ThreatsDay Bulletin: OAuth Trap, EDR Killer and More The ThreatsDay bulletin pulled together a range of notable developments, including OAuth token theft, Signal and WhatsApp account hijacking, Zombie ZIP archive evasion, cloud weaknesses, malware delivered through Microsoft Teams, AI-platform compromise and botnet activity. One highlighted technique, Zombie ZIP (CVE-2026-0866), uses malformed ZIP headers to evade […]
If your backups are vulnerable, things get awkward quickly Veeam released fixes for seven critical vulnerabilities in Backup & Replication, including several remote code execution flaws with CVSS scores as high as 9.9. The issues affect version 12 builds prior to 12.3.2.4465, with additional fixes included in version 13.0.1.2067. Some bugs allow authenticated domain users […]
Fake VPNs: because regular phishing apparently wasn’t enough Microsoft detailed a campaign by Storm-2561 that used SEO poisoning and fake software sites to push trojanised VPN clients. Victims searching for legitimate enterprise VPN tools were redirected to malicious ZIP files and MSI installers, in some cases hosted via GitHub, that masqueraded as trusted products. The […]
GlassWorm Supply-Chain Attack Abuses Open VSX Extensions A new phase of the GlassWorm campaign abused 72 malicious Open VSX extensions and affected 151 GitHub repositories, targeting developers through software supply-chain channels. Researchers said the attackers escalated their tactics by abusing extensionPack and extensionDependencies, allowing seemingly harmless extensions to later pull in malicious ones after trust […]
ClickFix Campaigns Spread MacSync on macOS Researchers found three ClickFix campaigns pushing a macOS infostealer called MacSync via fake AI and developer tool installers. Rather than exploiting a software flaw, the attacks rely on users copying and running malicious Terminal commands from convincing setup pages hosted on legitimate platforms such as Cloudflare Pages, Squarespace, and […]
Apple Fixes Exploited Zero-Day Affecting iOS, macOS and More Apple has released security updates to address an actively exploited zero-day vulnerability, tracked as CVE-2026-20700, affecting iOS, iPadOS, macOS, tvOS, watchOS and visionOS. The flaw exists within Apple’s Dynamic Link Editor (dyld), a core system component responsible for loading libraries. Successful exploitation could allow arbitrary code […]
BeyondTrust Vulnerability Exploited — Remote Access Tools in the Crosshairs Security researchers have identified active exploitation of a critical vulnerability affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) solutions. The flaw, rated CVSS 9.9, allows unauthenticated remote code execution via specially crafted requests. Attackers have been observed extracting session values and establishing WebSocket […]
Microsoft Warns of DNS-Based ClickFix Attack Using Nslookup Microsoft has disclosed a new variant of the ClickFix social engineering attack that abuses DNS and the Windows nslookup utility to deliver malware. Instead of relying on traditional web downloads, attackers trick victims into running DNS queries that retrieve encoded malicious payloads. The technique allows threat actors […]
New Chrome Zero-Day (CVE-2026-2441) Under Active Exploitation Google has released an emergency security update to address CVE-2026-2441, a high-severity zero-day vulnerability in Chrome that is being actively exploited in the wild. The flaw stems from a use-after-free bug in the browser’s CSS engine, which can allow attackers to execute arbitrary code by tricking users into […]
