Weekly Scan: Cloud, Cybersecurity, AI News — Mar 01, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2025-10891 (10 mentions)
• CVE-2026-28561 | gVectors wpForo Forum up to 2.4.15 cross site scripting (EUVD-2026-9110) (5 mentions)
• CVE-2026-3413 | itsourcecode University Management System 1.0 admin_single_student.php ID sql injection (3 mentions)

Aeternum botnet uses Polygon blockchain smart contracts for C&C, making its infrastructure harder to detect and disrupt. Qrator Labs researchers uncovered Aeternum, a botnet that runs its command-and-control infrastructure through smart contracts ...

The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks.

The Trump administration on Friday moved to ban the use of products from artificial intelligence company Anthropic by federal businesses, escalating a high-stakes clash over whether private AI makers can limit how the US military uses their system...

French ecommerce site suffers third-party breach, losing data on millions of customers.

There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang. Read more in my article on the Hot for Securit...

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2...

Large-scale commercial search systems optimize for relevance to drive successful sessions that help users find what they are looking for. To maximize relevance, we leverage two complementary objectives: behavioral relevance (results users tend to click or download) and textual relevance (a result...

Large Language Models (LLMs) can be adapted to extend their text capabilities to speech inputs. However, these speech-adapted LLMs consistently underperform their text-based counterparts—and even cascaded pipelines—on language understanding tasks. We term this shortfall the text-speech understand...

AI is accelerating every aspect of healthcare — from radiology and drug discovery to medical device manufacturing and new treatment methods enabled by digital twins of the human body. NVIDIA’s second annual “State of AI in Healthcare and Life Sciences” survey report reveals how the industry is mo...

One of the first pre-processing steps for constructing web-scale LLM pretraining datasets involves extracting text from HTML. Despite the immense diversity of web content, existing open-source datasets predominantly apply a single fixed extractor to all webpages. In this work, we investigate whet...

Recent multimodal large language models (MLLMs) such as GPT-4o and Qwen3-Omni show strong perception but struggle in multi-speaker, dialogue-centric settings that demand agentic reasoning tracking who speaks, maintaining roles, and grounding events across time. These scenarios are central to mult...

Welcome to Import AI, a newsletter about AI research. Import AI runs on arXiv and feedback from readers. If you’d like to support this, please subscribe. Subscribe now Want to make AI go better? Figure out how to measure it:…One simple policy intervention that works well…Jacob Steinhardt, an AI r...

Amazon Bedrock now supports OpenAI-compatible Projects API in the Mantle inference engine in Amazon Bedrock. Amazon Bedrock is a fully managed service that offers a broad selection of best-in-class foundation models from leading AI companies like Anthropic, Meta, and OpenAI, along with a broad se...

Today, AWS WAF announced a new AI activity dashboard that provides centralized visibility into AI bot and agent traffic reaching your applications. With this launch, AWS WAF Bot Control expands its detection coverage to track more than 650 unique bots and agents, offering one of the most comprehe...

As autonomous AI systems transform business, a new profession is emerging to protect them: the AI Security Engineer. Discover why this specialized discipline is becoming a survival imperative for organizations in an AI-native world.

Today, AWS announces the general availability of Amazon Q Developer artifacts in the AWS Management Console. Amazon Q artifacts is a generative AI-based user experience that enables customers to visualize resource data in tables and cost data in charts. The launch also moves the Q icon to the nav...

immer mehr betroffene Unternehmen und Organisationen folgen dem Rat, kein Lösegeld zu zahlen . fadfebrian – shutterstock.com Laut einem neuen Bericht des Analyseunternehmens Chainalysis konnten Hacker im Jahr 2025 im Zusammenhang mit Ransomware-Angriffen insgesamt 820 Millionen Dollar erbeuten. A...

In this Help Net Security video, Jason Rivera, Field CISO & Head of Solution Engineering at SimSpace, discusses how autonomous AI agents are changing cyber threats. Drawing on experience in the US Army, NSA, Deloitte, and CrowdStrike, he describes how security teams have traditionally measured ri...

Enterprises are pushing AI deeper into workflows that touch sensitive data across cloud platforms and SaaS apps. The 2026 Thales Data Threat Report, based on a survey of 3,120 respondents in 20 countries, places that shift alongside growing pressure on data protection, identity controls, and clou...

LLM-driven vuln finding has reached an inflection

GPS attacks trigger revisiting threat models

What if we think about LLM coding as if it’s a compiler stage?

