Vulnerability Management – Page 2

Articles

SANDWORM_MODE: npm supply-chain worm poisons CI workflows and AI coding assistants

Short title: SANDWORM_MODE npm worm (CI secret theft + MCP poisoning)npm supply chain attack, SANDWORM_MODE, typosquatting, GitHub Actions compromise, CI secret exfiltration, MCP server injection, AI coding assistant poisoning, Shai-Hulud,…

Vulnerabilities_Exploits

Chinese APT-linked exploitation of TeamT5 ThreatSonar (CVE-2024-7694)

24 February 2026 Threat Analyst

Targeted 2024 intrusions against high-profile TeamT5 customers, later surfaced via CISA KEV listing. 1. Executive Summary CVE-2024-7694 is a high-severity arbitrary file upload vulnerability in TeamT5’s ThreatSonar Anti-Ransomware that can…

Articles

Cyber Threats Facing UK Further and Higher Education

22 February 2026 Threat Analyst

1. Executive Summary UK further education (FE) colleges and higher education (HE) institutions face a persistently high-volume threat environment driven by phishing, account compromise, ransomware/extortion, and periodic surges in denial-of-service…

Articles

Payload Ransomware: Early Profile

21 February 2026 Threat Analyst

Tags: Payload ransomware, data broker extortion, double extortion, Tor leak site, ESXi ransomware, RECOVERY-xx0001.txt, IOCs, incident response Published: 21 February 2026 (Europe/London) 1. Executive Summary Payload is an emerging ransomware…

Vulnerabilities_Exploits

Ivanti EPMM Pre-Auth RCE (CVE-2026-1281) Under Active Exploitation

21 February 2026 Threat Analyst

Ivanti Endpoint Manager Mobile (EPMM) sits in a uniquely privileged position: it manages device enrollment, policy enforcement, and app/content distribution across entire mobile fleets. When an internet-facing EPMM server is…

Articles

EDR Killers in 2026: The most common ways attackers neutralize endpoint security — and how to stop them

21 February 2026 Threat Analyst

Publish date: 21 February 2026Category: Threat Intelligence / Defense Evasion / Endpoint SecurityTags: EDR, XDR, ransomware, defense evasion, BYOVD, Windows drivers, tamper protection, detection engineering Executive summary “EDR killers” are…

Articles

BYOVD in 2026: the signed-driver loophole powering EDR bypass at scale

21 February 2026 Threat Analyst

Last updated: 21 February 2026 (Europe/London) 1. Executive Summary Bring Your Own Vulnerable Driver (BYOVD) is a post-compromise technique where attackers load a legitimately signed (but vulnerable) kernel driver and…

Techniques_Tactics_Procedures Threat_Actor_Profiles Vulnerabilities_Exploits

APT29 (Cozy Bear / The Dukes / Midnight Blizzard) – Threat Actor Profile

20 February 2026 Threat Analyst

APT29, also known as Cozy Bear, is a Russian hacker group believed to be affiliated with one or more Russian intelligence agencies. The group has been operating for the Russian…

Techniques_Tactics_Procedures Threat_Actor_Profiles

APT31 (Violet Typhoon / ZIRCONIUM) – Threat Actor Profile

20 February 2026 Threat Analyst

At-a-glance Attribute Assessment Primary tracking name APT31 (widely used in government and industry reporting) (Department of Justice) Notable aliases Violet Typhoon / ZIRCONIUM (Microsoft), JUDGMENT PANDA (CrowdStrike) (Microsoft Learn) Suspected…

Vulnerabilities_Exploits

CVE-2026-20841 — Windows Notepad (Store app) Markdown Link Handling Leads to Command Injection / Code Execution

16 February 2026 Threat Analyst

1. Executive Summary CVE-2026-20841 is a high-severity command injection flaw in the modern Windows Notepad (Microsoft Store) application that can result in arbitrary code execution in the context of the…

SANDWORM_MODE: npm supply-chain worm poisons CI workflows and AI coding assistants

Chinese APT-linked exploitation of TeamT5 ThreatSonar (CVE-2024-7694)

Cyber Threats Facing UK Further and Higher Education

Payload Ransomware: Early Profile

Ivanti EPMM Pre-Auth RCE (CVE-2026-1281) Under Active Exploitation

EDR Killers in 2026: The most common ways attackers neutralize endpoint security — and how to stop them

BYOVD in 2026: the signed-driver loophole powering EDR bypass at scale

APT29 (Cozy Bear / The Dukes / Midnight Blizzard) – Threat Actor Profile

APT31 (Violet Typhoon / ZIRCONIUM) – Threat Actor Profile

CVE-2026-20841 — Windows Notepad (Store app) Markdown Link Handling Leads to Command Injection / Code Execution

You missed

OpenClaw lures fuel ClickFix infostealer infections as agentic AI ecosystems become a new credential target

Storm-2561 pushes fake VPN installers via SEO poisoning to steal enterprise credentials

Hudson Rock ties Polyfill.io supply-chain compromise to DPRK operator via Lumma Stealer telemetry

Stryker ‘Handala’ incident: global Microsoft environment disruption and reported remote device wipes