Category: Daily Recap

Daily Recap, AI now drives the top initial-access vector with phishing accounting for 35% of Q1 2026 compromises, and researchers warn that hidden indirect prompt injection is spreading across the open web to manipulate LLM agents. It also covers vulnerability advisories (KEV) involving SimpleHelp, Samsung MagicINFO 9 and D-Link DIR-823X, China-linked espionage with GopherWhisper and Song Wu, extortion and fraud cases including BlackFile and SMS Blaster, and policy moves like Section 702 and Windows Update controls. #GopherWhisper #SongWu

Daily Recap, Bitwarden and Checkmarx faced separate supply-chain compromises that exposed developer secrets through malicious npm, Docker, and extension loaders affecting CLI, KICS, VS Code, and Open VSX users. Vercel disclosed broader fallout from a Context.ai intrusion, with Lumma Stealer stealing API keys and tokens that could impact downstream systems. #Bitwarden #Checkmarx #ContextAI #LummaStealer #Vercel

Daily Recap, Microsoft Edge updates disrupted Teams meetings on Windows as engineers review diagnostics while Sean Plankey withdrew from consideration to lead CISA amid workforce losses and budget strain. The recap also highlights AI security advances and a surge in threat activity, including GopherWhisper using Outlook/Slack/Discord for C2, Contagious Interview and related BeaverTail, OtterCookie, and InvisibleFerret campaigns, proxy networks by Chinese actors, and patches such as Defender CVE-2026-33825 and iOS CVE-2026-28950, plus Mirai in D-Link routers, KICS/Docker Hub supply-chain issues, CanisterSprawl, Harvester’s GoGra backdoor, and Lotus Wiper hits in Venezuela.
#GopherWhisper #ContagiousInterview #BeaverTail #OtterCookie #InvisibleFerret #GoGra #LotusWiper #TuMangaOnline #CISA #Edge #Teams

Daily Recap, UK cyber officials report they are handling four major incidents per week amid rising nation-state activity from Russia, Iran and China, while the EU imposes sanctions on Russian propaganda networks and Ukraine exposes a bot farm supplying thousands of fake Telegram accounts to Russian spies. Ransomware cases surface in legal actions around BlackCat/ALPHV and insider-leakage details, while GoGra Linux backdoor abusing Microsoft Graph API and an npm supply-chain attack on Namastex Labs highlight evolving threats, alongside the Vercel breach via Context.ai.
#BlackCat #GoGra

Daily Recap, the week featured high-profile data breaches at Vercel and ANTS, a Seiko USA Shopify data claim, and misconfigured Perforce servers exposing sensitive data from major organizations. Ransomware, crypto threats, platform abuse, and regulation dominated headlines, including BlackCat/ALPHV and Scattered Spider activity, The Gentlemen using SystemBC, Lazarus/TraderTraitor’s KelpDAO heist, FakeWallet/SparkKitty on the Apple App Store, notable CVEs like SGLang CVE-2026-5760, Google Antigravity RCE risks, BridgeBreak flaws in Silex and Lantronix, and regulatory actions by the FTC and Italy’s data-protection authority.
#Vercel #LummaStealer #Mandiant #ANTS #SeikoUSA #Shopify #Perforce #BlackCat #ALPHV #AngeloMartino #ScatteredSpider #TheGentlemen #SystemBC #Lazarus #TraderTraitor #KelpDAO #rsETH #TornadoCash #FakeWallet #SparkKitty #AppleAppStore #Cisco #Zimbra #TeamCity #ActiveMQ #SGLang #CVE-2026-5760 #GGUF #GoogleAntigravity #BridgeBreak #Silex #Lantronix #Bluesky #Ofcom #Telegram #TeenChat #ChatAvenue #X #Athr #FTC #TakeItDownAct #Grok #PosteItaliane #Postepay #ItalyDataProtectionAuthority

Daily Recap, Vercel disclosed a third-party AI tool compromise that led to unauthorized internal access and limited customer impact, with hackers also claiming to sell stolen data. Microsoft Teams is increasingly abused in helpdesk impersonation attacks using Quick Assist and Rclone, Cisco patched critical ISE and Webex flaws that could enable remote code execution and root access, and a zero-day in Adobe Acrobat Reader (CVE-2026-34621) was observed in the wild.
#Vercel #AcrobatReader

Cybersecurity Threat Research ‘Weekly’ Recap: A roundup of social engineering, phishing, and remote-access abuse highlights Cross-tenant helpdesk impersonation, a Black Basta affiliate executive-targeting campaign, and the ClickFix phishing operation. The report also covers ransomware, extortion, data leaks, malware post-exploitation, cloud and identity abuse, and mobile-endpoint threats across multiple sectors. #CrossTenantHelpdesk #BlackBasta #ClickFix #UNC1069 #AgenziaDelleEntrate #YouTubeCopyrightNotices #InteractiveBrokers #MacSyncStealer #NightSpire #PayoutsKing #Qilin #TheGentlemen #INC_Ransom #MOIS #HomelandJustice #Karma #Handala #ForceHound #Keenadu #RecruitRat #SaferRat #Astrinox #Massiv #RedSun #TP-Link #JoomlaSEOSpam

Daily Recap, Tycoon 2FA pressure pushed attackers to spread out across Mamba 2FA, EvilProxy, and Sneaky 2FA while increasingly using device code phishing to bypass modern authentication. Google Gemini helped block 602 million scam ads and contributed to removing or blocking over 8.3 billion ads in 2025 amid a major malvertising crackdown. #Tycoon2FA #Gemini #Qilin #Synnovis #PayoutsKing #Nexcorium

