Cyber Defense Command Center
Real-time security intelligence and threat monitoring
SYSTEM SECURE
INFO
12:10 pm, June 2, 2026
How Leading Organizations Are Turning EDR Into Operational Resilience
The adoption of Endpoint Detection and Response (EDR) is increasing as organizations move beyond traditional endpoint protection to enhance operational resilience.
CRITICAL
12:10 pm, June 2, 2026
Google fixes one actively exploited Android zero-day, 124 flaws
Google fixed an actively exploited Android zero-day and 124 other flaws.
CRITICAL
12:10 pm, June 2, 2026
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
AI-driven exploitation timelines are rapidly shrinking, allowing vulnerabilities to be weaponized and exploited within hours of disclosure.
HIGH
10:10 am, June 2, 2026
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Pakistan-linked SideCopy group targets Afghanistan's Ministry of Finance with Xeno RAT via spear-phishing campaign.
INFO
8:10 am, June 2, 2026
New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)
A new wave of phishing emails containing SVG files has been observed, using images to deliver malicious content.
LOW
5:10 am, June 2, 2026
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Dashlane disclosed a brute-force attack affecting fewer than 20 personal subscription plan users, with encrypted vaults downloaded.
INFO
2:10 am, June 2, 2026
ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
INFO
11:10 pm, June 1, 2026
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]
LOW
10:10 pm, June 1, 2026
Spain arrests doxer leaking sensitive data of govt employees
Spanish authorities arrested an individual for leaking sensitive information of government employees.
HIGH
10:10 pm, June 1, 2026
Red Hat npm packages compromised to steal developer credentials
Red Hat npm packages compromised by Shai-Hulud malware to steal developer credentials
HIGH
7:10 pm, June 1, 2026
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
Miasma supply chain attack campaign compromises Red Hat npm packages to steal credentials and deliver a self-propagating worm
HIGH
7:10 pm, June 1, 2026
Dashlane password manager users locked out by brute force attacks
Multiple Dashlane users locked out by brute force attacks.
INFO
6:10 pm, June 1, 2026
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords.
HIGH
5:10 pm, June 1, 2026
WordPress malware campaign hides payloads in Steam profiles
A malware campaign is targeting nearly 2,000 WordPress websites, hiding payloads in Steam profiles.
INFO
3:10 pm, June 1, 2026
Microsoft investigates Office Apps, Teams file access issues
Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]
INFO
2:10 pm, June 1, 2026
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
```
{
"priority": "HIGH",
"cve": "N/A",
"target": "Czech Republic, Taiwan",
"threat_actor": "China-Aligned Groups",
"patch_ready": false,
"insight": "China-Aligned Groups are conducting a cyber espionage campaign, Operation Dragon Weave, targeting government, research, academic, technology, and financial sectors in Czech Republic and Taiwan."
}
```
INFO
2:10 pm, June 1, 2026
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
A weekly recap of various cybersecurity issues including a new Linux flaw, PAN-OS exploit, AI-powered attacks, OAuth phishing, and more.
INFO
2:10 pm, June 1, 2026
Race Against Time: Why Faster Vulnerability Alerts Matter
The article discusses the importance of faster vulnerability alerts to help organizations reduce exposure and improve response times to attacks.
MEDIUM
1:10 pm, June 1, 2026
Microsoft fixes outage affecting MFA setup, MySignIn service
Microsoft is addressing an ongoing incident affecting MFA setup and My Sign-Ins platform access.
INFO
1:10 pm, June 1, 2026
Webinar tomorrow: From alert to resolution in network incident response
A webinar is being held to discuss how automation and AI-assisted workflows can accelerate incident response in network incident response.
CRITICAL
1:10 pm, June 1, 2026
Critical Windows Netlogon RCE flaw now exploited in attacks
Threat actors are exploiting a recently patched critical Windows Netlogon vulnerability in attacks.
INFO
12:10 pm, June 1, 2026
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor.
A Security Growth Platform is the more precise name for what MSPs and MSSPs need from the software
HIGH
12:10 pm, June 1, 2026
Microsoft confirms outage affecting MFA, My Sign-Ins platform
Microsoft is experiencing an outage affecting multi-factor authentication and My Sign-Ins platform access.
