Threat Digest

Attack Surface Dashboards Built in Minutes: A CTEM Game-Changer

Forget wrestling with cryptic Cypher queries. Rapid7's latest Surface Command update is about to unleash an army of citizen dashboard builders within your security team, turning raw asset intelligence into actionable insights in mere minutes.

Threat Digest 5 min read 2 hours ago

Latest Stories

Compliance & Policy 📊 Objective

TrapDoor Attack: 34 Malicious Packages Hit Dev Tools [2026]

The software supply chain is under siege again, this time with the TrapDoor campaign stealthily infiltrating npm, PyPI, and Crates.io with credential-stealing malware. This multi-ecosystem assault underscores the escalating sophistication of attacks targeting developer workflows.

5 min read 5 days, 20 hours ago

🕳️

Vulnerabilities & CVEs ⚠️ Warning

Anthropic's Mythos: AI Finds 23K OSS Vulnerabilities

AI isn't just writing code; it's now dissecting it for flaws. Anthropic's Mythos model has unleashed a torrent of vulnerability discoveries, shaking the foundations of open-source security.

5 min read 5 days, 21 hours ago

🔓

Data Breaches 📉 Bearish

Oncology Institute Breach: Patient Data Compromised

The Oncology Institute (TOI) announced a confirmed data breach impacting patient information. This disclosure comes after a months-long investigation into a cybersecurity incident that first surfaced in November 2025.

6 min read 5 days, 22 hours ago

A chaotic collage of code snippets, error messages, and lock icons, representing the week's cybersecurity events.

Vulnerabilities & CVEs ⚠️ Warning

GitHub Breach & 9-Year-Old Linux Flaw: The Week in Cyber Chaos

Another week, another cascade of vulnerabilities. This time, GitHub took a hit from a poisoned VS Code extension, while a nine-year-old Linux kernel flaw suddenly decided to reappear. And don't even get us started on Microsoft Defender.

3 min read 5 days, 23 hours ago

Abstract representation of data streams being filtered and analyzed by an AI system.

Security Tools 📊 Objective

AI Ends NDR's 'Noise' Problem?

The incessant 'alert firehose' of Network Detection and Response (NDR) systems, a decades-old cybersecurity pain point, is finally meeting its match. Agentic AI is emerging as the unlikely hero, sifting through the digital deluge to pinpoint genuine threats.

6 min read 6 days ago

Conceptual image representing a digital ghost or invisible entity within a computer network.

Nation-State Threats ⚠️ Warning

Lazarus Deploys Memory-Only RAT [Threat Analysis]

Lazarus Group's latest weapon, RemotePE, is a sophisticated memory-only RAT designed for deep, stealthy infiltration of financial and crypto targets. Its architecture leaves attackers virtually invisible.

5 min read 6 days, 1 hour ago

🦠

Ransomware & Malware ⚠️ Warning

Laravel Packages Poisoned: Malware Targets Cloud Secrets

A sophisticated supply chain attack has hit the Laravel ecosystem. Popular localization packages were compromised, injecting malware designed to steal critical cloud credentials.

5 min read 6 days, 4 hours ago

A visual representation of an arms race with AI bots competing to find software vulnerabilities.

Vulnerabilities & CVEs ⚠️ Warning

AI Sparks Bug Bounty Arms Race

The era of AI-driven vulnerability discovery is here. Bug bounties are drowning in submissions, forcing a seismic shift in cybersecurity economics and timelines.

6 min read 6 days, 4 hours ago

Abstract digital security graphic representing data flow and protection

Cloud Security ⚠️ Warning

Microsoft 365 Security: Kali365 Exploits OAuth for Data Heists [FBI Warns]

Your Microsoft 365 account is now on the front lines. A sophisticated phishing kit, Kali365, is bypassing even multi-factor authentication, granting attackers deep access.

6 min read 6 days, 5 hours ago

Formula 1 car speeding on a track with digital overlays indicating cyber threats.

Threat Intelligence ⚠️ Warning

F1 Fan Scams: Expect Fake Streams, Shady Merch

Everyone expected Formula 1's digital expansion to bring new ways to engage with the sport. What they didn't count on was fraudsters building an entire ecosystem around it, targeting passionate fans with everything from fake tickets to malware-laden streaming apps.

5 min read 6 days, 6 hours ago

A stylized illustration of a digital lock being broken by a shadowy figure, representing security vulnerabilities.

Vulnerabilities & CVEs 📉 Bearish

[Chrome Vulnerability] Attackers Can Run Code, Threat Digest Reports

Is your browser actively trying to get you hacked? This week, a critical Chrome vulnerability surfaced, and Microsoft Defender's own weaknesses are being exploited. We're not just talking about theoretical risks here.

5 min read 6 days, 7 hours ago