Live

Intelligence Feed

Latest threat intelligence articles from trusted security sources, auto-processed to extract entities, IoCs, and TTPs.

Secure Registry now tells you which machine pulled a compromised package

3d ago · step-security

On June 17, 2026, an attacker compromised the @mastra npm organization and introduced a typosquatted package, easy-day-js, into over 140 packages in the Mastra AI framework ecosystem. The malicious package executed an obfuscated postinstall dropper that retrieved a second-stage payload from an attacker-controlled server before deleting itself. This supply chain attack exposed more than 1.1 million weekly downloads, highlighting the need for rapid incident response and source attribution to determine affected systems.

3 IoCs
10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions

3d ago · step-security

In March 2026, the threat actor TeamPCP compromised 76 version tags of the aquasecurity/trivy-action GitHub Action by injecting a credential stealer, exploiting elevated privileges to harvest secrets from memory and exfiltrate them to a malicious domain. The same actor targeted other platforms including PyPI packages litellm and telnyx, and previously compromised the Checkmarx KICS GitHub Action using similar tactics. These supply chain attacks highlight a broader trend of targeting CI/CD pipelines to steal credentials and cloud tokens. The attacks leveraged typosquatted domains and memory scraping techniques, underscoring the need for layered defenses in GitHub Actions environments.

2 IoCs 1 Actors 1 CVEs
StepSecurity Maintained Actions Are Now Free for Public Repos

2d ago · step-security

In March 2025, the tj-actions/changed-files GitHub Action, used by over 23,000 repositories, was compromised in a supply chain attack that exfiltrated CI/CD secrets via malicious code injected through tampered version tags. StepSecurity detected the incident using its Harden-Runner tool and provided a secure, drop-in replacement, step-security/changed-files, which has since been adopted by thousands of projects. This event highlighted the risks of relying on unmaintained third-party GitHub Actions and led StepSecurity to make its catalog of 500+ maintained, security-hardened actions freely available for public repositories to improve overall CI/CD security across the open-source ecosystem.

2 IoCs 1 CVEs
Welcome to the new Project Zero Blog

6mo ago · google-project-zero

This article introduces the new Project Zero blog and highlights previously unpublished research on exploitation techniques. It references historical work on Windows race conditions and sandbox escape methods. The post emphasizes the ongoing relevance of zero-day vulnerabilities and the need for continued defensive improvements. No active threat activity or specific attacks are described.

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby

5mo ago · google-project-zero

A 0-click exploit chain targeting Google Pixel 9 devices was developed by Project Zero to demonstrate the exploitation of a critical vulnerability in the Dolby Unified Decoder (CVE-2025-54957). The vulnerability allows arbitrary code execution in the mediacodec context via malicious audio attachments in SMS/RCS messages, which are automatically decoded without user interaction. The exploit leverages a buffer overrun and memory leak in the EMDF parsing logic to achieve code execution, bypassing Android security features such as ASLR and SELinux. The vulnerabilities were patched as of January 5, 2026.

5 IoCs
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave

5mo ago · google-project-zero

A 0-click exploit chain targeting the Pixel 9 was demonstrated, leveraging a vulnerability in the BigWave kernel driver accessible from the mediacodec SELinux context. The exploit achieves kernel arbitrary read/write via a use-after-free (UAF) in the BIGO_IOCX_PROCESS ioctl handler, enabling sandbox escape and privilege escalation. The attacker can gain root privileges and disable SELinux, culminating in full device compromise. The exploit was integrated with a Dolby decoder vulnerability to form a complete attack chain.

2 IoCs
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?

5mo ago · google-project-zero

Google Project Zero uncovered a 0-click exploit chain targeting the Pixel 9, leveraging vulnerabilities in the Dolby UDC audio decoder and the BigWave kernel driver. The chain allowed remote code execution and privilege escalation with minimal bugs, highlighting weaknesses in Android's attack surface, driver security, and patching timelines. Despite responsible disclosure, patch deployment was delayed, leaving users exposed for months. The findings emphasize systemic issues in vulnerability prioritization, mitigation effectiveness, and vendor coordination across the Android ecosystem.

Bypassing Windows Administrator Protection

5mo ago · google-project-zero

A security researcher identified multiple vulnerabilities in Windows 11 25H2's new Administrator Protection feature, designed to replace User Account Control (UAC). One of nine discovered bypasses allowed silent escalation to full administrator privileges by exploiting lazy initialization of per-session DOS device directories, improper access checking during object creation, and token impersonation behaviors. The vulnerabilities were reported to Microsoft and addressed in updates, including optional update KB5067036, before the feature's official release. Administrator Protection was temporarily disabled in December 2025 due to application compatibility issues unrelated to the security flaws.

1 IoCs
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529

5mo ago · google-project-zero

A detailed technical analysis of exploiting CVE-2024-54529, a type confusion vulnerability in macOS's coreaudiod daemon, is presented. The exploit leverages uninitialized memory in the 'ngne' object and a heap manipulation technique using property lists to achieve arbitrary code execution. The attack involves crashing and restarting coreaudiod to reuse heap-sprayed data, ultimately enabling privilege escalation via a ROP chain.

