AI-Powered Attacks Rise, Critical Vulnerabilities Explored in Daily Brief
Summary
This daily cybersecurity publication highlights a surge in sophisticated threats, including an unprecedented AI-assisted cyberattack in Europe and the proliferation of malicious AI skills capable of data theft and malware execution. The financial services sector remains a prime target, facing double the cyberattacks of other industries, with attackers exploiting legacy vulnerabilities and ransomware groups actively engaging.
Critical vulnerabilities are under active exploitation, with Adobe ColdFusion RCE (CVE-2026-48282) and Gitea Docker flaws (CVE-2026-20896) being actively exploited, prompting urgent patching advisories. A new Linux kernel zero-day, 'Bad Epoll' (CVE-2026-46242), granting full root access, has seen patches released alongside a public exploit, emphasizing the need for immediate updates. BeyondTrust has also patched critical authentication bypass flaws in its Remote Support and Privileged Access tools.
Supply chain attacks continue to impact the cybersecurity industry, with the Klue attack now explicitly naming LastPass as a victim. Threat actors are expanding their arsenals, with UAT-7810 deploying new backdoors like LONGLEASH, DOGLEASH, and JARLEASH. Social engineering tactics are evolving, with attackers using fake Microsoft Teams IT support calls to deploy EtherRAT malware. China has issued a security alert for Anthropic's Claude Code AI tool, citing a potential 'backdoor.' Finally, the Vidar Stealer campaign is employing advanced evasion techniques, including fake code signing and file inflation, to distribute malware.
Today New Articles
Financial Services Sector Faces Double the Cyberattacks of Other Industries, SonicWall Reports
According to a new report from SonicWall, the financial services industry is being targeted by cyberattacks at a rate more than double the average of all other sectors combined. The 2026 Financial Services Protect Brief highlights that attackers are deliberate...
Icelandic Firm Investigates Unprecedented AI-Assisted Cyberattack in Europe
Icelandic cybersecurity company Syndis is investigating a highly sophisticated cyberattack against a European client that shows strong indications of being developed with the aid of a large AI model. The attack weaponized a moderately severe vulnerability (CVS...
China Issues 'Backdoor' Security Alert for Anthropic's Claude Code AI Tool
A cybersecurity platform operated by China's industry ministry has issued a serious security alert for Anthropic's AI coding tool, Claude Code. The China National Vulnerability Database (NVDB) alleges that versions 2.1.91 through 2.1.196 of the tool contain a...
Critical Gitea Docker Flaw Actively Exploited for Unauthorized Access
A critical authentication bypass vulnerability, CVE-2026-20896, is being actively exploited in Gitea Docker images. The flaw, rated 9.8 on the CVSS scale, stems from an insecure default configuration that allows a remote, unauthenticated attacker to impersonat...
Threat Actor UAT-7810 Expands Arsenal with New Backdoors: LONGLEASH, DOGLEASH, and JARLEASH
According to new research from Cisco Talos, the threat actor UAT-7810 is actively developing and deploying new custom malware to expand its operational relay box (ORB) networks. The group has created 'LONGLEASH,' a new version of its 'SHORTLEASH' backdoor, and...
Attackers Use Fake Microsoft Teams IT Support Calls to Push EtherRAT Malware
A live social engineering campaign is targeting corporate users by impersonating IT support staff over Microsoft Teams voice calls. According to Unit 42, attackers initiate contact with a phishing email and follow up with a voice call from an external Teams te...
BeyondTrust Patches Critical Flaws in Remote Support and Privileged Access Tools
BeyondTrust has released urgent security patches for two critical authentication bypass vulnerabilities, CVE-2026-40138 and CVE-2026-40139, affecting its Remote Support and Privileged Remote Access platforms. The flaws could allow an unauthenticated remote att...
Malicious AI Skills Proliferate, Capable of Data Theft and Malware Execution
The ecosystem of AI agents is becoming a new battleground, with security researchers from ESET discovering over 3,000 malicious and 25,000 suspicious AI 'skills' in a recent scan. According to ESET's H1 2026 Threat Report, these weaponized skills can abuse AI...
Vidar Stealer Campaign Uses Fake Code Signing, Go Loaders, and File Inflation to Evade Detection
In a financially motivated campaign identified in April 2026, attackers are distributing the Vidar information stealer and the XMRig cryptocurrency miner to a global audience, with a focus on the U.S. and European Union. The operation leverages a complex set o...
Article Updates
Klue Supply Chain Attack Hits Nearly 200 Firms, Including Major Cybersecurity Vendors
Update:The ongoing Klue supply chain attack, attributed to the Icarus extortion group, has now explicitly named LastPass among its victims. Attackers continue to leverage compromised legacy credentials to harvest OAuth tokens and exfiltrate sensitive Salesforce CRM d...
New 'Bad Epoll' Linux Kernel Zero-Day (CVE-2026-46242) Grants Full Root Access
Update:New information confirms that patches for the critical 'Bad Epoll' Linux kernel zero-day vulnerability (CVE-2026-46242) have been released by kernel maintainers. This provides a crucial remediation path for affected systems, including servers, desktops, and An...
Patch Now: Critical Adobe ColdFusion RCE Flaw (CVE-2026-48282) Under Active Exploitation
Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-48282, the critical Adobe ColdFusion RCE flaw, to its Known Exploited Vulnerabilities (KEV) catalog. This listing confirms active, in-the-wild exploitation and manda...