The CRA is coming and it's going to be a dramatic change for technology producers

Thinking of threat modeling with a knob helps you get more out of it.

Thoughts on the CVE funding crisis

Grateful to introduce the Hackers' Almanack!

A group of us have urged HHS to require better handling of security reports

Some thoughts on the Voyager Episode ‘Inside Man’

The most important stories around threat modeling, appsec and secure by design for June, 2024.

Why is it hard to count lockbit infections?

Making an LLM forget is harder than it seems

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

The NVD is in crisis, and so is patch management. It’s time to modernize.

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Phishing behaviors, as observed in the wild.

Pointer to Adam’s latest Darkreading article

Text captured from GPT-3

What happened when Microsoft tried to buy climate abatements

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

The timing of updates is not coincidental.

Thoughts on the issues with the Ever Given blocking the Suez Canal.

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Sharing for you, bookmarking for me.

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

Over-inflated numbers won't scare me into buying your ‘solution’.

Discussing the value of Security Advisory Boards

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

LLMs can deanonymize internet users based on their comments, CISA gets a new acting director, hackers steal 15 million records from the French Ministry of Health, and Google takes down an ad fraud botnet.

How Do Non-Human Identities Enhance AI Threat Detection? Is your organization leveraging Non-Human Identities (NHIs) to elevate its cybersecurity strategy? Managing NHIs becomes a pivotal factor in ensuring robust cloud security and improving AI threat detection capabilities. Understanding and ma...

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of dist...

Names, addresses, email addresses, phone numbers, and encrypted passwords were compromised in the attack. The post Canadian Tire Data Breach Impacts 38 Million Accounts appeared first on SecurityWeek .

Cybercriminal networks resell real travel bookings bought with stolen credit cards.

Iran experienced a near-total internet blackout as Israel and the U.S. launched strikes, according to NetBlocks. Internet access across Iran was drastically reduced on Saturday as Israel and the United States carried out strikes against the country, according to independent and non-partisan globa...

Attackers spread trojanized gaming tools to deliver a stealthy RAT using PowerShell, LOLBins, and Defender evasion tactics. Threat actors are tricking users into running trojanized gaming utilities shared through browsers and chat platforms to deploy a remote access trojan. “Microsoft Defender re...

HBO's "The Pitt" is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack.

A yearlong Europol-coordinated operation dubbed "Project Compass" has led to 30 arrests and 179 suspects being tied to "The Com," an online cybercrime collective that targets children and teenagers. [...]

Hackers found a new legitimate tool to abuse, and this time it's Google Tasks.

Fewer businesses are paying, but ransomware groups are growing in number.

It's become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. [...]

Hackers stole personal information such as names, email addresses, phone numbers, and other information. The post 38 Million Allegedly Impacted by ManoMano Data Breach appeared first on SecurityWeek .

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks....

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article .

Aeternum operates on smart contracts, making its command-and-control (C&C) infrastructure difficult to disrupt. The post Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience appeared first on SecurityWeek .

Law enforcement agencies across 28 countries have spent the past year building cases against a loosely organized collective known as The Com, a decentralized network of mostly teenagers and young adults linked to high-profile ransomware attacks, financial extortion, and the coercion of vulnerable...

If you thought running an AI agent locally kept it safely inside your machine’s walls, you’re in for a surprise. Researchers at Oasis Security have disclosed a flaw chain that allowed a malicious website to quietly connect to a locally running OpenClaw agent and take full control. The issue stems...

International law enforcement operation led by Europol targets network of teenagers and young adults involved in ransomware attacks, extortion and other crimes

An out-of-band security update for Junos OS Evolved patches the remote code execution vulnerability CVE-2026-21902. The post Juniper Networks PTX Routers Affected by Critical Vulnerability appeared first on SecurityWeek .

Large language models (LLMs) have arrived in security in three different forms at once: as productivity tools that sit beside analysts, as components embedded inside products and workflows and as targets that attackers can probe, manipulate and steal. That convergence is why the conversation feel...

Der Einsatz von KI-Tools macht Cyberangriffe nicht nur schneller, sondern erhöht auch die Taktzahl. Color4260 / Shutterstock Crowdstrike hat die aktuelle Ausgabe seines Global Threat Report veröffentlicht – mit mehreren bemerkenswerten Erkenntnissen. So benötigte ein Angreifer im Jahr 2025 im Sch...

A Russian man prosecuted for extorting the Conti ransomware group, Google takes down a Chinese cyber-espionage operation, Anthropic tells Department of War to pound sand over AI restrictions, and a Cisco zero-day was exploited in the wild for three years.

