The Cloud Atlas APT group modifies termsrv.dll to enable hidden concurrent RDP sessions, allowing stealth persistence, credential theft, and enterprise lateral movement across compromised environments.

The latest BIND 9 vulnerabilities expose DNS servers to remote denial of service attacks capable of crashing recursive resolvers and disrupting critical internet infrastructure worldwide.

The FortiClient code execution vulnerability CVE 2026 35616 allows unauthenticated attackers to compromise exposed EMS infrastructure through crafted requests, potentially leading to full enterprise endpoint management compromise.

The VS Code Remote SSH RCE vulnerability allows attackers to execute malicious code on developer workstations through compromised remote environments, exposing cloud infrastructure, source code repositories, and DevSecOps pipelines to supply chain compromise risks.

GREYVIBE hackers are using ChatGPT and Google Gemini to develop malware and generate phishing content in active cyberattacks targeting Ukraine. This AI-powered campaign signals a dangerous new phase in threat actor capability that every security team needs to understand and prepare for.

Famous Chollima, the North Korean state-sponsored threat group, has hidden malware inside a legitimate Packagist PHP package, targeting developers through fake job interviews and coding tasks. The Famous Chollima Packagist PHP supply chain attack uses blockchain-based command-and-control infrastructure to evade detection and steal cloud credentials, SSH keys, and CI/CD secrets from compromised developer machines.

GammaWorm malware is an active Gamaredon APT campaign hiding fileless worm modules in Windows NTFS Alternate Data Streams and using Telegram and Cloudflare as dead drop C2 resolvers. Security teams must patch CVE-2025-8088 immediately and deploy behavioral endpoint detection to counter this ongoing threat.

The Red Hat supply chain compromise infected npm packages with the Miasma worm, stealing developer credentials, cloud secrets, CI/CD tokens, and propagating malware.

AI Active Directory attacks are now confirmed operational, with Sophos uncovering a live ransomware-linked framework that uses AI agents to automate AD enumeration and iteratively test EDR evasion against Sophos, CrowdStrike, and Microsoft Defender. Security teams must harden Active Directory, deploy behavioral EDR, and enforce Zero Trust controls immediately.

The Cisco SD-WAN vulnerability CVE-2026-20182 carries a CVSS 10.0 score and is being actively exploited by UAT-8616 to gain full admin access to enterprise SD-WAN infrastructure with zero credentials required. Patch immediately, audit for compromise, and restrict management access now.

The Hugging Face RCE vulnerability CVE-2026-4372 silently exposed 2.2 billion Transformers installs to remote code execution for six months by bypassing the trust_remote_code=False safety control through a poisoned AI model config. Patch to version 5.3.0 immediately and audit your ML environments for compromise.

The Redis RCE vulnerability DarkReplica CVE-2026-23631 lets authenticated attackers gain full host control via Lua use-after-free during replication. One of five Redis RCE flaws patched May 5, 2026. Patch to fixed releases and audit for compromise immediately.