Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of… Read More »Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public… Read More »LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. “As with… Read More »UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes.… Read More »ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. “The affected package version appears to be… Read More »Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has… Read More »Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?
Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now… Read More »[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal… Read More »Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. “The group wields a wide array of tools mostly… Read More »China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as… Read More »Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case