Threat round-up

Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.
The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.

Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.

This week’s curated collection shines a spotlight on critical router vulnerabilities, credential-theft campaigns, and dangerous enterprise-software flaws.

Recent ASUS advisories address critical and exploited router flaws

ASUS has published several high-severity security advisories for AiCloud-enabled routers, DSL router families, as well as MyASUS and Armoury Crate software, warning of multiple critical flaws that have been actively exploited. Organizations should review their network architecture, update firmware where possible, or consider isolating or replacing impacted devices to reduce exposure.

Keep reading

“Recent Links” feature used by online formatters exposes private data

A recent disclosure revealed that a popular online code-beautifier tool’s “Recent Links” feature, intended to help users revisit previously formatted snippets, has inadvertently exposed sensitive information: credentials, private keys, and configuration files belonging to banks, government agencies, and major tech firms. This highlights the hidden risk of relying on browser-based developer tools without strict access controls.

Keep reading

New Shai-Hulud variant uses preinstall script for credential theft

The malware family Shai-Hulud is back with a 2.0 variant that weaponizes npm packages with malicious preinstall scripts. These packages execute Bun-based payloads that facilitate credential theft, abuse of GitHub workflows, and rapid propagation across development environments. Field Effect MDR flags IoCs associated with these campaigns—organizations should audit package usage, enforce dependency hygiene, and monitor for suspicious activity.

Keep reading

Max-severity Grafana Enterprise flaw exposes identity provisioning

A critical privilege-escalation flaw in Grafana Enterprise (CVE-2025-41115), affecting versions 12.0.0 through 12.2.1 when SCIM is enabled, poses a serious risk to identity management and role provisioning processes. While no public proof-of-concept has been released, we strongly recommend updating to the patched version or disabling SCIM until patched to prevent possible escalation and unauthorized access.

Keep reading

Subscribe to the Field Effect Threat Round-up Newsletter

Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.

Signing up to the newsletter makes you the first to know about:

• Comprehensive threat intelligence: Updates on the latest threat actors, vulnerabilities, and campaigns, including observed tactics, techniques, and procedures (TTPs).
• Expert analysis and context: Field Effect’s analysts break down the impact of critical flaws and emerging campaigns, helping you understand evolving threat behaviors.
• Actionable defense guidance: Receive practical security steps, patching tips, and indicators of compromise (IOCs) to strengthen your defenses and stay one step ahead.
• Exclusive research: Explore in-depth investigations from Field Effect's analysts, uncovering new threat campaigns, indicators of compromise, and attacker behaviors as they emerge.

Sign up today and stay one step ahead: