Latest stories — Page 39

Identity & Access

AI Agent Identities Are Redrawing Enterprise IAM Budgets

New Omdia research finds that the rapid spread of AI agent deployments is forcing organisations to treat non-human identities as a distinct governance category, with budget implications that traditional identity and access management frameworks were not designed to absorb.

3 min
Vulnerabilities

Two Defender flaws under active exploitation, Microsoft confirms

A SYSTEM-level link-following bug and a denial-of-service issue in Microsoft Defender are both being abused in the wild.

2 min
Threat Intelligence

The Boring Attacks Are Winning: Why Defenders Keep Losing to Trusted Tools

Leaked tokens, poisoned npm packages, and login replays are doing more damage than zero-days this quarter. Here is how to spot the pattern before it spots you.

3 min
Threat Intelligence

Showboat: A Modular Linux Backdoor Quietly Camped in a Middle East Telco Since 2022

Lumen's Black Lotus Labs ties the SOCKS5-capable implant to a years-long intrusion at a regional carrier, with an in-memory loader and ELF payloads that sidestep most host telemetry.

2 min
Vulnerabilities

Cisco's Secure Workload Earns a Perfect 10, in the Wrong Sense

An unauthenticated REST API flaw rated CVSS 10.0 lets remote attackers help themselves to sensitive data. Cisco has issued fixes.

2 min
Vulnerabilities

CISA's KEV List Just Picked Up Langflow and Apex One — Both Already Being Hit

Two flaws, one AI workflow tool and one veteran endpoint suite, now carry a federal patch deadline because attackers got there first.

2 min
Vulnerabilities

When the Hardware Isn't There: Coaxing Vulnerable Drivers Into Range

BYOVD research keeps colliding with a stubborn problem — many kernel drivers refuse to talk unless their device is plugged in. New work shows how to make them talk anyway.

2 min
Policy & Regulation

Justice Department Charges Ottawa Man With Operating Kimwolf DDoS Botnet

Federal prosecutors say Jacob Butler, 23, developed and rented out a variant of the AISURU botnet for paid denial-of-service attacks.

2 min
Threat Intelligence

Megalodon Campaign Plants Malicious Workflows in 5,561 GitHub Repos in Six Hours

Throwaway accounts pushed 5,718 commits forging build-bot identities to exfiltrate CI/CD secrets, researchers said.

2 min
Threat Intelligence

CERT-UA Attributes Prometheus-Themed Phishing Run Against Ukrainian Government to Ghostwriter (UAC-0057)

Compromised mailboxes deliver lures impersonating a Ukrainian e-learning platform, with the Belarus-aligned operator tracked as UNC1151 named as the responsible cluster.

2 min
Ransomware

Operation Saffron Yanks the Plug on First VPN, the Getaway Car of at Least 25 Ransomware Crews

French and Dutch police led the takedown of a bulletproof VPN service that prosecutors say routed traffic for Conti, LockBit affiliates, and roughly two dozen other ransomware brands.

2 min
Vulnerabilities

CISA Flags Exploited Drupal SQL Injection Flaw. Drupal Won't Say Who Got Hit.

CVE-2026-9082 is in the Known Exploited Vulnerabilities catalog. The advisory mentions active exploitation. It does not mention victims, telemetry, or how anyone found out.

2 min
Vulnerabilities

LiteSpeed cPanel Plugin Flaw Hands Root to Any Logged-In User, and the Vendor Won't Say How Many Hosts Are Hit

CVE-2026-48172 carries a CVSS of 10.0, is already being exploited, and LiteSpeed has not answered three questions about exploitation telemetry.

2 min
Threat Intelligence

Laravel-Lang Packages Hijacked to Push a Cross-Platform Credential Stealer

Four popular Laravel-Lang packages were tagged with malicious releases that drop a credential-harvesting framework on Windows, macOS, and Linux.

3 min
AI Security

Anthropic Says Project Glasswing AI Has Flagged 10,000 High-Severity Bugs in a Month

The Claude-based scanner has been pointed at widely deployed open-source code since October. Anthropic has not named the affected projects.

2 min
Threat Intelligence

Eight Packagist Projects Hijacked to Pull Linux Payload From GitHub Releases

The injected code lived in package.json, not composer.json, and targeted JavaScript-shipping Composer projects.

2 min
Threat Intelligence

TrapDoor Campaign Plants Credential Stealers Across npm, PyPI, and Crates.io

A coordinated operation seeded 34+ malicious packages across three registries since May 2026. If you ship code, this one is sitting in your dependency tree right now.

3 min
Threat Intelligence

GRU Operators Drained Microsoft 365 Tokens by Rewriting DNS on 18,000 SOHO Routers

Forest Blizzard shifted from targeted router malware to mass DNS hijacking after a UK advisory in August, intercepting OAuth tokens on Outlook on the web.

3 min
Vulnerabilities

Hard-coded ASP.NET machine keys in KnowledgeDeliver LMS abused to drop Godzilla, then Cobalt Strike

CVE-2026-5426 let attackers forge ViewState payloads against a Japanese LMS used across universities and corporate training portals. The bug was a zero-day before Digital Knowledge shipped a fix.

2 min
Vulnerabilities

April Patch Tuesday Lands With 167 Microsoft Fixes, SharePoint Zero-Day Under Attack

BlueHammer Defender bug goes public, Adobe Reader flaw exploited since November, and Chrome ships its fourth zero-day of the year.

2 min
Threat Intelligence

The Boy Who Topped the Leaderboard: How 'Tylerb' Became a Cooperating Witness

Tyler Buchanan, the Scottish core of Scattered Spider's 2022 phishing spree, pleaded guilty in U.S. federal court. His path there ran through a blowtorch, a Barcelona departure gate, and a Telegram scoreboard.

3 min
© 2026 Threat Vectr