Latest stories — Page 39

AI Agent Identities Are Redrawing Enterprise IAM Budgets
New Omdia research finds that the rapid spread of AI agent deployments is forcing organisations to treat non-human identities as a distinct governance category, with budget implications that traditional identity and access management frameworks were not designed to absorb.

Two Defender flaws under active exploitation, Microsoft confirms
A SYSTEM-level link-following bug and a denial-of-service issue in Microsoft Defender are both being abused in the wild.

The Boring Attacks Are Winning: Why Defenders Keep Losing to Trusted Tools
Leaked tokens, poisoned npm packages, and login replays are doing more damage than zero-days this quarter. Here is how to spot the pattern before it spots you.

Showboat: A Modular Linux Backdoor Quietly Camped in a Middle East Telco Since 2022
Lumen's Black Lotus Labs ties the SOCKS5-capable implant to a years-long intrusion at a regional carrier, with an in-memory loader and ELF payloads that sidestep most host telemetry.

Cisco's Secure Workload Earns a Perfect 10, in the Wrong Sense
An unauthenticated REST API flaw rated CVSS 10.0 lets remote attackers help themselves to sensitive data. Cisco has issued fixes.

CISA's KEV List Just Picked Up Langflow and Apex One — Both Already Being Hit
Two flaws, one AI workflow tool and one veteran endpoint suite, now carry a federal patch deadline because attackers got there first.

When the Hardware Isn't There: Coaxing Vulnerable Drivers Into Range
BYOVD research keeps colliding with a stubborn problem — many kernel drivers refuse to talk unless their device is plugged in. New work shows how to make them talk anyway.

Justice Department Charges Ottawa Man With Operating Kimwolf DDoS Botnet
Federal prosecutors say Jacob Butler, 23, developed and rented out a variant of the AISURU botnet for paid denial-of-service attacks.

Megalodon Campaign Plants Malicious Workflows in 5,561 GitHub Repos in Six Hours
Throwaway accounts pushed 5,718 commits forging build-bot identities to exfiltrate CI/CD secrets, researchers said.

CERT-UA Attributes Prometheus-Themed Phishing Run Against Ukrainian Government to Ghostwriter (UAC-0057)
Compromised mailboxes deliver lures impersonating a Ukrainian e-learning platform, with the Belarus-aligned operator tracked as UNC1151 named as the responsible cluster.

Operation Saffron Yanks the Plug on First VPN, the Getaway Car of at Least 25 Ransomware Crews
French and Dutch police led the takedown of a bulletproof VPN service that prosecutors say routed traffic for Conti, LockBit affiliates, and roughly two dozen other ransomware brands.

CISA Flags Exploited Drupal SQL Injection Flaw. Drupal Won't Say Who Got Hit.
CVE-2026-9082 is in the Known Exploited Vulnerabilities catalog. The advisory mentions active exploitation. It does not mention victims, telemetry, or how anyone found out.

LiteSpeed cPanel Plugin Flaw Hands Root to Any Logged-In User, and the Vendor Won't Say How Many Hosts Are Hit
CVE-2026-48172 carries a CVSS of 10.0, is already being exploited, and LiteSpeed has not answered three questions about exploitation telemetry.

Laravel-Lang Packages Hijacked to Push a Cross-Platform Credential Stealer
Four popular Laravel-Lang packages were tagged with malicious releases that drop a credential-harvesting framework on Windows, macOS, and Linux.

Anthropic Says Project Glasswing AI Has Flagged 10,000 High-Severity Bugs in a Month
The Claude-based scanner has been pointed at widely deployed open-source code since October. Anthropic has not named the affected projects.

Eight Packagist Projects Hijacked to Pull Linux Payload From GitHub Releases
The injected code lived in package.json, not composer.json, and targeted JavaScript-shipping Composer projects.

TrapDoor Campaign Plants Credential Stealers Across npm, PyPI, and Crates.io
A coordinated operation seeded 34+ malicious packages across three registries since May 2026. If you ship code, this one is sitting in your dependency tree right now.

GRU Operators Drained Microsoft 365 Tokens by Rewriting DNS on 18,000 SOHO Routers
Forest Blizzard shifted from targeted router malware to mass DNS hijacking after a UK advisory in August, intercepting OAuth tokens on Outlook on the web.

Hard-coded ASP.NET machine keys in KnowledgeDeliver LMS abused to drop Godzilla, then Cobalt Strike
CVE-2026-5426 let attackers forge ViewState payloads against a Japanese LMS used across universities and corporate training portals. The bug was a zero-day before Digital Knowledge shipped a fix.

April Patch Tuesday Lands With 167 Microsoft Fixes, SharePoint Zero-Day Under Attack
BlueHammer Defender bug goes public, Adobe Reader flaw exploited since November, and Chrome ships its fourth zero-day of the year.

The Boy Who Topped the Leaderboard: How 'Tylerb' Became a Cooperating Witness
Tyler Buchanan, the Scottish core of Scattered Spider's 2022 phishing spree, pleaded guilty in U.S. federal court. His path there ran through a blowtorch, a Barcelona departure gate, and a Telegram scoreboard.