Cybersecurity
138 articles RSS
Attackers Exploit CVE-2026-35616 in FortiClient EMS to Deploy EKZ Infostealer Disguised as a Fortinet Patch
Arctic Wolf found attackers abusing a critical 9.8-CVSS FortiClient EMS authentication bypass to silently push EKZ Infostealer to every managed endpoint via legitimate VPN scripting workflows.
Trend Micro Patches Apex One Zero-Day CVE-2026-34926 Exploited in the Wild, CISA Orders Federal Agencies to Patch by June 4
A directory traversal flaw in Trend Micro Apex One lets an attacker with admin server access inject malicious code into managed endpoints. CISA added it to KEV on May 21 with a June 4 federal deadline.
DAEMON Tools Lite Backdoored for 27 Days: Supply Chain Attack Targeted Government and Scientific Organizations in Russia, Belarus, and Thailand
Kaspersky found official DAEMON Tools Lite installers trojanized from April 8 to May 5, 2026, deploying a multi-stage backdoor to over a dozen targeted machines. CISA added CVE-2026-8398 to its KEV catalog on May 27.
Ghost CMS SQL Injection CVE-2026-26980 Exploited to Hijack 700 Sites in Large-Scale ClickFix Campaign
A patched SQL injection in Ghost CMS (versions 3.24.0–6.19.0) has been exploited at scale to compromise 700+ websites, including Harvard and Oxford, turning them into ClickFix malware distribution points.
TrapDoor Campaign Deploys 34 Malicious Packages Across npm, PyPI, and Crates.io, Weaponizing AI Coding Assistants to Steal Crypto Wallets
Socket researchers discovered TrapDoor, a supply chain attack spanning 34 packages and 384+ versions across three registries, with a novel technique that embeds hidden instructions in AI coding assistant config files to trigger credential exfiltration.
Veeam Previews Data Platform v13.1 at VeeamON 2026, Launching DataAI Command Platform and Post-Quantum Cryptography Support
Veeam used its VeeamON 2026 conference in New York City to preview v13.1 of its Data Platform with 70+ new features, a new DataAI Command Platform, and post-quantum cryptography support.
npm Ships Staged Publishing and Install-Source Allowlists in CLI 11.15.0, Requiring Human 2FA Approval Before Packages Go Live
GitHub's npm registry makes staged publishing generally available: packages must pass a human-approved, 2FA-gated queue before consumers can install them.
Laravel-Lang Supply Chain Attack Poisons Over 700 Package Versions via Packagist Tag Hijack, Deploying Cross-Platform Credential Stealer
Attackers rewrote Git tags across four Laravel localization packages to point to malicious forks, poisoning hundreds of versions and deploying a credential stealer targeting cloud keys, SSH, and crypto wallets.
Iranian APT MuddyWater Deployed Chaos Ransomware as a False Flag to Disguise State-Sponsored Espionage
Rapid7 links a Chaos ransomware intrusion in early 2026 to Iranian state-linked MuddyWater, finding no encryption deployed — only credential theft and data exfiltration under ransomware cover.
Google GTIG Confirms First Criminal AI-Built Zero-Day: A 2FA Bypass That Would Have Enabled Mass Exploitation
Google's Threat Intelligence Group says a cybercrime group built a zero-day exploit using AI, marking the first confirmed case of adversaries weaponizing an LLM to discover and exploit a previously unknown vulnerability.
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector for First Time in 19 Years
The 2026 DBIR finds 31% of breaches now begin with unpatched vulnerabilities -- surpassing credential abuse for the first time in the report's 19-year history -- as median patch time climbs to 43 days and ransomware reaches 48% of all breaches.
Microsoft Dismantles Fox Tempest, a Malware-Signing Service That Issued Over a Thousand Fraudulent Certificates Through Azure
Microsoft's Digital Crimes Unit seized signspace.cloud and revoked more than 1,000 fraudulent code-signing certificates after Fox Tempest sold access to Azure Artifact Signing for $5,000–$9,000 per transaction to ransomware groups including Rhysida, Akira, and Qilin.