Speagle malware exploits Cobra DocGuard servers to exfiltrate sensitive data, indicating targeted espionage risks for protected systems.

ThreatsDay roundup covering stealthy attacks, phishing trends, exploit chains, and rising security risks across the threat landscape.

Perseus Android malware uses accessibility abuse via phishing apps to enable device takeover and financial fraud across multiple countries.

Claude Code bypasses security controls by acting locally before monitoring, exposing data risks and audit gaps.

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple countries.

Interlock exploits CVE-2026-20131 zero-day since Jan 26, enabling root access on Cisco FMC, increasing ransomware risks.

CVE-2026-32746 exposes telnetd via pre-auth flaw (CVSS 9.8), enabling root RCE through port 23, risking full system takeover.

OFAC sanctions DPRK IT fraud network using fake jobs and AI tactics, exposing funding links to WMD programs and insider threats.

Interlock ransomware is actively exploiting CVE-2026-20131 (CVSS 10.0) in Cisco FMC, enabling unauthenticated remote code execution as root.

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

Researchers uncovered 9 vulnerabilities across 4 IP KVM devices enabling unauthenticated root access and code execution.

CSMA links siloed security tools into attack paths to crown jewels, exposing hidden risks and enabling faster remediation.