The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a medium-severity vulnerability in Wing FTP Server to its Known Exploited Vulnerabilities (KEV) catalog on March 16, 2026, confirming that attackers are actively exploiting the flaw in real-world attacks. Vulnerability Details Tracked as CVE-2025-47813 (CVSS score: 4.3), the vulnerability is an information disclosure flaw that…
A comprehensive analysis by Unit 42 reveals a fundamental shift in Iranian cyber operations: state-aligned threat actors are abandoning custom malware in favor of weaponizing enterprise administrative tools to achieve unprecedented scale and stealth. The Strategic Shift During recent wiper incidents attributed to Void Manticore (Handala), attackers did not deploy novel malware or traditional compiled…
Threat actors are abusing Visual Studio Code extension dependencies in the Open VSX registry to distribute the GlassWorm malware loader through 72 malicious extensions targeting developers.
A sophisticated supply chain attack dubbed ForceMemo is leveraging stolen GitHub tokens to inject malware into hundreds of Python repositories, marking a dangerous escalation in the ongoing GlassWorm campaign targeting software developers. The Attack Chain According to StepSecurity research, the attackers are targeting Python projects including Django applications, machine learning research code, Streamlit dashboards, and…
As Iran-Israel-US military operations escalate in the Middle East, Check Point Research and Tenable have identified a significant surge in Iranian threat actors targeting IP cameras manufactured by Hikvision and Dahua. The activity, which began spiking on February 28, 2026, coincides with the start of Operation Epic Fury and extends across Israel, Qatar, Bahrain, Kuwait,…
Veeam has released emergency patches for seven severe vulnerabilities in its flagship Backup & Replication platform, several scoring CVSS 9.9 — the highest possible criticality rating. The flaws enable remote code execution (RCE), privilege escalation, and credential theft by authenticated users, making enterprise backup infrastructure a prime target for ransomware operators. Vulnerability Details The newly…
A groundbreaking research paper by Bruce Schneier and collaborators introduces the concept of “promptware”—a distinct class of malware targeting large language models (LLMs). Moving beyond the myopic focus on prompt injection, the researchers propose a structured seven-step kill chain that mirrors traditional cyberattack frameworks like those used to analyze Stuxnet and NotPetya. The Seven-Stage Promptware…
A coordinated international law enforcement operation has dismantled SocksEscort, a criminal proxy service that infected hundreds of thousands of residential routers worldwide to enable large-scale fraud, ransomware distribution, and other cybercrimes. The Scope of the Threat According to the U.S. Department of Justice, SocksEscort offered access to approximately 369,000 different IP addresses across 163 countries…
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities being actively exploited in zero-day attacks, affecting an estimated 3.5 billion users worldwide. “Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild,” the company stated in a security advisory published Thursday. The Vulnerabilities CVE-2026-3909 stems from an out-of-bounds…
In one of the most significant international cybercrime operations to date, INTERPOL has announced the successful conclusion of Operation Synergia III—a coordinated global effort that dismantled critical infrastructure supporting phishing, malware, and ransomware campaigns worldwide. Six Months of Coordinated Enforcement Running from July 18, 2025 through January 31, 2026, the operation brought together law enforcement…
