Alerts
CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities catalog on Monday, setting aggressive federal patching deadlines after confirming active exploitation across a range of enterprise products. Three of the flaws target Cisco Catalyst SD-WAN Manager, while the remaining five affect Quest KACE, PaperCut, JetBrains TeamCity, Kentico Xperience,
Breaches
Angelo Martino, a 41-year-old former ransomware negotiator at cybersecurity incident response firm DigitalMint, has pleaded guilty to targeting U.S. companies with BlackCat (ALPHV) ransomware while simultaneously working as a negotiator supposedly helping victims resolve attacks. Martino is the third defendant to plead guilty in a case that
Breaches
Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, has pleaded guilty in a California federal court to conspiracy to commit wire fraud and aggravated identity theft for his role in a hacking operation that breached at least twelve companies and stole $8 million in cryptocurrency from individual victims
Threats
CyberProof researchers have uncovered a campaign by Iranian APT group Seedworm that uses Microsoft Teams as an initial access vector, deploying a custom backdoor called Dindoor through social engineering that impersonates IT support personnel. The campaign emerged in early March 2026, coinciding with a surge in Iranian-linked cyber activity
Breaches
A threat actor has breached Vercel's developer infrastructure through an identity supply chain attack that bypassed multi-factor authentication entirely — without stealing a single credential. The compromise, disclosed in April 2026, exploited a breached third-party OAuth integration to inherit valid Google Workspace sessions belonging to Vercel developers,
Threats
A security researcher has released DSCourier, a proof-of-concept tool that abuses the WinGet Configuration COM API to apply arbitrary Desired State Configuration (DSC) configurations through Microsoft-signed binaries — a technique that has been demonstrated bypassing three of the most widely deployed enterprise EDR platforms: CrowdStrike Falcon, Microsoft Defender
Breaches
Attackers have drained approximately $290 million from KelpDAO in one of the largest DeFi exploits of 2026, targeting the protocol's rsETH liquid restaking configuration through a sophisticated infrastructure-level attack that bypassed verification controls without compromising private keys or exploiting a direct protocol flaw. The attack targeted the
Threats
Google has formally attributed the Axios npm supply chain attack to UNC1069, a North Korean threat cluster tracked by Mandiant and Google's Threat Intelligence Group since 2018. The attribution, confirmed by GTIG chief analyst John Hultquist, links the compromise of the JavaScript ecosystem's most popular HTTP
Alerts
CISA has issued an emergency patching directive for a critical Citrix NetScaler vulnerability that is already being exploited in the wild to hijack administrator sessions on exposed appliances. The agency added CVE-2026-3055 to its Known Exploited Vulnerabilities catalog on Monday and ordered all Federal Civilian Executive Branch agencies
Threats
A coordinated supply chain attack targeting the Axios npm package has delivered a cross-platform remote access trojan to developer workstations and CI/CD environments worldwide, after an attacker hijacked the lead maintainer's npm credentials and published two backdoored releases to the official registry. The attack, executed in
Breaches
The US Department of Justice has announced the extradition and first court appearance of Hambardzum Minasyan, an Armenian national accused of serving as an administrator of the RedLine infostealer malware operation. Minasyan appeared in a Texas court on Wednesday facing charges that carry up to 20 years in prison. According
Threats
Kaspersky's GReAT team has established a direct code-level link between the Coruna iOS exploit kit and Operation Triangulation, the sophisticated espionage campaign that targeted iOS devices in 2023. The connection goes beyond shared vulnerabilities — the kernel exploits in both toolchains were created by the same author using