The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, asRead More »OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the “npm install” command to trigger the execution of malicious code usingRead More »GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

AI has become a tool for many cybercriminals seeking to advance and accelerate their attacks, but AI’s capabilities aren’t the only aspect malicious actors are leveraging.  

Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously mapRead More »China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It’s tracked as CVE-2026-25089 (CVSSRead More »Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker toRead More »Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows – CVE-2026-20245 (CVSS score: 7.8) – An improper encoding or escaping of output vulnerability in Cisco CatalystRead More »CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation