no alarms and no surprises please..

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting…

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below –…

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with a new malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K.’s National Cyber Security…

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from…

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine The AI Agent Authority Gap – From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new…

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. “Once launched, these apps redirect users to browser pages…

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. “As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees,…

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from JFrog and Socket. “The affected package version appears to be @bitwarden/[email protected], and the malicious code was published in ‘bw1.js,’ a file included in the…

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are…

[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a…

Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them? Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others…

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also…

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking…

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. “The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert…

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy…

Toxic Combinations: When Cross-App Permissions Stack into Risk On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. Some of those…