ALL POSTS

Key Findings Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed "graphalgo" in reference to the first package published in the npm registry, and it's assessed to be active since May 2025. The campaign includes a well-orchestrated story around a company i

Key Findings North Korea-linked threat actor UNC2970 used Google's Gemini AI model to conduct reconnaissance on its targets, including searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information. Other state-backed hacking groups, including UNC6418 (unattributed), Temp.HEX or Mustang Panda (China), APT31 or Judgement Panda (China), APT41 (China), UNC795 (China), and APT42 (Iran), have also integrated G

Key Findings Apple released emergency updates for iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to address an actively exploited zero-day vulnerability (CVE-2026-20700) The vulnerability is a memory corruption issue in Apple's Dynamic Link Editor (dyld) that could allow attackers to execute arbitrary code The flaw was discovered and reported by Google's Threat Analysis Group, suggesting it may have been used in sophisticated nation-state or commercial spyware attacks Apple

Key Findings: A critical vulnerability in MongoDB allows unauthenticated attackers to crash database servers The flaw, tracked as CVE-2022-29464, has a CVSS score of 8.7 and can lead to Denial of Service (DoS) conditions The vulnerability is caused by a memory exhaustion issue that can be triggered without any authentication Background MongoDB is a popular open-source NoSQL database management system that is widely adopted by organizations for its flexibility and scalability.

Key Findings North Korea-linked threat actor UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive victims UNC1069 has a history of conducting social engineering campaigns for financial gain using fake meeting invites and posing as investors from reput

Key Findings GitGuardian, a leading secrets and Non-Human Identity (NHI) security platform, has raised $50 million in a Series C funding round. The funding round was led by global software investor Insight Partners, alongside Quadrille Capital and existing investors. The investment will fuel GitGuardian's expansion in secrets and AI agent security as organizations grapple with exponential growth in non-human identities. Background GitGuardian is the #1 app on the GitHub Marke

Key Findings Microsoft released security updates to address 59 vulnerabilities, including 6 that are actively being exploited in the wild. Of the 59 flaws, 5 are rated Critical, 52 are rated Important, and 2 are rated Moderate in severity. 25 of the patched vulnerabilities are privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). The 6 actively e

Key Findings China-nexus cyber espionage group UNC3886 targeted Singapore's telecommunications sector in a deliberate, targeted, and well-planned campaign All four of Singapore's major telecom operators - M1, SIMBA Telecom, Singtel, and StarHub - were targeted by UNC3886 UNC3886 used sophisticated tools, including a zero-day exploit to bypass a perimeter firewall, and deployed rootkits to establish persistent access and conceal their activities Background UNC3886 is an advanc

Key Findings Criminal IP (criminalip.io) integrates with IBM QRadar SIEM and QRadar SOAR to deliver real-time threat intelligence. The integration brings external, IP-based threat intelligence into QRadar's detection, investigation, and response workflows. This enables security teams to identify malicious activity faster and prioritize response actions more effectively. Background IBM QRadar is a widely adopted SIEM and SOAR platform used by enterprises and public-sector orga

Key Findings Critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products Tracked as CVE-2026-1731 with a CVSS score of 9.9 Allows unauthenticated remote attackers to execute OS commands and compromise systems Affects RS versions 25.3.1 and prior, and PRA versions 24.3.4 and prior Patches available in RS v25.3.2+ and PRA v25.1.1+ Customers with older versions (RS <21.3, PRA <22.1) must upgrade b

Firefox Will Give Users an AI Kill Switch for Better Privacy Key Findings: Mozilla is releasing Firefox 148 on February 24, 2026, which introduces a dedicated AI controls section in the desktop settings. This includes a "global kill switch" that allows users to opt out of AI features entirely by flipping a single toggle. Turning off AI features stops the browser from sending data to external companies for processing through API calls. Users can also customize which AI tools t

Key Findings: German security agencies BfV and BSI have issued a joint advisory warning of a malicious cyber campaign targeting high-ranking individuals in politics, military, diplomacy, and investigative journalism in Germany and Europe. The campaign involves phishing attacks over the Signal messaging app, aiming to gain unauthorized access to victims' accounts and compromise their confidential communications. The attacks do not involve malware or technical vulnerabilities,

Key Findings The AISURU/Kimwolf botnet hit a record-breaking 31.4 Tbps DDoS attack that lasted just 35 seconds in November 2025. Cloudflare automatically detected and blocked the attack as part of a surge in hyper-volumetric HTTP DDoS attacks observed in late 2025. The number and size of DDoS attacks increased significantly in 2025, with a 40% rise in hyper-volumetric attacks in Q4 2025 compared to the previous quarter. The largest attacks targeted Cloudflare customers in the

Key Findings IBM has disclosed a critical vulnerability, CVE-2025-13375, in its Common Cryptographic Architecture (CCA) software with a CVSS score of 9.8. The flaw allows unauthenticated attackers to execute arbitrary commands with elevated privileges on the system, exposing the IBM Hardware Security Modules (HSMs). The vulnerability affects specific versions of the CCA software running on IBM's 4769 and 4770 cryptographic coprocessors, as well as the IBM i platform. The impa

Key Findings CISA has issued a binding operational directive ordering federal civilian executive branch (FCEB) agencies to stop using "edge devices" like firewalls and routers that their manufacturers no longer support. The directive aims to tackle a persistent attack vector that has factored into major and common cyber exploits in recent years. Unsupported edge devices pose serious risks as they are vulnerable to newly discovered and unpatched flaws that can provide hackers

Key Findings The Aisuru/Kimwolf botnet launched a record-setting DDoS attack that peaked at 31.4 Tbps and 200 million requests per second. The attack was part of a broader campaign targeting multiple organizations, primarily in the telecommunications and IT sectors. Cloudflare automatically detected and mitigated the attack, which they dubbed "The Night Before Christmas" due to its timing in late December 2025. The Aisuru/Kimwolf botnet is a large-scale network of malware-inf

Key Findings: Microsoft warns that info-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments. Attackers are leveraging cross-platform languages like Python and abusing trusted platforms to distribute infostealer malware at scale. Background Since late 2025, Microsoft has observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix-style prompts and malicious DMG installers. These campaigns deploy macO

Key Findings Notepad++ update infrastructure was compromised from June to December 2025 Attackers rotated C2 server addresses, downloaders, and final payloads over 4 months Attacks targeted individuals, government, financial, and IT organizations in various countries Kaspersky solutions were able to block the identified attacks as they occurred Background On February 2, 2026, the developers of Notepad++, a popular text editor among developers, published a statement claiming t

Key Findings Threat actors have been observed exploiting a critical security flaw, CVE-2025-11953, impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. The vulnerability, also known as "Metro4Shell," allows remote unauthenticated attackers to execute arbitrary operating system commands on the underlying host. VulnCheck, a cybersecurity company, first observed the exploitation of this flaw on December 21, 2025, with a CVSS score of 9

Key Findings China-based espionage group Lotus Blossom compromised the internal systems of Notepad++, a popular open-source code editor, for nearly six months starting in June 2025. The group deployed various payloads, including a custom backdoor, to selectively spy on a limited set of Notepad++ users' activities. The campaign showcased resilience and stealth tradecraft, but did not result in a mass compromise of all Notepad++ users. The attackers exploited "insufficient upda