Security news.
Today's cybersecurity landscape highlights a surge in sophisticated phishing and supply chain attacks, with threat actors increasingly exploiting vulnerabilities in third-party software and leveraging social engineering tactics. Several critical advisories have been issued, including new additions to CISA's Known Exploited Vulnerabilities Catalog, underscoring the need for immediate patching and enhanced vigilance.
CISA Adds Three Exploited Vulnerabilities to KEV Catalog
CISA has added CVE-2021-22054 (Omnissa Workspace ONE), CVE-2025-26399 (SolarWinds Web Help Desk), and CVE-2026-1603 (Ivanti Endpoint Manager) to its KEV Catalog due to active exploitation.
Microsoft Teams Phishing Deploys A0Backdoor Malware
Hackers are targeting financial and healthcare employees via Microsoft Teams, tricking them into granting remote access through Quick Assist to deploy the new A0Backdoor malware.
Cloud Attacks Exploit Flaws More Than Weak Credentials
Google reports that attackers are increasingly exploiting newly disclosed vulnerabilities in third-party software for initial access to cloud environments, with the attack window shrinking to days.
Dutch Govt Warns of Signal, WhatsApp Account Hijacking
Russian state-sponsored hackers are conducting a phishing campaign targeting government officials, military personnel, and journalists to hijack Signal and WhatsApp accounts.
Ericsson US Discloses Data Breach After Service Provider Hack
Ericsson Inc. has reported a data breach impacting an undisclosed number of employees and customers, stemming from a hack of one of its service providers.
Malicious npm Package Deploys RAT, Steals macOS Credentials
A malicious npm package, "@openclaw-ai/openclawai," masquerading as an OpenClaw installer, has been discovered deploying a remote access trojan (RAT) and stealing sensitive data from macOS hosts.
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File
The North Korean threat actor UNC4899 is suspected of a sophisticated cloud compromise campaign against a cryptocurrency organization in 2025, initiated by a developer AirDropping a trojanized file to a work device.
Cisco Catalyst SD-WAN Vulnerability (CVE-2026-20127) Widely Exploited
A recently disclosed vulnerability in Cisco Catalyst SD-WAN, CVE-2026-20127, is now being widely exploited, with WatchTowr reporting numerous exploitation attempts from unique IP addresses.