TRENDING TOPICS MAR 25, 2026 NGINX MP4 Module Flaw Enables Remote Code Execution F5 has disclosed a high-severity vulnerability, tracked as CVE-2026-32647, in the NGINX MP4 streaming module that can be abused with crafted MP4 files to crash worker processes or, in some circumstances, execute arbitrary code on affected servers.
TRENDING TOPICS MAR 24, 2026 TeamPCP Deploys Iran-Targeted Wiper in Kubernetes Attacks A newly observed campaign by TeamPCP is targeting Kubernetes clusters with a destructive malware variant that selectively wipes systems configured for Iran while maintaining persistence elsewhere. The operation builds directly on the earlier CanisterWorm activity, reusing the same
TRENDING TOPICS MAR 23, 2026 Critical QNAP QVR Pro Flaw Opens Door to Remote Intrusion QNAP has issued an urgent security advisory for CVE-2026-22898, a critical vulnerability in its QVR Pro network video surveillance platform that allows remote attackers to gain system access without authentication. Tracked as ZDI-CAN-28327 and tied
TRENDING TOPICS MAR 20, 2026 Feds Cripple Monster IoT Botnets Behind Record 31.4 Tbps DDoS Barrage A coordinated law enforcement operation has disrupted four of the most powerful known IoT botnets, Aisuru, KimWolf, JackSkid, and Mossad, collectively responsible for some of the largest DDoS attacks ever recorded, including traffic
TRENDING TOPICS MAR 19, 2026 Update: Stryker Cyberattack Based on CISA reporting, Stryker was targeted on March 11, 2026, when a threat actor used Microsoft Intune’s wipe command to erase tens of thousands of Stryker devices after gaining privileged access.The recent cyberattack on Stryker is a reminder that
TRENDING TOPICS MAR 18, 2026 Aura’s March 2026 Incident: Targeted Account Compromise and Data Exposure In March 2026, online safety provider Aura disclosed that a single employee account was compromised for about an hour after a targeted phone‑phishing attack. During this window, an unauthorized third party accessed roughly
TRENDING TOPICS MAR 17, 2026 LeakNet Expands Initial Access with ClickFix and Fileless Deno Loader LeakNet ransomware operations are evolving toward greater independence, scalability, and stealth, marked by the adoption of ClickFix social engineering and a novel Deno-based loader. Rather than relying solely on initial access brokers, LeakNet is now
TRENDING TOPICS MAR 16, 2026 Operation CamelClone: Stealthy Multi‑Region Government Espionage Operation CamelClone is a newly identified cyber espionage campaign targeting government and strategic sectors across multiple geopolitically significant regions, including Algeria, Mongolia, Ukraine, and Kuwait. The operation focuses on organizations tied to national security and policy, such as
CVE-2025-26399 Critical Severity Vulnerability Description SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a
TRENDING TOPICS MAR 12, 2026 CastleRAT Campaign Abuses Deno Runtime and Steganography to Deliver Fileless Malware Researchers at ThreatDown identified a malware campaign that delivers CastleRAT, a remote access trojan designed for espionage, surveillance, and credential theft, by abusing the legitimate Deno JavaScript runtime. The attack begins with a social
TRENDING TOPICS MAR 11, 2026 UNC6426: From Stolen GitHub Token to Full Cloud Takeover in 72 Hours A threat actor tracked as UNC6426 exploited stolen keys from the 2025 Nx npm package supply chain compromise to fully breach a victim’s AWS cloud environment in just three days, according to
TRENDING TOPICS MAR 10, 2026 APT28 Revives Espionage Operations with Custom Covenant Variant and Dual-Implant Toolkit ESET researchers are reporting that the Russian state-linked threat group APT28 (also known as Fancy Bear, Sednit, Forest Blizzard, and Strontium) has resumed advanced cyber-espionage operations using a customized version of the open-source Covenant
