Daily Recap

Daily Recap, Anthropic expanded Project Glasswing (Mythos) access to 150 more organizations focused on critical infrastructure, while Meta AI was reportedly abused to hand over high-profile Instagram accounts in AI-assisted support flows. The roundup also covered a Red Hat npm supply-chain compromise tied to the Miasma campaign, active exploitation of Palo Alto Networks flaw CVE-2026-0257,… [Read More]

Daily Recap, Microsoft addressed an outage impacting MFA setup and the MySignIn service, and also fixed Windows security update installation issues tied to KB5089549, while a critical Windows Netlogon RCE flaw is being actively exploited and needs urgent patching. Elsewhere, attackers targeted a Linux kernel and a Palo Alto Networks vulnerability that had reportedly been… [Read More]

Cybersecurity Threat Research ‘Weekly’ Recap. The roundup covers supply-chain and developer tooling abuse (including malicious packages, RAT installers, and backdoored developer ecosystems) alongside ongoing phishing, AiTM, and social engineering campaigns targeting 2FA and payment data. It also highlights actively exploited vulnerabilities and long-running access via RATs, cloud/Kubernetes secret theft, blockchain-based C2, and increasing use of… [Read More]

Daily Recap, Critical PAN-OS GlobalProtect auth bypass CVE-2026-0257 is being exploited in the wild, while the ChatGPhish flaw shows how ChatGPT web summaries and shared links can be abused to deliver phishing and fake outage pages. Attackers are also chaining the Marimo CVE-2026-39987 exploit with an LLM agent for post-exploitation automation, as Charter Communications discloses… [Read More]

Daily Recap, Google Chrome rolled out session cookie theft protection for all users and shipped Chrome 148 with patches addressing 151 vulnerabilities to strengthen browser defenses. The day also covered ongoing breach litigation and threats using AI tools, plus malware and exploit activity across BTMOB, FortiClient EMS, Gogs, and Kimsuky. #GoogleChrome #Chrome148 #151Vulnerabilities #CookieGuard #23andMe… [Read More]

Daily Recap, Sentencing and breach headlines dominated today: a Romania-linked hacking case delivered a 5-year prison term to target Oregon government systems, while Carnival Cruise confirmed a data breach affecting nearly 6 million people; a separate sextortion conviction resulted in a 33-year sentence for targeting 145 children. On the threat side, Grandoreiro malware and the… [Read More]

Daily Recap, CISA ordered U.S. agencies to patch an actively exploited LiteSpeed cPanel plugin zero-day within 4 days, while Microsoft released a fix for a SharePoint RCE flaw and KnowledgeDeliver was exploited as a zero-day to deploy web shells. The FBI warned that Silent Ransom is using in-person tactics like operatives inserting USB drives to… [Read More]

Daily Recap, AI security and governance advancements stood out as AppOmni launched Marlin AI for autonomous SaaS security investigations and Varonis Atlas added the Claude Compliance API to strengthen AI governance and compliance controls. In threat and patching coverage, an Iranian APT targeted aviation and software firms with updated tools, CISA ordered federal agencies to… [Read More]

Daily Recap, Ghost CMS (CVE-2026-26980) flaws were actively exploited in a large-scale ClickFix campaign to compromise 700+ websites via malicious redirects and payload delivery, while the FBI warned that Kali365 is used to phish Microsoft 365 accounts. The recap also covered healthcare data breaches at the Oncology Institute and Radiology Associates of Richmond (266,000 affected),… [Read More]

Cybersecurity Threat Research ‘Weekly’ Recap. Attackers continued to exploit the software supply chain and developer ecosystems, including crypto-stealers like #TrapDoor and#Mini Shai-Hulud-style install payloads, typosquatted modules with DNS backdoors, and trojanized JDownloader deliverables that included the #r77 rootkit bot. The recap also covers AI- and SEO-lure campaigns impersonating #Gemini CLI and #Claude Code, newly disclosed… [Read More]

Daily Recap, Exploited vulnerabilities and zero-days dominated the news: LiteSpeed cPanel Plugin CVE-2026-48172 is abused for root access, Drupal core SQL injection issues are being actively exploited and added to CISA KEV, and Trend Micro warned that an Apex One zero-day is in use in the wild. Phishing activity also accelerated with the FBI flagging… [Read More]

Daily Recap, A wave of urgent patches hit Drupal, Ubiquiti (UniFi OS), Cisco, Microsoft Defender, TrendAI, and Apex One, including in-the-wild exploitation of a Drupal SQLi and an Apex One zero-day. In addition, Google accidentally exposed details of an unfixed Chromium issue, while botnet and malware reporting covered the alleged Kimwolf operation, Showboat Linux activity… [Read More]

Daily Recap, Cisco patched a critical Secure Workload flaw that could grant site admin privileges, while Microsoft addressed exploited Defender zero-days and mitigated the YellowKey BitLocker bypass; Drupal disclosed a highly critical core issue impacting PostgreSQL (RCE) and SonicWall cautioned that incomplete VPN MFA patching could enable bypasses. On the threat and supply-chain fronts, GitHub… [Read More]

Daily Recap, GitHub confirmed multiple internal repository compromises tied to a malicious VS Code extension, with claims of roughly 3,800–4,000 affected repositories and source code exposure impacting Grafana via a TanStack npm attack. The roundup also covered the Shai-Hulud npm supply-chain campaign targeting 600 packages (with Mini Shai-Hulud expanding further), plus Microsoft disruption of a… [Read More]

Daily Recap, Security experts say AI Bills of Materials (AI BOMs) could become practical by 2026 as organizations push for transparency and governance, while teams are warned that connecting AI to financial accounts and managing shadow AI can shift privacy and cyber-risk tradeoffs. On the threat side, developer tooling and ecosystems are under pressure from… [Read More]