Research
-
Grafana AI flaw could expose enterprise data in zero-click attack
Researchers say a critical Grafana flaw could let attackers use AI-powered dashboards to exfiltrate sensitive data without authentication. Grafana reportedly validated the issue and released a fix after disclosure by Noma Security.
-
GPUBreach attack can turn GPU Rowhammer bit flips into system takeover
Researchers at the University of Toronto say a new GPUBreach attack can use Rowhammer bit flips in GDDR6 GPU memory to corrupt page tables, gain GPU read and write access and potentially reach full system compromise.
-
Flowise flaw under active exploitation after critical code injection report
Threat actors are exploiting a critical Flowise code injection flaw, according to a technical analysis from VulnCheck. The issue can lead to remote code execution, and Flowise fixed it in version 3.0.6.
-
Iran-Linked Password-Spraying Campaign Hits Microsoft 365 Accounts in Middle East
An Iran-linked threat actor is suspected of targeting Microsoft 365 accounts in Israel and the United Arab Emirates in March 2026, affecting more than 300 organizations in Israel and over 25 in the U.A.E. across three attack waves.
-
DPRK-linked hackers use GitHub as command hub in South Korea attacks
DPRK-linked hackers used GitHub as command and control infrastructure in attacks on South Korean organizations, Fortinet said. The campaigns relied on LNK files, PowerShell, persistence tasks and trusted cloud services to hide activity.
-
Qilin and Warlock ransomware groups use vulnerable drivers to disable security tools
Qilin and Warlock ransomware operators have used vulnerable drivers to disable security tools on compromised systems, according to a technical analysis by Cisco Talos and Trend Micro. The findings highlight growing use of BYOVD tactics and in-memory evasion.
-
Hackers use Next.js flaw to harvest credentials from 766 hosts, Cisco Talos says
Cisco Talos says hackers used a Next.js flaw to compromise at least 766 hosts and harvest credentials, keys and cloud secrets through an automated operation tied to UAT-10608.
-
Researchers track fake installer campaign tied to cryptominers and RATs
A fake-installer campaign tracked as REF1695 has spread RATs and cryptominers since November 2023, with researchers estimating at least 27.88 XMR in proceeds. The operation also used ISO lures, Defender evasion and GitHub-hosted payloads.
-
Phishing campaign uses Casbaneiro and Horabot to target Latin America and Europe
A phishing campaign is using court summons-themed emails, WhatsApp automation and ClickFix tactics to spread Casbaneiro and Horabot across Latin America and Europe, according to a BlueVoyant technical analysis.
-
Microsoft Warns of WhatsApp Campaign Delivering Malicious VBS Files
Microsoft says a campaign that began in late February 2026 has used WhatsApp messages to spread malicious VBS files, then used renamed Windows tools and cloud services to help install persistent access on infected systems.