The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind.

Officials said 30 perpetrators have been arrested in the past year, and global law enforcement cooperation is closing the gap. The post Project Compass is Europol’s new playbook for taking on The Com appeared first on CyberScoop .

Qrator Research Lab has identified Aeternum C2, a botnet that uses the Polygon blockchain for commands, making it nearly impossible to shut down.

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for command-and-control, Aeternum stores ...

Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. [...]

DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. [...]

Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data.

A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges. [...]

A decade-old threat actor is up to some new shenanigans, but Google is having none of it.

French professional football club Olympique de Marseille has confirmed a cyberattack after a threat actor claimed on Monday that it breached the club's systems earlier this month. [...]

New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts

As AI gets integrated, attacks speed up and grow in severity, so buisnesses should shape up.

2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities

UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation

LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices are highly uneven ­ for example, L , 9, m, 2, $ and ...

Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on...

Diese Open-Source-Tools adressieren spezifische Security-Probleme – mit minimalem Footprint. Foto: N Universe | shutterstock.com Cybersicherheitsexperten verlassen sich in diversen Bereichen auf Open-Source-Lösungen – nicht zuletzt weil diese im Regelfall von einer lebendigen und nutzwertigen Com...

Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and ...

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with pa...

The global campaign marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. The similarities don’t end there. The post Governments issue warning over Cisco zero-day attacks dating back to 2023 appeared first on CyberScoop .

Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves.

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting internat...

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms, ...

1Campaign has been around for three years and comes with a fancy dashboard.

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief....

Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren’t worth their time, VulnCheck’s Caitlin Condon said. The post Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks appeared first on CyberScoop .

The agency lost a third of its people in a year. Now industry and lawmakers on both sides say it's unprepared for a potential crisis. The post Across party lines and industry, the verdict is the same: CISA is in trouble appeared first on CyberScoop .

Four critical flaws were addressed, all of which could lead to remote code execution.

In the latest operation targeting cybercrime groups, African law enforcement agencies cooperated with Interpol and cybersecurity firms to recover more than $4.3 million.

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access c...

Automotive marketplace CarGurus was the target of a data breach in which the names, email addresses, phone numbers, and physical addresses of millions of customers were stolen.

Researchers found 1,500 vulnerabilities in 10 popular apps, including dozens of high-severity flaws.

Fintech giant Marquis is suing its firewall provider SonicWall, claiming that an earlier breach with SonicWall allowed hackers to deploy ransomware on Marquis' network.

Attack points to another breach by ShinyHunters, but the group has not yet claimed responsibility.

Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information

APT28 resurfaces once again, targeting Western organizations with spear-phishing lures.

Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities support...

The number of people affected by a data breach at government contractor giant Conduent is growing, as millions of people continue to receive notices warning them that hackers stole their personal data.

Qilin hits the Local 100 of TWA, leaking sensitive member data to the dark web.

Scam ads create millions of impressions every month, tricking users into downloading malware, and more.

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said ...

The average time from intrusion to network movement in 2025 was 29 minutes, a 65% increase in speed from the year prior. The post CrowdStrike says attackers are moving through networks in under 30 minutes appeared first on CyberScoop .

Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges wit...

[](/images/why-you-should-hate-anthropic.webp) All the best influencers hate Anthropic right now, and for good reason. They ruined everything, and they're worthy of every bit of hate they get. Quick recap: - T...

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how ‘professional’ Five Eyes cyber espionage agencies like NSA will use AI. These agencies place a premium on stealth and won’t yolo AI. This episode is available on Youtube.

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed O...

A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks.

Advantest confirms being hit by ransomware, but says investigation is currently ongoing.

ShinyHunters claim to have hit Wynn Resorts, stealing 800,000 recors.

A low-skilled threat actor was able to do a lot with the help of AI, Amazon researchers warn.

A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances

Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident

University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

First wave of Ryzen AI desktop CPUs targets business PCs rather than DIYers.

The Trump administration on Friday moved to ban the use of products from artificial intelligence company Anthropic by federal businesses, escalating a high-stakes clash over whether private AI makers can limit how the US military uses their systems. Just hours later, Anthropic rival OpenAI’s CEO,...

Stateless AI, in which a model offers one-off answers without context from previous sessions, can be helpful in the short-term but lacking for more complex, multi-step scenarios. To overcome these limitations, OpenAI is introducing what it is calling, naturally, “stateful AI.” The company has ann...

