Category: Daily Recap

Daily Recap, Microsoft rolled back a newly introduced virtual account after it intermittently blocked access to cloud-based Exchange Online via Outlook Mobile and the new Outlook for Mac, and published an optional out-of-band KB5085516 emergency update to fix Microsoft account sign-in failures caused by KB5079473 affecting Windows 11 apps (Teams, OneDrive) with a restart workaround. The patching and threat activity also covers QNAP CVEs 62843–62846 and Oracle CVE-2026-21992 (CVSS 9.8), with CVE-2025-32975 impacting Quest KACE SMA, plus FBI warnings about Handala using Telegram and Russian Intelligence phishing via Signal, new DarkSword iOS flaws, a Trivy supply-chain compromise with CanisterWorm and TeamPCP, and Tycoon 2FA phishing.
#Handala #Telegram #RussianIntelligence #Signal #DarkSword #KACE #SMA #Trivy #CanisterWorm #TeamPCP #Tycoon2FA #AWSBedrock #NIST80081r3 #OperationAlice #AlexanderPaulTravis #NKITWorkers

Cybersecurity Threat Research ‘Weekly’ Recap: this overview surveys vulnerabilities, supply-chain and developer-tooling abuse, phishing and malware campaigns across Langflow (CVE-2026-33017), CanisterWorm, CursorJack, SnappyClient, Vidar Stealer, AsyncRAT, GhostMail, Boggy Serpens, DieNet and Konni, with notable operational exposures such as Myclaw360 TLS key and Larva26002. Cybersecurity Threat Research ‘Weekly’ Recap: it also highlights evolving trends in AI-assisted threats, container security with Defend for Containers (D4C) guidance and TeamPCP container attack scenarios, plus CI/CD risk from Trivy action hijacking and related supply-chain abuses. #Langflow #CVE-2026-33017 #CanisterWorm #CursorJack #SnappyClient #VidarStealer #AsyncRAT #GhostMail #BoggySerpens #DieNet #Konni #Myclaw360 #Larva26002 #DefendForContainers #TeamPCP #TrivyAction #Kubernetes

Daily Recap, The FBI and allied agencies warn that Russian intelligence-linked actors are conducting mass phishing campaigns targeting Signal and WhatsApp, hijacking accounts via verification-code requests and malicious QR/links, compromising thousands of high-value targets. The report also details a supply-chain attack involving the CanisterWorm that infected npm packages and breached Trivy GitHub Actions, with ties to TeamPCP and hackerbot-claw, alongside enforcement actions such as Operation Alice and the Handala takedown. #CanisterWorm #OperationAlice

Daily Recap, Iran-linked Handala resurged with a new domain after U.S. seizures, with authorities tying the actor to MOIS and investigators linking destructive Stryker wipes to the campaign as CISA/FBI warned about hardening Microsoft Intune. In the nation-state and supply-chain space, APT28 exploited a high-severity Zimbra CVE-2025-66376 against Ukrainian government mail, Lazarus/Bluenoroff suspected in Bitrefill, Speagle hijacked Cobra DocGuard to exfiltrate data, and Interlock ransomware abused a Cisco zero-day CVE-2026-20131.
#Handala #MOIS #Stryker #Intune #APT28 #Lazarus #Bluenoroff #Speagle #CobraDocGuard #Interlock #Zimbra #Cisco

Daily Recap, active exploits include Microsoft SharePoint deserialization RCE (CVE-2026-20963) being exploited in the wild against unpatched SharePoint Server 2016/2019/Subscription, and Interlock ransomware leveraging a Cisco Secure FMC zero-day (CVE-2026-20131) before patching. It also notes CISA directives to patch Zimbra XSS (CVE-2025-66376) and patches across WebKit (CVE-2026-20643) and UniFi (CVE-2026-22557), ongoing Marquis and Aura breaches, and policy moves involving China, DPRK, and Volt Typhoon. #SharePointFlaw #InterlockRansomware #CiscoFMC #ZimbraXSS #WebKitPatch #UniFiFlaw #TelnetdRCE #ScreenConnectPatch #MarquisBreach #AuraBreach #DarkSwordKit #PerseusMalware #Stryker #Handala #China #DPRK #VoltTyphoon

