Tag: exploit
-
MSHTML Zero-Day in Windows Exploited by APT28 Prior to Feb 2026 Security Update
Microsoft released its Patch Tuesday updates, addressing 59 vulnerabilities, including a critical zero-day flaw in the Windows MSHTML framework. Tracked as CVE-2026-21513, this actively exploited vulnerability allows attackers to bypass security features and execute arbitrary code. APT28 is a well-documented advanced persistent threat group known for sophisticated malware campaigns. Security researchers from Akamai discovered that…
-
Bug in Google’s Gemini AI Panel Opens Door to Hijacking
Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/bug-google-gemini-ai-panel-hijacking
-
Bug in Google’s Gemini AI Panel Opens Door to Hijacking
Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/bug-google-gemini-ai-panel-hijacking
-
Bug in Google’s Gemini AI Panel Opens Door to Hijacking
Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/bug-google-gemini-ai-panel-hijacking
-
GTFire Phishing Campaign Exploits Google Services to Bypass Detection and Harvest Credentials
GTFire is a large-scale phishing scheme that abuses multiple Google services to hide malicious infrastructure, evade security tools, and steal credentials from organizations worldwide. GTFire is a credential-harvesting operation that chains Google Firebase Hosting and Google Translate to deliver phishing pages that look like legitimate brand logins. Attackers host fake login portals on Firebase .web.…
-
CISA Alerts on RESURGE Malware Exploiting Ivanti Connect Secure Zero-Days
The Cybersecurity and Infrastructure Security Agency (CISA) has released a Malware Analysis Report (MAR) detailing a new malware family dubbed RESURGE, which is actively exploiting a zero-day vulnerability in Ivanti Connect Secure devices. According to CISA, RESURGE builds upon the functionality of the earlier SPAWNCHIMERA malware strain, introducing new commands designed to enhance persistence and…
-
Pixel Perfect Browser Extension Exploited for Stealth Script Injection and Security Header Stripping
A popular Chrome add-on, “QuickLens Search Screen with Google Lens,” has quietly morphed from a legitimate productivity tool into a full”‘fledged remote code-execution platform that abuses browser trust, security headers, and silent auto”‘updates. What began as a simple Google Lens wrapper ended in a covert C2″‘driven campaign capable of injecting arbitrary scripts into any […]…
-
CVE-2025-64328 exploitation impacts 900 Sangoma FreePBX instances
About 900 Sangoma FreePBX systems were infected with web shells after attackers exploited a command injection flaw. Hundreds of Sangoma FreePBX instances are still infected with web shells following attacks that began in December 2025. Sangoma FreePBX is an open-source, web-based platform for managing Asterisk-powered VoIP phone systems. Maintained by Sangoma Technologies, it allows businesses…
-
Week in review: Self-spreading npm malware hits developers, Cisco SD-WAN 0-day exploited since 2023
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Identity verification systems are struggling with synthetic fraud Fake and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/01/week-in-review-self-spreading-npm-malware-hits-developers-cisco-sd-wan-0-day-exploited-since-2023/
-
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control.”Our vulnerability lives in the core system itself no plugins, no marketplace, no user-installed extensions just the bare OpenClaw gateway, running exactly as documented,” Oasis…
-
Hackers Exploit Windows File Explorer and WebDAV to Distribute Malware
Cybersecurity researchers at Cofense Intelligence have uncovered an ongoing campaign where threat actors abuse Windows File Explorer to distribute malware. By exploiting the legacy WebDAV protocol, attackers are tricking victims into downloading Remote Access Trojans (RATs) while bypassing traditional web browser security controls and some Endpoint Detection and Response (EDR) systems.”‹ WebDAV Exploit WebDAV (Web-based…
-
Security hole could let hackers take over Juniper Networks PTX core routers
The hole is “especially dangerous, because these devices often sit in the middle of the network, not on the fringes,” said Piyush Sharma, CEO of Tuskira. “If an attacker gains control of a PTX, the impact is bigger than a single device compromise because it can become a traffic vantage point and a control point…
-
Strengthening Identity Security: Real-World Credential Attack Detection with Seceon aiSIEM
Executive Overview Identity has become the primary attack surface in modern enterprise environments. Threat actors increasingly bypass traditional malware-based techniques and instead exploit compromised credentials to access cloud platforms, email systems, and business-critical applications. Credential abuse now drives ransomware campaigns, business email compromise, data exfiltration, and lateral movement within hybrid environments. Organizations must therefore detect…
-
