The Packagist supply chain attack infected malicious PHP packages with Linux malware capable of remote code execution, CI/CD compromise, credential theft, and downstream software supply chain propagation.

The Drupal core SQL injection vulnerability CVE 2026 9082 is being actively exploited against PostgreSQL backed Drupal sites, exposing organizations to remote code execution and database compromise risks.

The Cloud Atlas APT group modifies termsrv.dll to enable hidden concurrent RDP sessions, allowing stealth persistence, credential theft, and enterprise lateral movement across compromised environments.

The latest BIND 9 vulnerabilities expose DNS servers to remote denial of service attacks capable of crashing recursive resolvers and disrupting critical internet infrastructure worldwide.

The FortiClient code execution vulnerability CVE 2026 35616 allows unauthenticated attackers to compromise exposed EMS infrastructure through crafted requests, potentially leading to full enterprise endpoint management compromise.

The VS Code Remote SSH RCE vulnerability allows attackers to execute malicious code on developer workstations through compromised remote environments, exposing cloud infrastructure, source code repositories, and DevSecOps pipelines to supply chain compromise risks.

GREYVIBE hackers are using ChatGPT and Google Gemini to develop malware and generate phishing content in active cyberattacks targeting Ukraine. This AI-powered campaign signals a dangerous new phase in threat actor capability that every security team needs to understand and prepare for.

Famous Chollima, the North Korean state-sponsored threat group, has hidden malware inside a legitimate Packagist PHP package, targeting developers through fake job interviews and coding tasks. The Famous Chollima Packagist PHP supply chain attack uses blockchain-based command-and-control infrastructure to evade detection and steal cloud credentials, SSH keys, and CI/CD secrets from compromised developer machines.

GammaWorm malware is an active Gamaredon APT campaign hiding fileless worm modules in Windows NTFS Alternate Data Streams and using Telegram and Cloudflare as dead drop C2 resolvers. Security teams must patch CVE-2025-8088 immediately and deploy behavioral endpoint detection to counter this ongoing threat.

The Red Hat supply chain compromise infected npm packages with the Miasma worm, stealing developer credentials, cloud secrets, CI/CD tokens, and propagating malware.

AI Active Directory attacks are now confirmed operational, with Sophos uncovering a live ransomware-linked framework that uses AI agents to automate AD enumeration and iteratively test EDR evasion against Sophos, CrowdStrike, and Microsoft Defender. Security teams must harden Active Directory, deploy behavioral EDR, and enforce Zero Trust controls immediately.

The Cisco SD-WAN vulnerability CVE-2026-20182 carries a CVSS 10.0 score and is being actively exploited by UAT-8616 to gain full admin access to enterprise SD-WAN infrastructure with zero credentials required. Patch immediately, audit for compromise, and restrict management access now.