Executive Summary A sophisticated cyberattack campaign has recently been identified in which public artifacts generated by Anthropic’s Claude LLM are abused to distribute Mac infostealer malware through the ClickFix attack chain. This campaign leverages malicious Google Ads and SEO poisoning to target macOS users seeking technical solutions, redirecting them to weaponized Claude artifacts or impersonated support articles. Unsuspecting users are tricked into executing malici

Executive Summary A new wave of highly targeted cyberattacks is exploiting the trust inherent in the software development hiring process. Threat actors, most notably the Lazarus Group (also known as APT38 ), are impersonating legitimate job recruiters and luring developers with enticing job offers. As part of the supposed interview process, these attackers deliver coding challenges that, when executed, surreptitiously install sophisticated malware on the victim’s system. Thi

Executive Summary Google’s Threat Analysis Group (TAG) has recently attributed a series of highly targeted cyberattacks against Ukrainian organizations to a suspected Russian state-aligned threat actor. These attacks are characterized by the deployment of a novel malware family, CANFAIL , which is delivered through advanced phishing campaigns leveraging social engineering and cloud-based delivery mechanisms. The primary targets include Ukrainian defense, government, energy, a

Executive Summary The latest release of Google Chrome 145 (versions 145.0.7632.45/46) addresses a total of 11 security vulnerabilities, including three classified as high-severity. These vulnerabilities, if left unpatched, could enable remote code execution, privilege escalation, or significant information disclosure. Notably, two of the high-severity issues were discovered internally by Google , underscoring the vendor’s commitment to proactive security research. As of this

Executive Summary The recent disclosure by Google 's Threat Intelligence Group (GTIG) highlights a significant escalation in the adversarial misuse of the Gemini AI platform by advanced persistent threat (APT) actors and information operations (IO) groups. These threat actors, including state-sponsored groups from Iran, China, North Korea, and Russia, are leveraging Gemini AI to facilitate every phase of the cyberattack lifecycle. While Google has implemented robust safety

Executive Summary In February 2026, over 60 leading software vendors, including Microsoft , SAP , Intel , and Adobe , issued critical security updates addressing a broad spectrum of vulnerabilities across operating systems, cloud services, and network platforms. This unprecedented, coordinated patch release cycle targets both newly discovered and actively exploited zero-day vulnerabilities, with several flaws already leveraged by advanced persistent threat (APT) groups for in

Executive Summary The emergence of the Reynolds ransomware family marks a significant escalation in adversarial tradecraft, leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique to systematically neutralize Endpoint Detection and Response ( EDR ) security tools. By embedding a vulnerable kernel-mode driver directly within its payload, Reynolds achieves a high degree of stealth and operational efficiency, enabling the ransomware to disable security controls and

Executive Summary The North Korea-linked threat actor UNC1069 has escalated its offensive operations against cryptocurrency organizations by integrating advanced artificial intelligence (AI) lures and multi-stage malware into its attack arsenal. Recent campaigns have demonstrated the use of AI-generated deepfake videos, sophisticated social engineering, and a modular malware framework targeting both Windows and macOS environments. The primary objective of these attacks is th

Executive Summary The Shields Up initiative, spearheaded by the Cybersecurity and Infrastructure Security Agency (CISA) , marks a pivotal shift in how organizations approach cybersecurity. As the threat landscape evolves with the proliferation of generative AI , cloud-native security platforms, and increasingly complex supply chains, both public and private sectors are urged to adopt advanced technologies and best practices. This report explores the technical and practical as

Executive Summary A critical pre-authentication remote code execution (RCE) vulnerability, CVE-2024-12356 [VERIFIED - NVD], has been identified and patched in BeyondTrust 's flagship products: Privileged Remote Access (PRA) and Remote Support (RS) [VERIFIED - NVD]. This vulnerability enables unauthenticated attackers to execute arbitrary operating system commands as the site user, potentially resulting in full system compromise, data exfiltration, and lateral movement with

