Two critical vulnerabilities in Progress ShareFile's on-premises Storage Zones Controller can be chained to take over internet-facing servers without a single valid credential. No authentication, no social engineering, no insider access. Just a public IP and time. WatchTowr disclosed the bugs yesterday after private disclosure to Progress in
A single developer. One week. 88,000 lines of functional, enterprise-grade malware code. That's VoidLink — a Linux-based malware framework that Check Point analysts discovered in January 2026, and the clearest signal yet that AI-assisted malware development has stopped being a theoretical concern and become an operational one. The
Cisco Talos dropped a detailed analysis today of something defenders need to understand fast: the Qilin ransomware group is deploying an EDR killer that doesn't just crash your security stack — it surgically dismantles it from the inside, then wipes the evidence. The payload is a malicious DLL called
Cisco Talos published a deep-dive today on the EDR killer component embedded in Qilin ransomware attacks. It's the kind of analysis that should make every SOC team pause and double-check their detection assumptions. The short version: a malicious DLL named `msimg32.dll` is being side-loaded during Qilin intrusions,
The most-used HTTP library in JavaScript just spent 24 hours silently installing backdoors on developer machines. If you run anything that depends on axios, read this before you do anything else. What Happened On March 30–31, 2026, threat actors linked to North Korea compromised the axios npm package and
The security community has been arguing for two years about whether AI could meaningfully accelerate malware development. VoidLink just closed that debate. Check Point Research disclosed in late March that VoidLink — a sophisticated Linux malware framework targeting cloud infrastructure and Kubernetes environments — was built by a single developer using ByteDance&
title: "TeamPCP Backdoored the Telnyx Python SDK — And Left a Self-Erasing RAT Behind" slug: teampcp-telnyx-python-sdk-backdoor-2026 tags: [supply-chain, python, pypi, malware, teamtnt, credential-theft] On March 27, 2026, a threat actor known as TeamPCP uploaded two malicious versions of the Telnyx Python SDK to PyPI. The compromised packages — `telnyx==4.
The attack you're probably not patching for right now: a threat group called TeamPCP has been systematically backdooring Python packages on PyPI, one after another, for the past two weeks. The Telnyx Python SDK was the latest hit. LiteLLM before that. Trivy before that. And more than 46
If you're running Fortinet FortiClient EMS in multi-tenant mode, you're a live target right now. CVE-2026-21643 — a critical SQL injection vulnerability in FortiClient Endpoint Management Server — is being actively exploited in the wild. Threat intelligence firm Defused Cyber confirmed exploitation attempts four days ago via honeypot
Oracle issued an emergency out-of-band patch this week for CVE-2026-21992, a CVSS 9.8 unauthenticated remote code execution vulnerability in Oracle Identity Manager and Web Services Manager. If your organization runs Oracle Fusion Middleware, patch now. Don't wait for your next maintenance window. What It Is CVE-2026-21992 lives
If you're running Citrix NetScaler ADC or Gateway as a SAML Identity Provider, someone is already knocking on your door. They just haven't kicked it in yet. That's the situation as of this morning. Threat intelligence firms watchTowr and Defused Cyber are both reporting
title: "Two CVSS 9.3 Vulns, One Weekend: F5 BIG-IP Under Active Exploitation, Citrix NetScaler Recon Underway" slug: f5-bigip-cve-2025-53521-citrix-netscaler-cve-2026-3055-active-exploitation tags: ["vulnerability", "F5", "BIG-IP", "Citrix", "NetScaler", "CISA", "CVE", "RCE"] excerpt: "CVE-2025-53521 is
