Cybersecurity

Cybersecurity researchers have uncovered DEEP#DOOR, a highly stealthy Python-based backdoor framework designed for persistent access and extensive data exfiltration. This sophisticated Remote Access Trojan utilizes a public TCP tunneling service for command-and-control, enabling remote execution, widespread surveillance, and critical credential theft while aggressively evading detection.

The cybersecurity landscape is increasingly complex, marked by novel attack vectors and persistent vulnerabilities. Recent reports highlight a surge in sophisticated tactics, including the use of fake cell towers for SMS scams and compromised developer tools exposing private files.

The Iran-linked threat actor Handala, officially associated with Iran's Ministry of Intelligence and Security (MOIS), has launched a sophisticated influence campaign directly targeting US military personnel stationed in Bahrain. The group used WhatsApp messages to issue explicit threats of surveillance, drone strikes, and missile attacks. This marks a significant escalation in Handala's operational scope, moving beyond corporate targets to direct psychological warfare against service members.

The recent Vercel breach underscores a critical cybersecurity vulnerability stemming from the unapproved use of AI applications. A compromised third-party AI tool, granted OAuth access to internal systems, allowed attackers to pivot into Vercel's environment. This incident reveals the escalating risks associated with shadow AI integrations and OAuth sprawl within enterprise ecosystems.

Multiple official SAP npm packages were compromised in a sophisticated supply-chain attack, leading to the theft of sensitive credentials and authentication tokens from developers and CI/CD environments. Security researchers link the incident with medium confidence to the notorious TeamPCP threat actors, known for similar supply-chain compromises.

A sophisticated supply chain attack, dubbed "mini Shai-Hulud," has compromised critical SAP-related npm packages, actively stealing developer credentials and cloud secrets. This campaign targets SAP's JavaScript and cloud application development ecosystem, posing a significant threat to CI/CD pipelines and software integrity. Researchers link the operation to the known TeamPCP threat actor, raising alarms about its advanced propagation and data exfiltration capabilities.

Google has patched a critical maximum-severity vulnerability in its Gemini CLI, impacting continuous integration (CI) environments and posing a significant remote code execution (RCE) risk. This flaw, carrying a CVSS score of 10.0, allowed attackers to bypass security measures and execute arbitrary commands on host systems before sandboxing could initialize. The fix addresses how the tool processes untrusted inputs, preventing potential supply-chain attacks.

New research from Forescout reveals a critical vulnerability: at least 670 internet-facing VNC servers offer direct, unauthenticated access to industrial control systems (ICS) and operational technology (OT). This alarming exposure represents a significant attack vector for nation-state actors and cybercriminals targeting critical infrastructure globally. It underscores a broader issue of millions of remote access servers left unprotected online.

A critical authentication bypass vulnerability, identified as CVE-2026-41940 with a CVSS score of 9.8, has been discovered in cPanel and WebHost Manager (WHM), allowing unauthenticated access to web hosting control panels. This severe flaw necessitates an emergency, manual update process for all affected versions, exposing a vast array of websites and server infrastructure to significant risk.

Ukrainian law enforcement has successfully dismantled a cybercrime ring responsible for hijacking and monetizing over 610,000 Roblox gaming accounts, yielding a profit of $225,000. This operation highlights the growing sophistication of financially motivated cybercriminals targeting digital assets, regardless of their perceived value.

Cyberattackers have leveraged zero-day authentication bypass vulnerabilities in the widely-used Qinglong task scheduling tool, actively deploying cryptominers on developer servers since early February. These critical remote code execution (RCE) flaws, affecting versions 2.20.1 and older, were exploited weeks before their public disclosure, highlighting a significant pre-patch threat window. The compromise allows adversaries to inject malicious shell commands, resulting in high CPU usage from disguised cryptomining processes.

North Korean state-sponsored hackers, known as Famous Chollima, are exploiting AI-generated npm packages in a sophisticated supply chain attack codenamed "PromptMink." This multi-layered campaign infiltrates development environments to plunder cryptocurrency wallets and sensitive credentials from unsuspecting users. The novel approach highlights an evolving threat landscape where AI tools are leveraged for advanced cyber espionage and financial theft.