Today’s security landscape is dominated by the discovery of the ‘Landfall’ spyware, which exploited a zero-day in Samsung devices for nearly a year. Other critical threats include actively exploited Cisco firewall vulnerabilities causing DoS attacks and a significant data breach at the U.S. Congressional Budget Office linked to an unpatched device. We are also tracking a supply chain threat involving malicious NuGet packages with dormant ‘time bomb’ payloads set to detonate in the future. This is what you need to know now.
Top 5 Critical Security Alerts
- ‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones: A newly discovered commercial spyware named ‘Landfall’ exploited a zero-day vulnerability for nearly a year to compromise Samsung Galaxy devices, targeting users in the Middle East. Read more
- Cisco: Actively exploited firewall flaws now abused for DoS attacks — Cisco warns that two previously disclosed zero-day vulnerabilities in its ASA and FTD firewalls are now being actively used to launch denial-of-service attacks, causing devices to enter a reboot loop. Read more
- Congressional Budget Office confirms it was hacked: The U.S. Congressional Budget Office (CBO) has confirmed a significant cybersecurity incident, with researchers suggesting the breach may have stemmed from a firewall that remained unpatched for over a year. Read more
- Malicious NuGet packages drop disruptive ‘time bombs’: Malicious packages have been found on the NuGet repository containing hidden payloads scheduled to activate in 2027 and 2028, designed to sabotage databases and Siemens industrial control systems. Read more
- Washington Post confirms data breach linked to Oracle hacks — The Washington Post is the latest high-profile victim of the Clop ransomware gang, which breached the newspaper’s network by exploiting vulnerabilities in Oracle software. Read more
Threat Intelligence
- Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine: The Russian state-sponsored group Sandworm has been observed deploying new data-wiping malware against government, energy, and logistics entities in Ukraine. Read more
- From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools: A China-linked threat actor is exploiting older vulnerabilities, including Log4j, to target U.S. non-profits involved in policy issues, aiming to establish long-term network persistence for espionage. Read more
- Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities: A malicious Visual Studio Code extension named “susvsex” was discovered with basic ransomware functions, appearing to have been created with AI assistance and making little effort to hide its malicious nature. Read more
Security Breaches & Incidents
- How to trade your $214,000 cybersecurity job for a jail cell: An article details a case where incident response experts were arrested by the FBI for allegedly planting ransomware themselves while engaged by victim companies to perform cleanup. Read more
Security Tools & Best Practices
- QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own — QNAP has released patches for seven zero-day vulnerabilities in its Network-Attached Storage (NAS) devices that were successfully exploited by researchers during the Pwn2Own competition. Read more
- ID verification laws are fueling the next wave of breaches: An analysis suggests that increasingly strict ID verification laws are forcing companies to store massive amounts of sensitive data, turning compliance efforts into a significant security risk by creating high-value targets. Read more
Cloud & Network Security
- Ollama, Nvidia Flaws Put AI Infrastructure at Risk: Researchers have uncovered multiple vulnerabilities in popular AI infrastructure products from Ollama and Nvidia, including a flaw that could permit remote code execution. Read more
Emerging Security Technologies
- Whisper Leak: A novel side-channel attack on remote language models: Microsoft researchers have detailed “Whisper Leak,” a new side-channel attack that can infer the topics of encrypted conversations with remote AI language models by analyzing network traffic patterns. Read more
- AI Agents Are Going Rogue: Here’s How to Rein Them In: Experts warn that applying human-centric identity frameworks to AI agents is inadequate and creates potential for catastrophic security failures as their use becomes more widespread. Read more