5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign
Hackers exploited a critical Cisco SD-WAN flaw, prompting a rare joint warning from the US, UK, Australia, Canada, and New Zealand. The post 5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-sdwan-flaw-five-eyes-joint-warning/
-
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025.Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France.The non-profit…
-
‘Resurge’ malware can remain undetected on devices
CISA previously issued an alert about attacks that exploited a vulnerability in Ivanti Connect Secure. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-resurge-malware-undetected-Ivanti/813373/
-
Scientists Intro AirSnitch, Which Bypasses WiFi Isolation to Launch Attacks on Networks
Scientists from the University of California Riverside uncovered fundamental weaknesses in the client isolation security feature in WiFi networks that can be exploited to bypass the protections and allow threat actors to run machine-in-the-middle attacks, manipulate traffic, and steal data from others who are on the same network. First seen on securityboulevard.com Jump to article:…
-
CISA warns that RESURGE malware can be dormant on Ivanti devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-that-resurge-malware-can-be-dormant-on-ivanti-devices/
-
Third-Party Patching and the Business Footprint We All Share
Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/third-party-patching-and-the-business-footprint-we-all-share/
-
The Seam in Cybersecurity Defenses That Nation-States Keep Exploiting
The Notepad++ supply chain compromise is the latest proof that sophisticated adversaries are deliberately targeting the gap between two disciplines: Vulnerability management and detection and response. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-seam-in-cybersecurity-defenses-that-nation-states-keep-exploiting/
-
Why application security must start at the load balancer
Tags: application-security, attack, authentication, breach, business, compliance, control, credentials, defense, detection, encryption, exploit, finance, guide, healthcare, identity, incident response, infrastructure, Internet, nist, risk, service, technology, threat, tool, waf, zero-trustInternet traffic hits the load balancerThe load balancer forwards traffic as fast as possibleSecurity happens laterThe problem is simple. If the first system doesn’t enforce trust, everything behind it is already compromised by design. Example 1: Financial services: The team invested heavily in downstream security tools. But the load balancer accepted weak TLS versions and…
-
Ransomware groups switch to stealthy attacks and long-term access
Tags: access, application-security, attack, ciso, control, crime, cyber, cybercrime, cybersecurity, data, detection, encryption, endpoint, exploit, extortion, group, identity, intelligence, monitoring, organized, ransomware, service, software, strategy, supply-chain, switch, theft, threat, tool, vulnerability38% drop in encryption over the past 12 months as more cybercriminals turn to silently exfiltrating data for extortion as their main stock in trade.Picus’ suggestion that the volume of ransomware attacks is dropping is disputed by other experts.Tony Anscombe, chief security evangelist at endpoint security vendor Eset, offered a contrasting perspective.”In the recent Eset…
-
Warum Zugangsdaten 2026 zum größten Cyberrisiko werden
Cyberangriffe beginnen immer häufiger nicht mit komplexen Exploits, sondern mit gestohlenen Zugangsdaten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/zugangsdaten-2026-groesste-cyberrisiko
-
Attackers Have Been Exploiting Cisco SD-WAN Zero-Day Flaw Since 2023
Cisco and Five Eyes agencies are alerting organizations to a highly sophisticated attack, where threat actors compromise a Cisco SD-WAN controller via a zero-day flaw, downgrade the device to an earlier software version that is vulnerable to an older bug, before gaining root access and restoring the device to its original version. First seen on…
-
Cisco SD-WAN Zero-Day Actively Exploited to Gain Root Access
A critical Cisco SD-WAN zero-day has been exploited since 2023 to bypass authentication and gain persistent root access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-sd-wan-zero-day-actively-exploited-to-gain-root-access/
-
Cisco SD-WAN Zero-Day Under Exploitation for 3 Years
The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cisco-sd-wan-zero-day-exploitation-3-years
-
How AI Agents Automate CVE Vulnerability Research
The CVE Researcher is a multi-agent AI pipeline that automates vulnerability research, detection template generation, and exploitation analysis. Built on Google’s Agent Development Kit (ADK), it coordinates specialized AI models through four phases, deep research, technology reconnaissance, actor-critic template generation, and exploitation analysis, to produce production-ready Nuclei detection templates overnight. Beyond Simple Automation… First seen…