ALL POSTS

Key Findings Threat actors have been actively exploiting a previously unknown zero-day vulnerability in Adobe Reader since at least November 2025 Malicious PDF documents named with invoice-themed filenames use Russian language lures related to oil and gas industry issues to trick victims into opening them The exploit automatically executes obfuscated JavaScript upon opening to harvest sensitive data and receive additional malicious payloads The vulnerability allows execution

Key Findings Apple expanded iOS 18.7.7 availability on April 1, 2026 to protect users from the DarkSword exploit kit, which targets iOS versions 18.4 through 18.7 The update now covers iPhone XR through iPhone 16e and multiple iPad models, allowing users to patch vulnerabilities without upgrading to iOS 26 DarkSword spreads through watering hole attacks on compromised legitimate websites and can deploy backdoors and data miners for persistent access Approximately 20% of users

Key Findings Russian state-sponsored threat group TA446 (also known as Callisto, COLDRIVER, Star Blizzard) deployed the DarkSword iOS exploit kit in targeted spear-phishing campaign on March 26, 2026 Campaign used fake Atlantic Council "discussion invitation" emails to deliver GHOSTBLADE dataminer malware to iOS devices High-profile target included Leonid Volkov, Russian opposition politician and Anti-Corruption Foundation political director First observed use of DarkSword by

Key Findings Researchers from Google Project Zero have discovered a comprehensive "zero-click" exploit chain targeting the Google Pixel 9 smartphone. The exploit chain spans from remote code execution during media decoding to the ultimate compromise of the kernel. The vulnerabilities were patched in the security updates released on January 5, 2026. Background The pivotal shift in recent years lies in the propensity of "intelligent" smartphone features to preemptively analyze

Key Findings A critical vulnerability, tracked as CVE-2025-14847, has been discovered in MongoDB, a popular open-source database system. The flaw, dubbed "MongoBleed," allows remote, unauthenticated attackers to read sensitive contents from the server's memory (heap), potentially exposing internal states and pointers. The vulnerability lies in how MongoDB handles Zlib compressed protocol headers, where the server blindly trusts the length claimed by a client, even when it doe

Key Findings: A high-severity unpatched security vulnerability in Gogs (CVE-2025-8110) with a CVSS score of 8.7 is under active exploitation, affecting over 700 compromised instances accessible online. The vulnerability allows for file overwrite in the file update API, enabling an attacker to achieve arbitrary code execution through a four-step process. The malware deployed in the attacks is a payload based on Supershell, an open-source command-and-control (C2) framework ofte

Key Findings A critical vulnerability, tracked as CVE-2025-11001, has been discovered in the popular file-compression tool 7-Zip. The flaw, which is a Directory Traversal Remote Code Execution (RCE) vulnerability, has a public exploit available. The vulnerability poses a high-risk warning from the UK's NHS England Digital, though active exploitation has not been observed yet. The issue was discovered by researchers at GMO Flatt Security Inc. and revealed by Trend Micro's Zero

Key Findings A recently disclosed security vulnerability in 7-Zip, CVE-2025-11001 (CVSS score: 7.0), is being actively exploited in the wild. The vulnerability allows remote attackers to execute arbitrary code by exploiting improper handling of symbolic links in ZIP files. Proof-of-concept (PoC) exploits for the flaw have been publicly released, making it essential for 7-Zip users to update to the patched version 25.00 as soon as possible. The vulnerability can only be exploi

Key Findings A critical vulnerability in Fortinet's FortiWeb Web Application Firewall (WAF) product allows unauthenticated attackers to gain administrative-level access. The flaw has been observed actively exploited in the wild since October 2025. A public Proof-of-Concept (PoC) exploit exists, raising the likelihood of widespread exploitation. Organizations using vulnerable versions of FortiWeb are advised to take emergency remediation steps. Background On October 6, 2025, c

Key Findings Researchers discovered a previously unknown Android spyware family dubbed LANDFALL, which leveraged a zero-day vulnerability (CVE-2025-21042) in Samsung's image processing library to compromise Galaxy devices. The campaign, active since mid-2024, appears to have targeted users in the Middle East, with the spyware embedded inside malicious DNG image files sent through WhatsApp. The exploit relies on malformed DNG (Digital Negative) image files, exploiting a flaw i