Security news.
Today's security brief highlights critical vulnerabilities and persistent threats. CISA has added four new actively exploited flaws to its KEV catalog, while a new "Snow" malware is being deployed via Microsoft Teams. Additionally, a custom "Firestarter" backdoor is proving resilient on Cisco firewall devices.
CISA Adds 4 Exploited Flaws to KEV Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, impacting SimpleHelp (CVE-2024-57726, CVE-2024-57728), Samsung MagicINFO 9 Server (CVE-2024-7399), and D-Link DIR-823X series routers (CVE-2025-29635), all with evidence of active exploitation.
Threat Actor Uses Microsoft Teams to Deploy New “Snow” Malware
A threat group, UNC6692, is using social engineering via Microsoft Teams to deploy a new custom malware suite named 'Snow,' which includes a browser extension, a tunneler, and a backdoor.
Firestarter Malware Survives Cisco Firewall Updates
U.S. and U.K. cybersecurity agencies warn about 'Firestarter,' a custom malware persisting on Cisco Firepower and Secure Firewall devices running ASA or FTD software, even after updates and patches.
ADT Confirms Data Breach After ShinyHunters Leak Threat
Home security giant ADT has confirmed a data breach following an extortion threat from the ShinyHunters group, who claim to have stolen data and demand a ransom.
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
Cybersecurity researchers have discovered a previously undocumented Lua-based cyber sabotage framework, 'fast16,' dating back to 2005, which targeted high-precision calculation software to tamper with results, predating the Stuxnet worm.
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
The China-linked APT group GopherWhisper is abusing legitimate services and deploying multiple Go-based backdoors and custom loaders in attacks targeting government entities.
New ‘Pack2TheRoot’ Flaw Gives Hackers Root Linux Access
A new vulnerability, 'Pack2TheRoot,' in the PackageKit daemon could allow local Linux users to install or remove system packages and gain root permissions.
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-33626) in LMDeploy, an open-source LLM toolkit, was actively exploited less than 13 hours after public disclosure.