Stay ahead of emerging threats with expert analysis from 84+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week: Russian CTRL toolkit using named pipes for stealth persistence, Iran's Handala group breaching FBI Director email and deploying wiper malware, and critical LangChain/LangGraph AI stack vulnerabilities putting enterprise AI deployments at risk.
Security researchers discovered 36 malicious npm packages impersonating Strapi CMS plugins. The packages exploit Redis and PostgreSQL databases, deploy reverse shells, harvest credentials, and target cryptocurrency platforms with hard-coded database credentials.
Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Chrome's Dawn WebGPU implementation that is being actively exploited in the wild. This marks the fourth Chrome zero-day of 2026, and CISA has already added it to the Known Exploited Vulnerabilities catalog.
Read moreCensys researchers discovered CTRL, a previously undocumented Russian remote access toolkit that uses named pipes and RDP tunneling to evade network detection. The sophisticated framework demonstrates deliberate operational security designed to slip past security monitoring.
Read moreOver 340 organizations across five countries compromised in aggressive device code phishing campaign exploiting OAuth device authorization flow. Attackers harvest tokens that survive password resets using PhaaS platform EvilTokens.
Read moreU.S. authorities dismantled four IoT botnets (AISURU, Kimwolf, JackSkid, Mossad) responsible for the largest DDoS attacks ever recorded. Over 3 million enslaved devices generated attacks exceeding 31 Tbps.
Read moreOver 2,000 Kubernetes clusters compromised through RBAC misconfigurations. Attackers deploy cryptominers via default service accounts. Check your clusters now.
Read moreGoogle patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 sandbox escape), both CVSS 8.8 and actively exploited. CISA added to KEV with March 27 deadline. Update to Chrome 146.0.7680.75/76.
Read moreTwo Chrome Featured extensions, QuickLens and ShotBird, turned malicious after ownership transfer. Attackers stripped security headers, injected C2 payloads via 1x1 pixel images, and deployed ClickFix-style attacks for full endpoint compromise. Extension supply chain attacks are accelerating.
Read moreAkamai confirmed APT28 exploited CVE-2026-21513 (CVSS 8.8) in Windows MSHTML before Microsoft's February patch. The attack uses crafted LNK files to bypass Mark-of-the-Web and IE Enhanced Security via ShellExecuteExW invocation. Samples linked to APT28 infrastructure appeared on VirusTotal two weeks before the fix.
Read moreShadowserver reports 900+ Sangoma FreePBX instances worldwide remain infected with web shells exploiting CVE-2025-64328 (CVSS 8.6). The INJ3CTOR3 threat actor deploys EncystPHP web shells for command execution and fraudulent outbound calls. US leads with 401 compromised systems.
Read moreZscaler ThreatLabz discovered ScarCruft (APT37) running the "Ruby Jumper" campaign that bridges air-gapped networks using weaponized USB drives. The operation abuses Zoho WorkDrive for C2 and deploys multiple malware families including THUMBSBD, FOOTWINE, and BLUELIGHT for surveillance and data exfiltration.
Read moreAnthropic revealed that DeepSeek, Moonshot AI, and MiniMax ran industrial-scale distillation attacks using 24,000 fraudulent accounts to systematically extract Claude's reasoning, coding, and agentic capabilities across 16 million exchanges. Google disclosed similar attacks on Gemini weeks earlier.
Read moreAmazon Threat Intelligence reveals a Russian-speaking actor with limited skills compromised 600+ FortiGate devices using DeepSeek and Claude. The campaign exploited exposed management interfaces and weak credentials, demonstrating how AI has democratized sophisticated attack capabilities.
Read moreAmazon Threat Intelligence documents a Russian-speaking threat actor who compromised 600+ FortiGate devices across 55 countries using AI-assisted tools. No zero-days were exploited—just exposed management interfaces and weak credentials, with generative AI helping an unsophisticated attacker scale their operations.
Read moreESET researchers discovered PromptSpy, an Android malware that uses Google's Gemini AI to dynamically navigate device interfaces and maintain persistence. The malware sends screen captures to Gemini, which responds with tap instructions, effectively solving Android fragmentation for attackers.
Read moreGoogle released emergency updates to patch CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome's CSS handling that attackers are actively exploiting. All Chromium-based browsers are affected.
Read moreGoogle patches CVE-2026-2441, a high-severity use-after-free in Chrome actively exploited in the wild. This is Chrome first zero-day of 2026. Update immediately.
Read moreSecurity researchers at Koi Security discovered the first known malicious Microsoft Outlook add-in, dubbed AgreeToSteal. Attackers hijacked an abandoned legitimate calendar tool by claiming its orphaned Vercel URL, turning Microsoft's own infrastructure into a phishing delivery mechanism that harvested over 4,000 Microsoft account credentials.
Read moreSmarterTools confirms the Warlock ransomware gang breached their network through a forgotten, unpatched SmarterMail server. The attackers exploited known vulnerabilities (CVE-2026-23760, CVE-2026-24423) to gain access, then moved laterally before deploying ransomware.
Read moreTGR-STA-1030, a state-backed Asian threat group, breached 70+ government and critical infrastructure organizations across 37 countries since January 2024. They exfiltrated financial negotiations, military updates, and banking info using Cobalt Strike, web shells, and eBPF rootkits.
Read moreOur CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.
Subscribe to our newsletter and get the latest security insights delivered to your inbox.