and account hijacking * Victims invited to voluntarily provide information to aid investigation Background The FBI's Seattle Division has launched a comprehensive investigation into malicious Steam games that ha