Daily Recap, this edition surveys a spectrum of state-backed espionage, supply-chain threats, and incidents, noting CL-STA-1087’s long-running campaign against Southeast Asian militaries using AppleChris, MemFun, Getpass and UTC+8 patterns, the PlugX backdoor campaign in the Middle East, and Handala Hack linked Void Manticore’s AI-assisted wiping and related operations. It also highlights GlassWorm’s Open VSX campaign, Betterleaks’ secrets-scanner release, Payload Ransomware’s Bahrain Hospital breach, and policy shifts around the EU AI Act and Android 17 security enhancements.
#CLSTA1087 #AppleChris #MemFun #Getpass #PlugX #HandalaHack #VoidManticore #UNC2814 #RoyalBahrainHospital #PayloadRansomware #GlassWorm #Betterleaks #EUAIAct #Android17 #PolandNuclearResearchCenter

Cybersecurity Threat Research ‘Weekly’ Recap: A concise survey of ransomware, APT/espionage campaigns, infostealers, supply-chain threats, and defensive tooling trends observed across multiple sectors this week. Key items include GreenBlood ransomware, Handala wipers, INC Ransom, Black Basta, Operation CamelClone and CL-STA-1087 espionage campaigns, PeckBirdy and MuddyWater/Tsundere, Iran MOIS activities and Proofpoint’s Iran-Conflict surge, alongside defensive updates from Elastic + Terraform, Copilot Studio logging gaps, and AI-assisted BAS workflows.
#GreenBlood #OperationCamelClone

Daily Recap, threat activity spans Storm-2561’s SEO-poisoning with fake VPN installers delivering Hyrax infostealer and other signed trojans, alongside AppsFlyer Web SDK crypto-stealer components and espionage-linked AppleChris and MemFun campaigns targeting Southeast Asian militaries. The coverage also notes major actions such as ALPHV/BlackCat negotiations, INTERPOL dismantling 45,000 malicious IPs, a Pyypl-linked laundering disruption, and regulatory moves like New York’s water cybersecurity rules and the AI Nudification ban discussions, plus platform issues (HPE AOS-CX CVE-2026-23813, Samsung Windows 11 C: drive access, and Outlook bugs). #Storm-2561 #Hyrax #AppsFlyer #AppleChris #MemFun #ALPHV #BlackCat #INTERPOL #Pyypl #Slopoly #ShinyHunters #Iran #APT44 #Starbucks #HPE #AOS-CX #CVE-2026-23813 #Samsung #Windows11 #Outlook #NewYork #VoltTyphoon #AINudificationBan #InstagramE2EE

Daily Recap, global law enforcement actions dominated the week, with Interpol’s Synergia III sinkholing 45,000 IPs, seizing servers and 94 arrests across 72 countries, the FBI adding an alleged leader of an ATM jackpotting ring to its Ten Most Wanted list, and authorities disrupting the SocksEscort proxy network. In malware and breaches, Hive0163 was tied to the AI-assisted PowerShell backdoor Slopoly used with NodeSnake and Interlock ransomware, VENON targeted 33 Brazilian banks, and major incidents affected Starbucks, Loblaw, Telus Digital, and England Hockey, while patches from Google, Apple and Veeam mitigated critical flaws. #SynergiaIII #SocksEscort #ATMJackpotting #Hive0163 #Slopoly #VENON #Starbucks #Loblaw #Telus #EnglandHockey #Coruna #AiLock

Daily Recap, unauthenticated SQL injection in the Ally Elementor plugin exposed over 200,000–250,000 WordPress sites and remains widely unpatched. The roundup also highlights actively exploited n8n RCE flaws prompting CISA actions and federal patch orders, along with the Stryker wiper incident, the Bell Ambulance breach, ShinyHunters’ Salesforce data exfiltration, and related regional, mobile, supply-chain, and policy developments.
#AllyElementor #AllySQLi #n8n #StrykerWiper #BellAmbulance #ShinyHunters #QatarBackdoor #AlbaniaEmail #BeatBanker #AppleCoruna #MediaTekTEE #DPRKSupplyChain #PhantomRavenNPM #WizAcquisition #RuddConfirmed #MetaCrackdown #WhatsAppKids #AadhaarBounty #IndiaAISafety #CometPhish

