Nation-State Actors Exploit Zero-Day in Enterprise Firewalls to Deploy Stealthy Backdoors
Advanced persistent threat groups linked to state-sponsored actors have been observed chaining two unpatched vulnerabilities in leading enterprise firewall appliances. The attack chain allows unauthenticated remote code execution and persistence via a memory-resident implant invisible to standard AV tools.
LockBit 4.0 Variant Targets Healthcare Sector with New Double-Extortion Tactics
A new LockBit variant is actively targeting hospital networks across Europe and North America, featuring an updated loader that evades EDR solutions by abusing a signed kernel driver.
Malicious npm Packages Steal AWS Credentials from 50,000+ Developer Machines
Typosquatted npm packages exfiltrate cloud credentials via DNS tunneling, bypassing most DLP solutions. Campaign active for 3 weeks before detection.
CISA Adds 12 New CVEs to Known Exploited Vulnerabilities Catalog
Flaws in Cisco IOS, Fortinet FortiOS, and Microsoft Exchange Server among the newly added entries. Federal agencies have 72 hours to patch or disconnect.
AI-Powered Phishing Kit "GhostGPT" Bypasses MFA in Real Time
New PhaaS platform uses generative AI to craft hyper-personalised lures with adversary-in-the-middle capabilities — OTP interception included out of the box.
APT41 Linked to Major Telecom Breaches Across Southeast Asia
Mandiant attributes intrusions to APT41, deploying "PhantomNet" rootkit that persists across firmware updates by targeting the UEFI boot process.
"VulnGraph" Maps Attack Paths Across Hybrid Cloud Environments
New open-source graph-based tool visualises attack paths across on-prem Active Directory and cloud IAM roles simultaneously. Released on GitHub.