ALL POSTS

Key Findings Researchers at watchTowr Labs have discovered a critical vulnerability in SmarterMail, tracked as WT-2026-0001, that allows unauthenticated attackers to hijack administrative accounts and achieve full Remote Code Execution (RCE). The vulnerability lies within the force-reset-password API endpoint, which fails to implement proper security checks for system administrators. Attackers can simply send a JSON request with IsSysAdmin set to true, the target username, an

Key Findings 64% of third-party applications access sensitive data without legitimate business justification, up from 51% last year - a 25% year-over-year spike. Malicious web activity across critical public-sector infrastructure surged dramatically, with government websites seeing a rise from 2% to 12.9%, and 1 in 7 Education websites now showing active compromise, quadrupling year-over-year. Widely used third-party tools like Google Tag Manager (8%), Shopify (5%), and Faceb

Key Findings VoidLink is a sophisticated Linux malware framework, built largely by a single developer with assistance from an artificial intelligence (AI) model. The malware reached over 88,000 lines of code in a short timeframe, showcasing the efficiency enabled by AI-driven development. Operational security failures by the developer exposed development artifacts, providing clear evidence that VoidLink was produced predominantly through AI-driven processes. VoidLink includes

Key Findings GitLab has released urgent security updates to address several high-severity vulnerabilities, including a critical two-factor authentication (2FA) bypass flaw and multiple denial-of-service (DoS) issues. The 2FA bypass vulnerability (CVE-2026-0723) could allow an attacker to bypass the authentication mechanism designed to protect accounts, potentially leading to account takeovers. The DoS vulnerabilities affect various GitLab components, including the Jira Connec

Key Findings Attackers are impersonating LastPass in an active phishing campaign that aims to steal users' master passwords. The phishing emails claim there is urgent LastPass maintenance and urge users to back up their password vaults within 24 hours. The malicious emails use subject lines referencing infrastructure updates, vault security, and missed deadlines to trick victims. The phishing links lead to an Amazon S3–hosted page that redirects to a fake LastPass site design

Key Findings North Korean threat actors associated with the "Contagious Interview" campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The attack involves instructing targets to clone a repository on GitHub, GitLab, or Bitbucket, and launch the project in VS Code as part of a supposed job assessment. The malicious VS Code task configuration files are used to execute payloads, incl

Key Findings 224% return on investment (ROI) over three years $3.8 million net present value (NPV) based on quantified benefits versus costs >25% reduction in overall risk of security breaches Zero breaches reported by interviewed organizations after deploying Airlock Digital Significant operational efficiencies with reduced administrative overhead Background As cyberattacks continue to grow in scale and sophistication, more organizations are turning to application control an

Key Findings Cybersecurity researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer malware. By exploiting the flaw, researchers were able to collect system fingerprints, monitor active sessions, and steal cookies from the infrastructure designed for cookie theft. StealC is a malware-as-a-service (MaaS) offering that emerged in January 2023, leveraging YouTube as a primary distribution

Key Findings: Cybersecurity researchers at Miggo Security have disclosed a security vulnerability in Google Gemini that allows unauthorized access to users' private calendar data. The vulnerability, dubbed "Indirect Prompt Injection," enables threat actors to craft malicious calendar invites that can bypass Google Calendar's privacy controls. When a user asks Gemini a seemingly innocent question about their schedule, the AI chatbot is tricked into parsing the malicious prompt

Key Findings GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. GootLoader runs on an access-as-a-service model and has been known to deliver threats like SunCrypt, REvil, Kronos, and Cobalt Strike. The ZIP file is intentionally broken so many security and analysis tools can't open it, but Windows can, helping the malware avoid detectio

Key Findings A vulnerability in the AWS Console supply chain, dubbed "CodeBreach," could have allowed attackers to seize control of critical AWS infrastructure. The flaw stemmed from a seemingly minor misconfiguration in a regular expression (regex) used to filter pull requests in AWS CodeBuild pipelines. The lack of "start ^ and end $ anchors" in the regex pattern enabled malicious actors to bypass the filter and trigger privileged builds. Wiz researchers were able to exploi

Key Findings OpenAI is launching a new $8 per month "ChatGPT Go" subscription tier, aimed at bridging the gap between free users and the $20 "Plus" tier. The most controversial aspect is the introduction of integrated advertising in both the free and Go tiers, a first for OpenAI. OpenAI is defending the ads as necessary to keep ChatGPT affordable and accessible, but privacy and cybersecurity experts are raising concerns. The company promises "answer independence" and user pri

Key Findings A China-linked APT group, tracked as UAT-8837, has been targeting critical infrastructure sectors in North America since at least 2025. The threat actor has recently exploited a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS 9.0) to gain initial access to target networks. After obtaining a foothold, UAT-8837 deploys a range of open-source tools to harvest sensitive information, including credentials, security configurations, and Active Director

Key Findings AI-enhanced malware is making malware even more difficult to detect AI is used by adversaries to assess, adapt, and move faster than any cyber stack can keep up The industry is trapped in a futile chase, piling on detection tools and adding AI enhancements that still fail to close the foundational gap Enterprises now face an overwhelming flood of alerts, with many organizations reportedly beginning to limit the amount of data they ingest Background AppGuard has r

Key Findings and Insights Preparedness is dangerously low: While 77% of CISOs see third-party risk as a major threat, only 21% have tested crisis response plans in place. Most organizations are blind to vendors: Although 60% report rising third-party breaches, just 41% monitor risk beyond direct suppliers. Shadow AI is creating new attack paths: Despite rapid AI adoption, only 22% of CISOs have formal vetting processes, leaving unmanaged third-party AI tools embedded in core

Key Findings: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw impacting Gogs, a lightweight, open-source, self-hosted Git service, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110, has a CVSS score of 8.7 and is a path traversal issue in the PutContents API that allows for local execution of code. The flaw is a bypass for a previously patched remote code execution (RCE) vulnerability, CVE-2024-

Key Findings A critical vulnerability (CVE-2025-12420) has been discovered in the ServiceNow AI Platform, allowing unauthenticated attackers to impersonate legitimate users. The vulnerability has a severity score of 9.3 out of 10 and poses a significant risk of privilege escalation. ServiceNow has released security updates to address the flaw, but self-hosted customers and partners need to take immediate action. Background The vulnerability, dubbed CVE-2025-12420, is a failur

Here is the article with the key findings in bullet point format, the background as the first major point, and the headers formatted with ##: Key Findings Threat actors uploaded 8 malicious packages on the npm registry masquerading as n8n workflow automation integrations to steal OAuth credentials One such package, "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit", mimicked a Google Ads integration and prompted users to link their advertising account to siphon the credentials This atta

Here is an article in the requested format: Key Findings Cybersecurity researchers have uncovered two service providers that supply online criminal networks with tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy. Since 2016, Chinese-speaking criminal groups have established industrial-scale scam centers across Southeast Asia, creating special economic zones devoted to fraudulent investment and impersonation operations. These compounds host thous

Key Findings: A massive data breach has exposed the personal information of about 17.5 million Instagram users. The exposed data includes usernames, physical addresses, phone numbers, and email addresses. Cybercriminals have stolen this sensitive information and are selling it in batches on dark web forums. Affected users have reported receiving password reset emails, raising concerns about ongoing phishing attempts. Security experts warn this breach poses serious privacy and