Credential and cryptocurrency theft, live surveillance, ransomware - an attacker's Swiss Army knife A new remote access trojan (RAT) being sold on cybercrime networks enables double extortion attacks on Windows machines by bundling ransomware and data theft, along with credential and cryptocurren...

Claude Opus 3, which has been replaced by Claude Opus 4.6 as Anthropic’s most powerful AI model, has managed to find a new position. The “newly retired” AI model has launched its own Substack blog, Claude’s Corner , which it is aiming to publish it weekly. Claude set out its purpose in writing th...

La transformación digital del sector sanitario ha abierto una nueva frontera para la atención médica, pero también para los ciberdelincuentes. Hospitales, centros de salud y laboratorios se han convertido en uno de los objetivos prioritarios de los ataques informáticos por una razón evidente: man...

Faced with demands from the US Department of Defense to allow its technology to be used for purposes the company considers unsafe or antidemocratic, Anthropic CEO Dario Amodei ’s stance remains firm: “We cannot in good conscience accede to their request,” he wrote in a statement published on the ...

New IT jobs are emerging to help organizations better evaluate AI outputs as they move from AI pilots to full-scale deployments. Many organizations are now considering assembling or hiring AI evaluation teams, with some experts calling these recently created roles an essential safety net for comp...

Pretending the software is sentient makes it sound more powerful As with any piece of obsolete software, you might expect an outdated AI model to just be switched off. Anthropic, however, argues that simply pulling the plug has downsides. After “retirement” interviews, Claude Opus 3 said it wante...

The US government has ordered its diplomats to actively oppose other countries’ attempts to introduce so-called data sovereignty laws that restrict how and where foreign technology companies can store and handle citizens’ data, according to Reuters . In an internal memo from Secretary of State Ma...

Choosing a secure password isn’t always easy. That’s why some people are turning to “artificial intelligence” (e.g., chatbots like ChatGPT and Google Gemini) to create secure passwords for them. But security experts at Irregular warn against this approach. After some tests, they’ve discovered tha...

AI doesn’t always give accurate answers—much less specific. Meanwhile, security software sometimes gets outright ignored. You wouldn’t think combining the two would make for a solid match, but Malwarebytes is proving me wrong. Recently, the venerable security software maker launched a ChatGPT int...

In the new Chrome versions 145.0.7632.116/117 for Windows and macOS and 145.0.7632.116 for Linux, the developers have fixed 3 newly reported security vulnerabilities. According to Google, none of these vulnerabilities are being exploited for attacks in the wild. In the Chrome Releases blog post ,...

Scams keep coming at us—and they’re getting harder to spot. How? Scammers have begun making them more tailored to their marks. That is… us. Personalized scams, as security experts call them, use details about you in the hope of tricking you more easily. This information comes from illicit sources...

A new Android malware called “Massiv” is on the rise. Security researchers at ThreatFabric uncovered the large-scale campaign, in which hackers disguised and distributed the malware as a harmless IPTV streaming app. Once installed, however, the app was able to read screen inputs to steal password...

Hayley Steele and Gregory Szewczyk of Ballard Spahr write: A new bill introduced in Connecticut—Connecticut Senate Bill 117, An Act Concerning Breaches of Security Involving Electronic Personal Information—would create mandatory forensic examination requirements for entities that experience a “ma...

Andrea DeField and S. Alice Weeks of Hunton Andrews Kurth write: In the rarely litigated space of cyber insurance, the Northern District of Texas issued a win for cyber policyholders this week, offering a clear reminder to insurers that if they want to restrict coverage, they must draft the polic...

The Jerusalem Post reports: As fighter jets and cruise missiles struck IRGC command centers, a parallel front reportedly paralyzed the Islamic Republic from within. Reports on Saturday, February 28, 2026, indicated that Iran entered an almost complete digital fog, in what appeared to be a large-s...

It's Friday, let's have a look at another simple piece of malware to close a busy week! I received a Fedex notification about a delivery. Usually, such emails are simple phishing attacks that redirect you to a fake login page to collect your credentials. Here, it was a bit different:

Disguised as a security check, this fake Google alert uses browser permissions to harvest contacts, location data, and more.

Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as “UAT-10027,” delivering a previously undisclosed backdoor dubbed “Dohdoor.”

Cisco Talos is tracking the active exploitation of CVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, formerly vSmart, that allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges.

A convincing fake Avast site displays a €499.99 charge and promises a refund. Instead, it harvests your name, address, and full credit card details.