Security Articles

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

This article covers APT28 (Forest Blizzard), a Russia-linked threat actor, conducting a large-scale DNS hijacking campaign by compromising SOHO routers worldwide.

31 min read

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

A high-severity Docker Engine vulnerability (CVE-2026-34040, CVSS 8.8) allows attackers to bypass authorization plugins and gain full host access.

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

This article covers an active cryptomining botnet campaign targeting over 1,000 internet-exposed ComfyUI instances via a remote code execution exploit.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

This article promotes a webinar addressing the growing identity security gap in enterprise environments as AI agents become more prevalent.

The Hidden Cost of Recurring Credential Incidents

This article examines the hidden operational costs of recurring credential incidents beyond high-profile data breaches.

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

New research introduces GPUBreach, a RowHammer-based attack on NVIDIA GPUs using GDDR6 memory that achieves full CPU privilege escalation.

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

This article covers Storm-1175, a China-linked threat actor exploiting zero-day and N-day vulnerabilities to rapidly deploy Medusa ransomware against organizations in healthcare, education, finance, and professional services.

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

A critical CVSS 10.0 remote code execution vulnerability (CVE-2025-59528) in Flowise, an open-source AI platform, is under active exploitation with over 12,000 exposed instances.

Security•2026-04-06

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

This article covers an Iran-linked password-spraying campaign targeting Microsoft 365 environments across 300+ Israeli and 25+ UAE organizations in early 2026.

Security•2026-04-06

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

This article covers multi-stage cyberattacks linked to North Korean threat actors (DPRK) targeting South Korean organizations, using GitHub as command-and-control (C2) infrastructure.