TRENDING TOPICS MAR 09, 2026 Update: Hackerbot-Claw-Led Campaign Targets Major GitHub Repositories Cybersecurity researchers at Pillar Security have uncovered Hackerbot-Claw (also known as Chaos Agent), the first recorded case of an autonomous AI agent conducting a coordinated cyberattack using only natural language. Over a 37-hour campaign in late February 2026,
MONTHLY WRAP MONTHLY WRAP Overview February reinforced a consistent operational reality, which suggests attackers are gaining access and staying hidden by abusing trusted services and normal workflows more often than by relying on novel exploitation. This month featured stealthy “legitimate-functionality” tradecraft, including PRC-nexus abuse of the Google Sh
UAT-9244
CVE-2026-21385 High Severity Vulnerability Description A memory corruption flaw in multiple Qualcomm chipsets caused by an integer overflow (CWE-190) during memory allocation, allowing attackers to execute code, escalate privileges, or crash devices. CISA confirmed active exploitation and requires Federal agencies to patch or mitigate it by March 24, 2026, under
MongoDB
TRENDING TOPICS MAR 05, 2026 High-Severity MongoDB Compression Bug Enables Fast Pre-Auth DoS Cato CTRL’s Vitaly Simonovich disclosed CVE-2026-25611, a high-severity (7.5) vulnerability affecting all MongoDB deployments with wire-protocol compression enabled, including MongoDB Atlas. By abusing the OP_COMPRESSED message flow, a threat actor can send small, crafted
Threat Intelligence Briefing Iranian APT Threat Landscape Report Date: March 2026 11Tracked Threat Actors 10+CVEs Actively Exploited 15+Targeted Sectors 20+Countries at Risk 2Sponsoring Agencies (IRGC / MOIS) Landscape Overview Primary Target Sectors Aerospace & Defense Energy / Oil & Gas Telecommunications Government Healthcare ICS / OT / PLC IT Providers Finance
Iran-US/Israel Conflict
TRENDING TOPICS MAR 04, 2026 Iranian APT Escalation Targets Global Critical Infrastructure Amid Expanding Regional Conflict Following the joint U.S.–Israeli strike known as Operation Lion’s Roar, Iran has escalated retaliatory cyber operations against global critical infrastructure. Iranian state-sponsored threat groups, including MuddyWater, OilRig, APT33, and UNC1549, have
Recon and Workflow Discovery Hackerbot-claw identified Trivy's vulnerable pull_request_target workflow ("API Diff Check"), which checked out PR code and used a PAT with broad permissions, not only the ephemeral GITHUB_TOKEN. Initial Access via PR and CI Execution The bot forked aquasecurity/trivy and
Scattered LAPSUS$
TRENDING TOPICS MAR 03, 2026 Scattered Lapsus$ Expands to Targeted Recruitment The cybercriminal group Scattered Lapsus$ (SLSH), a successor to the disbanded Lapsus$ collective known for high-profile breaches of Microsoft, NVIDIA, and Okta, is reportedly recruiting women to bolster its social engineering operations. According to a Telegram post by Dataminr
SonicWall
TRENDING TOPICS MAR 02, 2026 Update: Hackers Conduct Mass Scanning Campaign Against SonicWall Firewalls Using 4,000+ IPs A large-scale reconnaissance campaign is actively targeting SonicWall firewall infrastructure worldwide, with attackers using more than 4,000 unique IP addresses to identify vulnerable systems ahead of potential exploitation, according to new
Dohdoor Backdoor Campaign
CVE-2026-20127 Critical Severity Vulnerability Description A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering
GRIDTIDE
TRENDING TOPICS FEB 26, 2026 GRIDTIDE Disruption: PRC-Linked UNC2814 Abused Google Sheets API for Global Espionage Google Threat Intelligence Group (GTIG), alongside Mandiant and other partners, disrupted a large-scale espionage campaign attributed to UNC2814, a suspected PRC-nexus threat actor active since at least 2017. The operation leveraged a novel C-based
Workforce Workflow Compromise Targeted outreach to employees and applicants through personal email and professional networking channels to avoid corporate security controls. Credential harvesting via cloned recruitment portals, interview scheduling pages, document-sharing prompts, and fake "candidate" communications. Secondary abuse of captured identities to access workforce-facing SaaS, internal collaboration platforms,