This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco’s network control system.
Tag: leveraged
AI, Global Security News
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.
AI, Global Security News
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26…
Global Security News, Risk Management
Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)
Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a specially crafted HTTP request, putting unpatched FortiSandbox deployments at risk. About FortiSandbox FortiSandbox is Fortinet’s security solution for detecting and analyzing advanced threats. It…
AI, Cybersecurity, Global Security News, Government & Policy, Network Security
Testing reveals Claude Mythos’s offensive capabilities and limits
Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that while its cybersecurity capabilities exceed those of previously available models, it can’t reliably execute…
AI, Global Security News, Risk Management
Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do
Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk.
AI, Global Security News
AI-Assisted Supply Chain Attack Targets GitHub
PRT-scan is the second in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration.
AI, Apps, china, Exploits, Global Security News, Government & Policy, malware, Network Security
TrueConf zero-day vulnerability exploited to target government networks
Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in Southeast Asia, Check Point researchers discovered. Malicious client update attack chain (Source: Check Point) Trusted update mechanism turned into attack vector TrueConf is a videoconferencing platform designed to run on private local networks (LANs)…
AI, Global Security News
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to…
AI, Global Security News, malware
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. “It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers…
AI, Global Security News
Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish
The cyberattackers leveraged trusted brands and domains in an attempt to redirect a C-suite executive at Outpost24 to give up his credentials.
AI, Data Breaches, Global Security News
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim’s cloud environment within a span of 72 hours. The attack started with the theft of a developer’s GitHub token, which the threat actor then used to gain unauthorized access…
AI, Global Security News
Cisco Live Amsterdam 2026: Enhancing Security Operations with Cisco Foundation AI (Reasoning)
Discover how Cisco Live EMEA SOC leveraged an innovative, integrated security architecture—featuring the new Cisco Security Foundation AI Reasoning model.
Global Security News
Lazarus Group Picks a New Poison: Medusa Ransomware
The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks.
AI, Exploits, Global Security News
Scammers exploit trust in Atlassian Jira to target organizations
Threat actors have leveraged legitimate email notification feature of Atlassian Jira to deliver localized scam emails at scale. The emails From late December 2025 through late January 2026, victims were targeted with spam emails from legitimate-looking Atlassian Jira Cloud addresses. Organizations already using Jira were specifically targeted: the attackers selected domains known to have active…