Security news.
Today's threat landscape is dominated by active zero-day exploitation, state-sponsored APT activity targeting government entities, and critical supply chain vulnerabilities. A Microsoft Defender privilege escalation flaw (BlueHammer) is being actively exploited, while China-nexus threat actors are deploying sophisticated proxy networks and custom backdoors across multiple regions.
CISA Orders Feds to Patch BlueHammer Zero-Day in Microsoft Defender
The privilege escalation flaw (CVE-2026-33825) allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges; CISA has added it to the Known Exploited Vulnerabilities catalog due to active exploitation.
UK and Partners Warn of China-Nexus Hackers Using Proxy Networks to Evade Detection
The NCSC-UK and international partners issued a joint advisory detailing how Chinese state-backed threat actors are increasingly deploying large-scale proxy networks of hijacked consumer devices to mask malicious activity and bypass traditional defenses.
New GopherWhisper APT Group Targets Government with Go-Based Backdoors
A previously undocumented state-backed threat actor is using custom Go-based toolkits and legitimate services (Microsoft 365 Outlook, Slack, Discord) for command-and-control in attacks against government entities, with 12 Mongolian government systems confirmed compromised.
Self-Propagating npm Supply Chain Worm Steals Developer Tokens
A new worm dubbed CanisterSprawl is spreading through compromised npm packages using stolen developer credentials, automatically propagating to new packages and exfiltrating authentication tokens via an ICP canister.
Mirai Campaign Actively Exploits D-Link Router RCE Flaw
A new Mirai-based botnet campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability in end-of-life D-Link DIR-823X routers, to compromise devices at scale.
Kyber Ransomware Gang Deploys Post-Quantum Encryption
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints with variants implementing Kyber1024 post-quantum encryption, signaling an evolution in ransomware sophistication.
Palo Alto's Zealot Demonstrates Autonomous AI Cloud Attacks Outpacing Human Defense
A multi-agent penetration testing proof-of-concept shows AI can autonomously execute reconnaissance, exploitation, and exfiltration against cloud systems faster than human defenders can respond.
Vercel Discovers Additional Compromised Accounts in Context.ai-Linked Breach
Vercel has identified an expanded set of customer accounts compromised in a security incident that enabled unauthorized access to internal systems, following an expanded investigation into compromise indicators.