General CTI Archives - Page 11 of 17

TeamPCP Spreads Trivy Supply Chain Attack to Docker Hub and Kubernetes with Devastating Wiper Payload

acint3 months ago03 mins

The cybersecurity community is reeling from an escalating supply chain attack targeting Trivy, Aqua Security’s popular open-source vulnerability scanner with over 33,800 GitHub stars. The threat actor known as TeamPCP has expanded their campaign from compromised GitHub Actions to Docker Hub images and now a destructive Kubernetes wiper that specifically targets Iranian infrastructure. The Attack…

Unit 42 Warns: AI Agents Could Enable Gift Card Theft and Returns Fraud at Scale

acint3 months ago03 mins

Palo Alto Networks’ Unit 42 has published new research examining how the rise of “agentic commerce” – AI agents that autonomously browse, shop, and transact on behalf of users – could be exploited by cybercriminals to conduct retail fraud at unprecedented scale. Read the full research from Unit 42. The Coming Wave of Agentic Commerce…

CVE-2026-33017: Critical Langflow AI Framework Vulnerability Exploited Within 20 Hours of Disclosure

acint3 months ago03 mins

A critical vulnerability in Langflow, the popular open-source visual framework for building AI agents and RAG pipelines, was weaponized by threat actors within just 20 hours of public disclosure—before any proof-of-concept code was publicly available. The Vulnerability Tracked as CVE-2026-33017 (CVSS 9.3), the vulnerability is an unauthenticated remote code execution (RCE) flaw affecting the /api/v1/build_public_tmp/{flow_id}/flow…

DoJ Disrupts Four Massive IoT Botnets Behind Record-Breaking 31.4 Tbps DDoS Attacks

acint3 months ago02 mins

The U.S. Department of Justice announced a major law enforcement operation to disrupt four IoT botnets — AISURU, Kimwolf, JackSkid, and Mossad — responsible for record-breaking distributed denial-of-service (DDoS) attacks reaching 31.4 terabits per second. The court-authorized takedown, conducted in partnership with authorities from Canada and Germany, targeted command-and-control infrastructure that had enslaved over 3…

CVE-2026-33017: Critical Langflow AI Platform Flaw Exploited Within 20 Hours of Disclosure

acint3 months ago02 mins

A critical vulnerability in Langflow, a popular open-source AI workflow automation platform, has been actively exploited in the wild within just 20 hours of public disclosure—before any proof-of-concept code was even available. The Vulnerability Tracked as CVE-2026-33017 with a CVSS score of 9.3, the flaw combines missing authentication with code injection to enable unauthenticated remote…

Critical Langflow AI Platform Flaw CVE-2026-33017 Exploited Within 20 Hours of Disclosure

acint3 months ago03 mins

A critical vulnerability in Langflow, the popular open-source AI workflow platform, has been actively exploited within just 20 hours of its public disclosure—before any proof-of-concept code was even available. The rapid weaponization highlights the shrinking window defenders have to patch critical flaws. The Vulnerability: CVE-2026-33017 Tracked as CVE-2026-33017 with a CVSS score of 9.3, the…

CVE-2026-3564: Critical ScreenConnect Flaw Enables Session Hijacking Through ASP.NET Machine Key Abuse

acint3 months ago02 mins

ConnectWise has released an emergency patch for a critical vulnerability (CVE-2026-3564) in its ScreenConnect remote access platform that could allow unauthenticated attackers to hijack legitimate sessions by forging authentication credentials using extracted ASP.NET machine keys. Understanding the Vulnerability The flaw affects all versions of ScreenConnect before version 26.1 and stems from improper verification of cryptographic…

Interlock Ransomware Exploited Cisco FMC Zero-Day for Six Weeks Before Patch: Amazon Reveals Full Attack Chain

acint3 months ago02 mins

Amazon Threat Intelligence has revealed that the Interlock ransomware group exploited CVE-2026-20131—a critical CVSS 10.0 vulnerability in Cisco Secure Firewall Management Center—as a zero-day since January 26, 2026, more than five weeks before Cisco publicly disclosed the flaw on March 4. Why It Matters This case demonstrates the dangerous window between zero-day exploitation and vendor…

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

acint3 months ago03 mins

Low-cost IP KVM devices—designed to provide remote keyboard, video, and mouse access to physical systems—are introducing catastrophic security risks into enterprise environments. New research from Eclypsium reveals nine vulnerabilities affecting products from GL-iNet, Angeet/Yeeso, Sipeed, and JetKVM, with the most severe enabling unauthenticated attackers to achieve root access. Why IP KVM Vulnerabilities Are Uniquely Dangerous…

54 EDR Killers Exploit 34 Vulnerable Signed Drivers to Disable Security Before Ransomware Deployment

acint3 months ago03 mins

A comprehensive analysis by ESET has uncovered a thriving ecosystem of endpoint detection and response (EDR) killer tools, revealing that 54 of these specialized programs abuse 34 vulnerable signed drivers to neutralize security software before ransomware attacks. The BYOVD Threat Landscape EDR killer programs have become a standard component in ransomware intrusions, offering affiliates a…