Security news.
Today's security brief highlights critical vulnerabilities and persistent threats. CISA has added four new actively exploited flaws to its KEV catalog, while a new "Snow" malware is being deployed via Microsoft Teams. Additionally, a custom "Firestarter" backdoor is proving resilient on Cisco firewall devices.
CISA Adds 4 Exploited Flaws to KEV Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, impacting SimpleHelp (CVE-2024-57726, CVE-2024-57728), Samsung MagicINFO 9 Server (CVE-2024-7399), and D-Link DIR-823X series routers (CVE-2025-29635), citing active exploitation.
Threat Actor Uses Microsoft Teams to Deploy New “Snow” Malware
A threat group tracked as UNC6692 is employing social engineering tactics via Microsoft Teams to deploy a new custom malware suite named 'Snow,' which includes a browser extension, a tunneler, and a backdoor.
Firestarter Malware Survives Cisco Firewall Updates
Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter that persists on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software, even after updates.
ADT Confirms Data Breach After ShinyHunters Leak Threat
Home security giant ADT has confirmed a data breach following a ransom threat from the ShinyHunters extortion group, who claimed to have stolen data.
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
Cybersecurity researchers have discovered a previously undocumented Lua-based cyber sabotage framework, dubbed 'fast16,' dating back to 2005, which targeted high-precision calculation software years before the Stuxnet worm.
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
A China-linked APT group, GopherWhisper, is abusing legitimate services and deploying multiple Go-based backdoors and custom loaders in attacks targeting government entities.
New ‘Pack2TheRoot’ Flaw Gives Hackers Root Linux Access
A new vulnerability, 'Pack2TheRoot,' in the PackageKit daemon could allow local Linux users to install or remove system packages and gain root permissions.
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-33626) in LMDeploy, an open-source LLM toolkit, was actively exploited in the wild less than 13 hours after its public disclosure.