Palo Alto Networks Zero-Day Under Active Attack; DAEMON Tools Hit by Major Supply Chain Compromise

Critical Palo Alto Networks Zero-Day (CVE-2026-0300) Actively Exploited for RCE

Palo Alto Networks has issued an urgent advisory for a critical, unpatched zero-day vulnerability, CVE-2026-0300, in its PAN-OS software. The flaw, a buffer overflow in the User-ID Authentication Portal, allows for unauthenticated remote code execution with ro...

China-Nexus APT 'UAT-8302' Uses Shared Malware Toolkit to Target Governments

Cisco Talos has identified a sophisticated China-linked APT group, dubbed UAT-8302, that has been conducting espionage campaigns against government entities in South America and Southeastern Europe since late 2024. The group's primary objective is intelligence...

Critical RCE Flaw in Apache HTTP Server's HTTP/2 Module Patched

The Apache Software Foundation has patched a critical vulnerability, CVE-2026-23918, in the Apache HTTP Server. The flaw is a 'double free' memory corruption bug in the `mod_http2` module affecting version 2.4.66. With a CVSS score of 8.8, the vulnerability ca...

North Korean APT ScarCruft Hits Gaming Platform in Supply-Chain Attack

The North Korea-aligned APT group ScarCruft (APT37) has executed a multi-platform supply-chain attack by compromising a regional gaming platform, `sqgame[.]net`. Active since late 2024, the campaign targets the ethnic Korean community in China's Yanbian region...

High-Severity Redis Flaw (CVE-2026-25243) Allows for Potential RCE

A high-severity vulnerability, CVE-2026-25243, has been discovered in Redis, a popular in-memory data store. The flaw is a heap-based buffer overflow within the `RESTORE` command, which fails to properly validate serialized data. An authenticated attacker with...

89% of IT Leaders Struggle with Identity Sprawl Amid AI Expansion: Report

A new global report from Keeper Security, "Identity Security at Machine Speed," reveals that 89% of IT leaders find it difficult to manage their organization's expanding identity footprint. The rapid adoption of AI is a key driver, multiplying the number of no...

Anthropic's 'Mythos' AI Model Triggers Global Cybersecurity Overhaul

Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reportedly evaluating a significant policy change to reduce the mandatory remediation time for critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog from 14 days to 72...

China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits

Update:The China-linked Silver Fox APT has expanded its cyber-espionage campaign, now targeting organizations in India and Russia since December 2025. This new wave utilizes regionally-timed, tax-themed phishing lures to deliver the known ValleyRAT and a newly identi...

New 'CloudZ' Malware Abuses Microsoft Phone Link to Steal Mobile Data

Update:The CloudZ RAT campaign, which abuses Microsoft Phone Link to steal SMS and OTPs, has been active since at least January 2026. Further analysis reveals the CloudZ RAT employs advanced anti-analysis features, including in-memory execution and sandbox detection...

Microsoft Details Phishing Campaign Targeting 35,000 Users

Update:Microsoft's Q1 2026 threat analysis provides broader context for this campaign, reporting a total of 8.3 billion email-based phishing threats. The report highlights that nearly 80% of all email threats were link-based credential phishing, while malware deliver...