Executive Summary A sophisticated cyber espionage campaign attributed to the China-linked threat group UNC3886 has targeted Singapore’s telecommunications sector, specifically impacting major providers such as M1 , SIMBA Telecom , Singtel , and StarHub . This campaign, which persisted undetected for nearly a year, leveraged multiple zero-day vulnerabilities in Fortinet and VMware products, advanced Linux rootkits, and credential harvesting techniques to gain and maintain a

Executive Summary The exploitation of SolarWinds Web Help Desk (WHD) for unauthenticated remote code execution (RCE) in multi-stage attacks represents a critical threat to organizations with internet-exposed WHD servers. Multiple vulnerabilities, including CVE-2024-23476 , CVE-2024-23477 , and related deserialization and authentication bypass flaws, have been weaponized by threat actors to gain initial access, establish persistence, and escalate privileges within enterprise

Executive Summary Fortinet has recently addressed a critical security vulnerability, identified as CVE-2026-21643 , in its FortiClientEMS product. This flaw, classified as a SQL injection vulnerability, enables unauthenticated remote attackers to execute arbitrary code or system commands on affected systems by sending specially crafted HTTP requests. With a CVSS v3.1 base score of 9.1, this vulnerability is considered critical and poses a significant risk to organizations r

Executive Summary In late January 2026, Dutch authorities, including the Dutch Data Protection Authority and the Council for the Judiciary , confirmed that a sophisticated cyberattack leveraging a zero-day exploit in Ivanti Endpoint Manager Mobile (EPMM) resulted in unauthorized access to employee contact data. This incident is part of a broader campaign targeting European governmental and critical infrastructure entities, with the European Commission and Finnish governmen

Executive Summary On January 29, 2026, the Warlock ransomware group, also known as Gold Salem and Storm-2603 , successfully breached the network of SmarterTools by exploiting unpatched authentication bypass vulnerabilities in SmarterMail (CVE-2026-23760 and CVE-2026-24423). The attackers gained initial access through a single, unpatched SmarterMail virtual machine, moved laterally within the Windows-centric infrastructure using Active Directory , and attempted to deploy r

By Guy Halfon, CEO at Rescana The old buckets no longer hold Every market has a moment when its categories stop making sense. Third-party risk is at that moment now. For years, vendors fit neatly into familiar buckets: SaaS providers, infrastructure partners, outsourced services. Reviews were slow because vendors were slow. Annual assessments worked because change was incremental. Trust was something you established, documented, and revisited later. AI vendors don’t fit tho

Executive Summary Publication Date: July 5, 2024 This report details the service disruption experienced by Microsoft Exchange Online beginning on June 20, 2024, where legitimate emails were incorrectly flagged as phishing and subsequently quarantined. The incident, which persisted for at least two weeks, was caused by a change in Exchange Online ’s phishing detection system that misidentified certain domain creation dates, resulting in widespread false positives. Microsoft

Executive Summary The threat actor known as Bloody Wolf has recently intensified a spear-phishing campaign targeting organizations in Uzbekistan and Russia, leveraging the legitimate remote administration tool NetSupport RAT for malicious purposes. This campaign, active since at least 2023, demonstrates a sophisticated attack chain involving custom Java-based loaders, multi-layered persistence mechanisms, and infrastructure overlap with IoT malware such as the Mirai botnet

Executive Summary The emergence of the TeamPCP worm marks a significant escalation in the threat landscape targeting cloud-native infrastructure. Since late 2025, this highly automated, worm-driven campaign has systematically exploited misconfigured and vulnerable cloud services, including Docker , Kubernetes , Ray , and Redis , as well as critical vulnerabilities in React and Next.js applications, most notably the React2Shell vulnerability ( CVE-2025-55182 , CVSS 10.0).

Executive Summary On January 30, 2026, the European Commission detected traces of a cyberattack targeting its central infrastructure responsible for managing staff mobile devices. The incident was contained and the affected system was cleaned within nine hours, with no evidence found of compromise to the mobile devices themselves. However, unauthorized access to staff names and mobile numbers of some Commission employees may have occurred. The attack is strongly linked to ex