HIGH
11:10 am, June 1, 2026
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
A malicious supply chain campaign targets developers using OpenAI Codex through a legitimate-looking remote web UI, codexui-android, stealing authentication tokens.
INFO
11:10 am, June 1, 2026
Microsoft fixes KB5089549 Windows security update install issues
Microsoft resolved installation issues with the May 2024 Windows 11 security update KB5089549.
INFO
10:10 am, June 1, 2026
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites.
WP Maps Pro allows site owners to embed customizable Google Maps and OpenStreetMap with markers, listings, and advanced location features on WordPress sites. It is
INFO
2:10 am, June 1, 2026
ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
INFO
12:10 am, June 1, 2026
Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st)
Unidentified RAT pushes NetSupport RAT.
INFO
4:10 pm, May 31, 2026
YARA-X 1.17.0 Release, (Sun, May 31st)
YARA-X version 1.17.0 has been released with performance improvements and a bugfix.
INFO
3:10 pm, May 31, 2026
WP Maps Pro bug exploited to create admin accounts on WordPress sites
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]
HIGH
1:10 pm, May 31, 2026
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Dutch authorities dismantle botnet linked to 17 million infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks.
HIGH
6:10 pm, May 30, 2026
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Hackers are exploiting a Palo Alto Networks GlobalProtect authentication bypass flaw (CVE-2026-0257) in attacks to breach corporate networks.
INFO
3:10 pm, May 30, 2026
New CIFSwitch Linux flaw gives root on multiple distributions
A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]
HIGH
8:10 am, May 30, 2026
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks warns that CVE-2026-0257, a medium-severity authentication bypass vulnerability in PAN-OS and Prisma Access, is under active exploitation.
HIGH
7:10 am, May 30, 2026
New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
New Russia-linked threat actor GREYVIBE targets Ukraine with AI-powered cyberattacks since August 2025, aligning with Kremlin state interests.
HIGH
7:10 pm, May 29, 2026
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
ChatGPhish vulnerability in ChatGPT allows phishing via Markdown links and images
INFO
7:10 pm, May 29, 2026
ChatGPT share links abused to host fake outage pages to deliver malware
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]
INFO
6:10 pm, May 29, 2026
California AG sues 23andMe over 2023 breach exposing health data
California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]
CRITICAL
4:10 pm, May 29, 2026
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
Attackers used LLM agent for post-exploitation after Marimo CVE-2026-39987 exploit
HIGH
3:10 pm, May 29, 2026
Dutch govt disrupts malware botnet with 17 million infected devices
Dutch authorities disrupted a massive botnet of 17 million infected devices and seized over 200 supporting servers.
INFO
3:10 pm, May 29, 2026
From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market
DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. [...]
INFO
1:10 pm, May 29, 2026
Google Chrome adds session cookie theft protection for all users
Google Chrome has introduced Device Bound Session Credentials (DBSC) to protect against session cookie theft and account takeovers.
HIGH
12:10 pm, May 29, 2026
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
Exposed AI-generated applications reveal limitations in current security stacks.
LOW
12:10 pm, May 29, 2026
Man sent to prison for selling data of 7 millions elderly Americans
A North Carolina man was sentenced to over 10 years in prison for selling personal information of 7 million elderly Americans to Jamaican scammers.
HIGH
12:10 pm, May 29, 2026
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
A new Russian-linked threat actor GREYVIBE targets Ukraine with AI-powered cyberattacks aligning with Kremlin state interests.
LOW
11:10 am, May 29, 2026
US charges Google security engineer with Polymarket insider trading
A Google security engineer was charged with insider trading using confidential company data to win $1.2 million on Polymarket.
INFO
10:10 am, May 29, 2026
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates.
According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
HIGH
9:10 am, May 29, 2026
Charter Communications data breach affects 4.9 million accounts
ShinyHunters extortion gang stole personal data from 4.9 million Charter Communications accounts.
HIGH
7:10 am, May 29, 2026
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
Kimsuky deployed HTTPSpy, HelloDoor, and VS Code Tunnels in cyber attacks on South Korean entities.
INFO
2:10 am, May 29, 2026
ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th)
ISC Stormcast podcast details for Friday, May 29th, 2026.
AI Testing