Daily Recap, law enforcement across 21 countries disrupted DDoS-for-hire networks in Operation PowerOFF, seizing 53 domains and warning over 75,000 users. The roundup also covers prosecutions such as Kamerin Stokes for DraftKings account theft and North Korea laptop-farm schemes that redirected over $5 million, along with exploitation of nginx-ui CVE-2026-33032 and Apache ActiveMQ flaws enabling SYSTEM privileges. #PowerOFF #DraftKings #APT28 #GRU #LaptopFarms #NginxUI #ActiveMQ #Windows #KuwaitBanks #TennesseeHospital #NorthernIrelandEducationAuthority

Daily Recap, Ukraine-linked UAC-0247 is intensifying attacks on hospitals and local governments using AgingFly, multi-stage loaders, and credential theft tooling to maintain persistence and deploy cryptominers, while a backdoored EssentialPlugin WordPress suite pushes malware via a hidden updater and Ethereum-based C2, and Dragon Boss Solutions’ digitally signed adware disables antivirus and runs payloads with SYSTEM privileges across thousands of hosts. Muddy Water is expanding its intrusion toolkit with CastleRAT and ChainShell, including HVNC hijacking and Ethereum-based C2 resolution, nginx-ui CVE-2026-33032 exploitation affecting 2,600+ exposed servers amid Patch Tuesday fixes for SAP, Adobe, Microsoft, and Fortinet, and related identity, data breach, and privacy developments. #AgingFly #EssentialPlugin #DragonBossSolutions #MuddyWater #CastleRAT #ChainShell #HVNC #NginxUI #CVE-2026-33032 #SAP #Adobe #Microsoft #Fortinet #ATHR #DPRK #PowerSchool #McGrawHill #EUAgeApp

Daily Recap, Microsoft released April 2026 updates fixing 167 flaws, including two zero-days in SharePoint (CVE-2026-32201) and Defender (CVE-2026-33825), and urged urgent Office/Defender patches for Windows 11 25H2/24H2, Windows 10 ESU, and Windows Server 2025. The roundup also covers extortion-linked incidents involving Kraken and McGraw-Hill, the JanaWare Adwind RAT campaign targeting Turkey, and policy moves such as Virginia’s geolocation ban and Russia blocking Bluesky, alongside AI defense advances like OpenAI’s GPT-5.4 Cyber.
#SharePoint #Defender #Kraken #McGrawHill #JanaWare #AdwindRAT #Turkey #Virginia #Bluesky #OpenAI #GPT54Cyber

Daily Recap, Cybersecurity news highlights active malware campaigns such as Mirax Android RAT turning devices into SOCKS5 proxies, JanelaRAT targeting Latin American banks, and Storm infostealer that harvests credentials while evading telemetry. It also covers a wave of critical fixes and CVEs across Kali Forms, ShowDoc, SAP, wolfSSL, Adobe, and notable data breaches at Basic-Fit and Booking.com, plus enforcement actions like the W3LL takedown and AI risk discussions from CSA and Goldman Sachs. #Mirax #JanelaRAT #StormStealer #KaliForms #ShowDoc #SAP #wolfSSL #Adobe #BasicFit #BookingCom #W3LL #Mythos #GoldmanSachs #BrowserGate

Cybersecurity Threat Research ‘Weekly’ Recap.
This week highlighted a broad surge in supply‑chain and package ecosystem attacks, AI-themed lure campaigns around Claude and related tooling, evolving infostealer and RAT families (STX RAT, Lumma/Remus), trojanized installers and MaaS campaigns (ClickFix, CastleLoader), ransomware operations (Storm1175/Medusa, NightSpire) and pervasive vulnerability disclosures, with notable data exfiltration tied to TeamPCP and a focus on defense exercises and immutable backups.
#TeamPCP #Axios #STXRAT #Remus #Lumma #CastleLoader #ClipBanker #HWMonitor #ScreenConnect #Storm1175 #Medusa #NightSpire #BeastRansomware #Sinobi #EvilTokens #Graphalgo #ForestBlizzard #APT35 #DPRK #Handala #MOIS #OpenClaw #Marimo #Kubernetes #FortiGate

Daily Recap, International law enforcement identified over 20,000 cryptocurrency fraud victims, froze $12 million, traced $45 million in stolen crypto, and a related incident saw a $280 million theft tied to North Korea using fake companies and cutouts. They also highlight security concerns across multiple fronts—from LayerX warning about unmonitored AI browser extensions as an enterprise attack surface and Google’s Chrome 146 Device Bound Session Credentials to bind cookies to hardware to block session reuse by stealers like Atomic, Lumma, and Vidar; Webloc data used by law enforcement to track roughly 500 million devices; the GlassWorm campaign leveraging a Zig dropper against software supply chains, NotnullOSX Mac stealer, BlueHammer zero-day, and Iranian attacks on about 4,000 U.S. Rockwell/Allen-Bradley PLCs, with ongoing policy probes in the US and UK. #NorthKorea #GlassWorm #ZigDropper #NotnullOSX #BlueHammer #IranianAttacks #Rockwell #AllenBradley #DBSC #Webloc

Daily Recap, this edition surveys widespread vulnerabilities, malware campaigns, and geopolitical activity, including high‑severity RCEs, supply‑chain compromises, and credential‑theft campaigns like LucidRook and VENOM. It also highlights rapid exploitation windows, notable actors such as Forest Blizzard and Iran-linked groups, and evolving defenses from patching and zero‑trust to AI and browser‑security mitigations across platforms and industries. #LucidRook #VENOM #ForestBlizzard #IranICS #GulfRisks #ChipSoft #PayrollPirate #ThreatsDay #Lazarus #Kimsuky #Andariel #ChromeDBSC #AppleIntelligence #UAT10362