CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials. The post VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) appeared first on Unit 42.

The Kubernetes project is urging organizations to migrate away from Ingress NGINX before its retirement in March 2026, with new high-severity CVEs underscoring the urgency.

Notepad++ has been in the news recently for a breach of infrastructure associated with the Notepad++ updater. This attack may have allowed an adversary to deliver backdoored updates which could allow arbitrary code…

OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.). The post OSINT: How to Find, Use, and Control Open-Source Intelligence appeared first on Black Hills Information Security, Inc..

AI seems to be everywhere in 2026. This can be problematic when it goes undetected in our personal interactions, including our romantic lives though dating apps, catfishing, or romance scams. In this special Valentine's Day episode, Geoff and Skyler talk about the rise in spam tactics, the use of AI in catfishing and social engineering, and the "Dead Internet" theory. They tested some of these tactics, armed with a highly-trained LLM (Love Language Model), and made a "phishy" phone call to TrustedSec's Director of Software Security, Scott White. Find out if their social engineering attempt works and watch now!  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Find more cybersecurity resources on our website at https://trustedsec.com/resources.

We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors. The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42.

CMMC has been getting much of the Controlled Unclassified Information (CUI) attention lately due to the size of the defense industrial base, but General Services Administration (GSA) requirements for protecting CUI are…

Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in May of 2025 Cyjax reported on a campaign using this method again, impersonating various IT tools. We observed a similar campaign in […] The post From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira appeared first on The DFIR Report.

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

No sponsor this week. If your organisation is interested, head over here to find out more. Chris at AskCleesDecrypting Threema4.db Mike Wilkinson at Cyber TriageConfiguring Your System for IR: Windows Logging Derek EiriExploring frame-counts-galore and hashing pixel data Oleg Afonin at ElcomsoftLive System Analysis: Mitigating Interference from Antivirus Tools ForensafeAndroid Threema Kenneth G Hartman at Lucid Truth […]

Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! The intrusion began in early March 2025 with a single successful Remote Desktop Protocol (RDP) logon to an internet-exposed system. Notably, there was no evidence of credential stuffing, brute forcing, or other failed authentication attempts from the source IP, indicating the […] The post Cat’s Got Your Files: Lynx Ransomware appeared first on The DFIR Report.

No sponsor this week. If your organisation is interested, head over here to find out more. Atola TechnologyMaster Your Drives with MultiDrive BerlaEstablishing Occupant Actions & Involvement Elcomsoft Choosing the Right Strategy: Cold Boot Forensics vs Live System Analysis Perfect Acquisition With Passcode Unlock for A8/A8X Devices Investigating Windows Registry ForensafeiOS Geolocation Jordan MussmanMac Forensics in 2026 […]

By Christopher Budd, Cybersecurity Evangelist The January 2026 Patch Tuesday release is most notable for what happened AFTER Patch Tuesday. Specifically, on January 26, 2026, Microsoft released CVE-2026-21509 – Microsoft Office Security Feature Bypass Vulnerability out-of-band.  As a reminder, an “out-of-band” release from Microsoft means that they view the threat environment around the vulnerability being […] The post From Patch to Exploit: Flare’s Intelligence on Cybercrime After January 2026 Patch Tuesday appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security. The post Phishing on the Edge of the Web and Mobile Using QR Codes appeared first on Unit 42.

Strengthen Your Identity Posture Before Attackers Find the Gaps In this cheat sheet, you’ll discover:• The four highest-risk identity categories to remediate today.• A step-by-step ISPM maturity model and 90-day implementation plan.• How to eliminate toxic permissions, enforce MFA, and remove dormant identities at scale. Download the ISPM Cheat Sheet Sponsored by Permiso Damien AttoeThe […]

Estimates from 2024 indicate that global losses attributed to online scams exceed USD $1 trillion. This figure likely represents only a portion of the true impact, as many incidents go unreported due to victim underreporting and limited confidence in the ability of institutions to investigate or recover losses. More recent reporting has also drawn attention […] The post Celebrity Impersonation Scams: Social Engineering Targeting Canadians appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Read our miniseries recap and watch every episode of “AI in the SOC: From hype to outcomes” on demand now.

No sponsor this week. If your organisation is interested, head over here to find out more. Akash PatelCase Studies: Building Effective Timelines with Plaso (Log2Timeline) Christian Peter“Far over the misty mountains cold – iLEAPP Threema Parser” Derek EiriExtracting and Matching Faces with API Forensics’ Exponent Faces Martin Korman at DFIR DudesRegipy MCP: Natural Language Registry […]

Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start? The post What to Do with Your First Home Lab appeared first on Black Hills Information Security, Inc..

As victims refuse to pay and legacy groups implode, ruthless competition is reshaping the RaaS underground. More competitors are fighting over a shrinking pool of ransomware revenue. The result is a violent restructuring playing out in real time across dark web forums. Legacy operations that dominated recent years are tearing themselves apart from within. New […] The post The Ransomware Franchise Wars: How Falling Payments Are Spawning a New Generation of Cybercrime Cartels appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

We are live from WWHF Mile High 2026 https://wildwesthackinfest.com/ Join us LIVE on Mondays, 4:30pm EST. (Except for this Special Wednesday Episode!) A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm 01:43 - PreShow Banter™ — LIVE from WWHF Denver 2026!! 03:41 - BHIS - Talkin' Bout [infosec] News 2026-02-11 04:44 - Story # 1: Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI features https://cybernews.com/security/windows-notepad-vulnerable-to-remote-attacks-feature-creep-blamed/ 09:40 - Story #2: Discord will require a face scan or ID for full access next month https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out 12:19 - Story #3: 2026-01-14: The Day the telnet Died https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/ 17:02 - Story #4: BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution https://cybersecuritynews.com/beyondtrust-remote-access-products-0-day-vulnerability/ 18:29 - Story #5: GRITREP: 0APT and the Victims Who Weren’t https://www.guidepointsecurity.com/blog/gritrep-0apt-and-the-victims-who-werent/ 22:18 - Open Discussion 35:08 - Announcements Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat This episode breaks down recent reports of sensitive information being shared with AI tools and what that means for security and operations. The discussion covers OPSEC failures, common misuse of ChatGPT in professional environments, how data actually flows through AI systems, and what organizations should (and shouldn’t) worry about. The hosts focus on practical risk, realistic threat models, and actionable lessons for security teams navigating AI adoption. 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com

BerlaConnecting Occupants to Vehicles Through Device Data Damien AttoeA Forensic Look at the Grok Android App Oleg Afonin at Elcomsoft Browser Forensics in 2026: App-Bound Encryption and Live Triage Web Browser Forensics in Digital Triage ForensafeBelkaCTF #6: Bogus Bill Kenneth G Hartman at Lucid Truth TechnologiesBFU vs AFU: What Attorneys Need to Know About Phone […]

Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery. The post Nation-State Actors Exploit Notepad++ Supply Chain appeared first on Unit 42.

From basement operations to sophisticated malware-as-a-service platforms, threat actors are flooding the underground with tools designed to crack Apple’s defenses, and they’re winning. For years, Mac users operated under a comforting assumption: their devices were immune to the malware plaguing Windows users. That era is over. Across underground forums, a thriving economy has emerged around […] The post The macOS Stealer Gold Rush: How Cybercriminals Are Racing to Exploit Apple’s ‘ Ecosystem appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Learn how a robust app control policy can have a meaningful, measurable impact on your organization’s security posture.