UAT-9244
CVE-2026-21385 High Severity Vulnerability Description A memory corruption flaw in multiple Qualcomm chipsets caused by an integer overflow (CWE-190) during memory allocation, allowing attackers to execute code, escalate privileges, or crash devices. CISA confirmed active exploitation and requires Federal agencies to patch or mitigate it by March 24, 2026, under
Iran-US/Israel Conflict
TRENDING TOPICS MAR 04, 2026 Iranian APT Escalation Targets Global Critical Infrastructure Amid Expanding Regional Conflict Following the joint U.S.–Israeli strike known as Operation Lion’s Roar, Iran has escalated retaliatory cyber operations against global critical infrastructure. Iranian state-sponsored threat groups, including MuddyWater, OilRig, APT33, and UNC1549, have
Dohdoor Backdoor Campaign
CVE-2026-20127 Critical Severity Vulnerability Description A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering
npm Packages
TRENDING TOPICS FEB 25, 2026 Malicious npm Package ambar-src Shows Fast Moving Supply Chain Risk Tenable research reported that a malicious npm package named ambar-src reached roughly 50,000 downloads before removal, showing how quickly supply chain threats can spread across developer environments. The package appears to have been built
Lazarus Group
TRENDING TOPICS FEB 24, 2026 Update: Lazarus Expands Ransomware Playbook, Leveraging Medusa Against U.S. Healthcare North Korea’s Lazarus Group has expanded its financially motivated operations by leveraging the Medusa ransomware. Security researchers at Symantec assess that a Lazarus Group subgroup, commonly tracked as Andariel or Stonefly and linked
PromptSpy
CVE-2026-22769 Critical Severity Vulnerability Description Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying
Atlassian
TRENDING TOPICS FEB 17, 2026 Attackers Abuse Atlassian Jira Cloud to Deliver Trusted-Looking Spam Campaigns TrendMicro researchers observed threat actors abusing Atlassian Jira Cloud to distribute large-scale spam campaigns by sending emails directly from legitimate atlassian[.]net domains. Since the messages originated from a trusted SaaS platform with valid SPF
ClickFix
Critical Severity 1 CVE CVE-2026-1731 BeyondTrust Remote Support & PRA Critical pre-auth remote code execution in BeyondTrust Remote Support and legacy Privileged Remote Access lets unauthenticated attackers send crafted requests that run OS commands as the site user; patch self‑hosted appliances immediately, remove unnecessary internet exposure, and enable tight
LummaStealer
TRENDING TOPICS FEB 12, 2026 Update: LummaStealer Rebuilds at Scale Using CastleLoader and Social-Engineering-Driven Delivery Chains Security researchers have observed a renewed surge in LummaStealer activity, demonstrating how the infostealer operation has rapidly recovered despite a major law-enforcement disruption in 2025 that dismantled thousands of command-and-control domains. LummaStealer, a malw
RU-APT-ChainReaver-L
Critical Severity 5 CVEs CVE-2026-21522 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability (Azure Compute Gallery) CVE-2026-21532 Azure Function Information Disclosure Vulnerability CVE-2026-23655 Microsoft ACI Confidential Containers Information Disclosure Vulnerability (Azure Compute Gallery) CVE-2026-24300 Azure Front Door (AFD) Elevation of Privilege Vulnerability CVE-2026-24302 Azure Arc Elevation of Privilege Vulnerab
LockBit
TRENDING TOPICS FEB 05, 2026 Update: LockBit 5.0 Emerges as Cross-Platform Ransomware Targeting Windows, Linux, and ESXi Environments Kaspersky has identified a new wave of LockBit 5.0 ransomware samples designed to operate across Windows, Linux, and VMware ESXi environments, reflecting a continued shift toward highly scalable, multi-platform ransomware
GitHub
TRENDING TOPICS JAN 28, 2026 GitHub Repository Abuse Enables Malware Delivery Through Trusted Installer Paths GMO Researchers have identified a malware campaign that exploits GitHub's repository-forking mechanism to distribute trojanized installers under the guise of official projects. Attackers fork the legitimate GitHub Desktop repository, alter download links in