Security Intelligence

IT helpdesk impersonation campaign uses Teams to gain initial access

Threat actors tracked as UNC6692 are impersonating IT helpdesk staff over Microsoft Teams to gain initial access...

Blog Post

Field Effect detects AMOS Stealer delivered via Cursor AI agent session

Field Effect MDR detected AMOS Stealer delivered via AI coding agent social engineering, highlighting a new,...

Security Intelligence

Bitwarden CLI compromised as part of supply-chain campaign

A malicious release of the Bitwarden CLI was published to npm in April 2026 as part of an expanding software...

Security Intelligence

Microsoft issued emergency patch for ASP.NET Core Data Protection flaw

Microsoft issued an out-of-band update to address a high-severity elevation of privilege vulnerability introduced in...

Security Intelligence

Progress patches MOVEit WAF and LoadMaster vulnerabilities

On April 20, 2026, Progress Software released patches for critical vulnerabilities affecting MOVEit Web Application...

Security Intelligence

Vercel confirms supply-chain breach linked to third-party AI tool

Vercel confirms a supply-chain breach tied to a third-party AI tool, exposing risks in OAuth integrations, environment...

Security Intelligence

Three Microsoft Defender Zero-days Reported Exploited

Over the month of April 2026, three distinct flaws affecting Microsoft Defender Antivirus were publicly disclosed, and...

Security Intelligence

Fortinet fixes critical FortiSandbox vulnerabilities

Fortinet disclosed two critical FortiSandbox vulnerabilities in April 2026 that allow unauthenticated execution of OS...

Security Intelligence

Critical nginx-ui vulnerability enabling full server takeover exploited

Critical nginx-ui flaw (CVE-2026-33032) enables auth bypass and full admin control. Active exploitation reported....

Security Intelligence

Microsoft April 2026 Patch Tuesday fixes two zero days, including BlueHammer

Microsoft patches 163 vulnerabilities, including two zero days affecting SharePoint and Defender. One is actively...

Security Intelligence

Dependency interactions turn Axios into a network-layer exposure threat

Critical Axios vulnerability (CVE-2026-40175) enables header injection via prototype pollution chains, risking SSRF and...

Security Intelligence

Researcher Reports on Potential Adobe Reader Zero-Day

A security researcher reports potential Adobe Acrobat Reader zero-day involving JavaScript access to privileged APIs,...