Amazon’s security team has revealed that the Interlock ransomware gang exploited a critical Cisco firewall vulnerability as a zero-day for five weeks before it was publicly disclosed, giving attackers a significant head start against defenders. Zero-Day Exploitation Timeline According to CJ Moses, CISO of Amazon Integrated Security, Interlock began exploiting CVE-2026-20131 on January 26, 2026…
Google Threat Intelligence Group (GTIG), iVerify, and Lookout have jointly uncovered DarkSword, a sophisticated iOS exploit kit that enables complete device compromise with minimal user interaction. The kit, operational since at least November 2025, has been deployed by suspected Russian state-sponsored actors targeting Ukrainian users, as well as commercial surveillance vendors across multiple countries. Six…
A critical vulnerability in Langflow, a popular open-source AI workflow automation platform, has been actively exploited in the wild within just 20 hours of public disclosure—before any proof-of-concept code was even available. The Vulnerability Tracked as CVE-2026-33017 with a CVSS score of 9.3, the flaw combines missing authentication with code injection to enable unauthenticated remote…
A critical vulnerability in Langflow, the popular open-source AI workflow platform, has been actively exploited within just 20 hours of its public disclosure—before any proof-of-concept code was even available. The rapid weaponization highlights the shrinking window defenders have to patch critical flaws. The Vulnerability: CVE-2026-33017 Tracked as CVE-2026-33017 with a CVSS score of 9.3, the…
ConnectWise has released an emergency patch for a critical vulnerability (CVE-2026-3564) in its ScreenConnect remote access platform that could allow unauthenticated attackers to hijack legitimate sessions by forging authentication credentials using extracted ASP.NET machine keys. Understanding the Vulnerability The flaw affects all versions of ScreenConnect before version 26.1 and stems from improper verification of cryptographic…
Amazon Threat Intelligence has revealed that the Interlock ransomware group exploited CVE-2026-20131—a critical CVSS 10.0 vulnerability in Cisco Secure Firewall Management Center—as a zero-day since January 26, 2026, more than five weeks before Cisco publicly disclosed the flaw on March 4. Why It Matters This case demonstrates the dangerous window between zero-day exploitation and vendor…
Low-cost IP KVM devices—designed to provide remote keyboard, video, and mouse access to physical systems—are introducing catastrophic security risks into enterprise environments. New research from Eclypsium reveals nine vulnerabilities affecting products from GL-iNet, Angeet/Yeeso, Sipeed, and JetKVM, with the most severe enabling unauthenticated attackers to achieve root access. Why IP KVM Vulnerabilities Are Uniquely Dangerous…
A comprehensive analysis by ESET has uncovered a thriving ecosystem of endpoint detection and response (EDR) killer tools, revealing that 54 of these specialized programs abuse 34 vulnerable signed drivers to neutralize security software before ransomware attacks. The BYOVD Threat Landscape EDR killer programs have become a standard component in ransomware intrusions, offering affiliates a…
The LeakNet ransomware group is rapidly scaling its operations with two dangerous innovations: a social engineering technique called ClickFix and a previously unreported fileless loader built on the legitimate Deno JavaScript runtime. According to ReliaQuest research, LeakNet has shifted away from purchasing stolen credentials from initial access brokers (IABs). Instead, the group now plants fake…
Rapid7 has released its 2026 Global Threat Landscape Report, revealing a dramatic acceleration in cyber attack patterns that leaves organizations with shrinking windows to respond to emerging threats. The research demonstrates that the predictive lead time defenders once relied upon between vulnerability disclosure and active exploitation has largely disappeared. Key Findings: The Numbers Tell the…