Daily Recap, Microsoft released March Patch Tuesday addressing 79–84 vulnerabilities including two zero-days (CVE-2026-26127, CVE-2026-21262) across SQL Server, .NET, Office, Azure and Windows with hotpatch options. The coverage also highlights active attacks and supply-chain events such as the Medusa-linked Bell Ambulance breach, UNC6426’s QUIETVAULT deployment and other campaigns, KadNap botnet activity on ASUS devices, BeatBanker on Android, and the Zombie ZIP technique. #Medusa #BellAmbulance #UNC6426 #QUIETVAULT #KadNap #BeatBanker #ZombieZIP #IranInstagram

Daily Recap, CISA added multiple high-severity flaws to the Known Exploited Vulnerabilities catalog, warning that the Ivanti EPM CVE-2026-1603 is actively exploited with over 700 internet-facing instances and federal patching deadlines. The report also notes a critical Nginx UI flaw CVE-2026-27944 fixed in 2.3.3, and coverage of APT campaigns and loader trends including PlugX against Qatar, UAT9244 implants such as PeerTime, TernDoor and BruteEntry, Seedworm and Dust Specter campaigns, UNC4899 breach, and malware like GhostLoader, ClipXDaemon, A0Backdoor, and LummaStealer. #IvantiEPM #CVE-2026-1603 #NginxUI #CVE-2026-27944 #PlugX #UAT9244 #PeerTime #TernDoor #BruteEntry #Seedworm #DustSpecter #Dindoor #UNC4899 #GhostLoader #ClipXDaemon #A0Backdoor #LummaStealer #SalesforceAura #EricssonBreach #React2Shell

Daily Recap, Microsoft is rolling out preview builds to Beta/Dev Insiders to fix bright white flashes in File Explorer on Windows 11 and provide patches (KB5079382, KB5079385) alongside KB5070311 and PowerShell workarounds for Explorer crashes. The update also highlights a critical unauthenticated Nginx UI flaw (CVE-2026-27944, CVSS 9.8) that can expose server backups and AES-256 keys via the X-Backup-Security header, plus notes on .arpa abuse by threat actors using Cloudflare and Hurricane Electric, and PSD2-guided phishing refunds, with the latest threat research weekly roundup dated 08 Mar 2026. #Windows11 #FileExplorer #NginxUI #arpa #Cloudflare #HurricaneElectric #PSD2

Cybersecurity Threat Research ‘Weekly’ Recap highlights a widespread mix of opportunistic campaigns, AI-enabled tradecraft, and nation-state activity across ICS/OT, mobile, and software supply chains, with notable tools and actors such as LOTUSLITE, StealC, Coruna, TaxiSpy, VioletRAT, Agent Tesla and APT41. The roundup also covers phishing, AiTM and OAuth abuse, developer-supply-chain compromises, crypto-theft schemes, rootkits, disinformation infrastructure, and practical hardening guidance to defend identity, backups, OT segmentation, and cloud/mobile environments.

Daily Recap, several high-profile vulnerabilities were disclosed, including a WordPress membership plugin flaw that can create unauthorized administrator accounts and iOS vulnerabilities exploited by the Coruna exploit kit, used by UNC6353 and UNC6691 to enable remote code execution, kernel privilege escalation, and crypto theft. The coverage also highlights APT36’s Vibeware campaign against Indian government networks, InstallFix infostealers, a self-propagating Wikipedia JavaScript worm, the TriZetto Provider Solutions breach affecting millions, and Microsoft 365 Backup’s upcoming file- and folder-level restore feature.
#Coruna #UNC6353 #UNC6691 #APT36 #Vibeware #InstallFix #WikipediaWorm #TriZettoProviderSolutions #Microsoft365Backup #SharePoint #OneDrive