1 IoCs
Bypassing Administrator Protection by Abusing UI Access

4mo ago · google-project-zero

A researcher discovered multiple bypasses for Windows Administrator Protection by exploiting UI Access, a feature designed to allow accessibility tools to interact with higher integrity processes. The bypasses leverage flaws in secure directory checks, repurposing legitimate UI Access executables, shared user profiles, insecure RPC handling, and access token manipulation. These techniques allow a limited user to silently elevate privileges and compromise administrator-level processes without consent prompts, undermining the security boundary intended by Administrator Protection.

2 IoCs
A Deep Dive into the GetProcessHandleFromHwnd API

4mo ago · google-project-zero

The article analyzes the evolution of the GetProcessHandleFromHwnd API in Windows, revealing security flaws that allowed privilege escalation and access to protected processes. Early versions used user-mode hooks, but a shift to kernel-mode handling in Windows 10 introduced a vulnerability enabling unrestricted process handle access when UIPI checks were bypassed. This was exploited to compromise protected processes like WerFaultSecure.exe, leading to CVE-2023-41772. Recent Windows 11 updates have mitigated the issue by enforcing stricter access checks and feature flags.

3 IoCs
On the Effectiveness of Mutational Grammar Fuzzing

4mo ago · google-project-zero

The article discusses the limitations of mutational grammar fuzzing, particularly in finding complex bugs that require specific function chaining, and highlights issues such as coverage not equating to bug discovery and lack of corpus diversity. The author demonstrates how these limitations affect fuzzing efficiency, especially in language-based targets like XSLT processors. A hybrid approach combining generative and mutational fuzzing with periodic worker restarts is proposed to improve bug discovery and sample diversity.

Trust No Skill: Integrity Verification for AI Agent Supply Chains

3w ago · unit42

AI agents are increasingly extended with third-party skills from public registries, creating supply chain risks due to insufficient behavioral verification. A new audit method called Behavioral Integrity Verification (BIV) reveals that 80% of skills exhibit behavioral deviations from their declared capabilities, with 18.9% showing adversarial intent. These malicious skills often form multi-stage attack chains enabling credential exfiltration, remote code execution, or silent data theft, highlighting the need for pre-installation integrity checks in AI agent ecosystems.

Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered

3w ago · unit42

A new forensic artifact, App.MenuItem, has been discovered in macOS Tahoe 26, which logs user menu interactions such as 'Compress' and 'Move to Trash' to provide insight into user intent. This artifact is stored in a SEGB-encapsulated protobuf format within the Apple Biome system and requires specialized tools like ccl-segb for parsing. The data enables investigators to reconstruct user workflows, such as data compression and deletion, enhancing visibility into potential data exfiltration or malicious activity.

Inside the Modern SOC: The 72-Minute Race

2w ago · unit42

The article highlights the increasing speed of cyberattacks, with adversaries achieving data exfiltration in as little as 72 minutes. Attackers leverage compromised credentials and identity-based techniques to rapidly escalate privileges and move laterally across environments. Modern SOCs struggle to keep pace due to manual processes and fragmented workflows. Threat actors like Muddled Libra and Spoiled Scorpius are exemplifying this trend by exploiting identity weaknesses to accelerate attack timelines.

2 Actors
Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

2w ago · unit42

A vulnerability in the Google Cloud Vertex AI Python SDK versions 1.139.0 and 1.140.0 allowed attackers to hijack model uploads via bucket squatting, leading to cross-tenant remote code execution (RCE). By predicting and preemptively creating a default staging bucket, an attacker could intercept and replace legitimate model artifacts with malicious payloads exploiting pickle deserialization. The victim's model deployment would then execute the attacker's code, enabling credential theft and lateral movement within Google Cloud environments.

3 IoCs
The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration

1w ago · unit42

A universal bucket hijacking technique has been identified that exploits the global uniqueness of cloud storage bucket names across major cloud providers including Google Cloud, AWS, and Microsoft Azure. Attackers with permissions to delete a storage bucket can recreate it under their control, redirecting data streams such as logs, Pub/Sub messages, and storage transfers to their own environment, leading to silent data exfiltration. While no active exploitation has been observed, the architectural flaw enables long-term, undetectable compromise of sensitive data if proper IAM controls and monitoring are not in place.

OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat

1w ago · unit42

OpenClaw's skill marketplace, ClawHub, has become a vector for AI supply chain attacks involving malicious skills that distribute infostealers, evade detection through file padding, and enable financial fraud via affiliate injection and front-running schemes. Multiple malicious skills were discovered between February and May 2026, leveraging paste-site redirects, C2 infrastructure, and dynamic payload delivery. These threats bypassed automated screening tools like VirusTotal and ClawScan, highlighting weaknesses in current detection mechanisms. Palo Alto Networks has collaborated with ClawHub and NVIDIA to improve skill verification and protect customers through advanced security services.

15 IoCs 1 Malware
CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure

1w ago · unit42

CL-STA-1062, a Chinese-speaking threat actor group active since at least March 2022, has been targeting government entities and critical infrastructure in Southeast Asia. The group, also tracked as UAT-7237, uses a hybrid toolkit combining open-source tools like SoftEther VPN, Mimikatz, and VNT with a custom backdoor named TinyRCT. This backdoor enables command execution, file exfiltration, screen capture, and self-destruction, and is deployed via AppDomainManager injection through a maliciously crafted archive. The campaign demonstrates a sustained regional focus, with attacks spanning from Taiwan to Southeast Asia, particularly targeting energy and government sectors.

13 IoCs 1 Actors 2 Malware
Threat Brief: Mitigating Large-Scale Credential Attacks

1w ago · unit42

Unit 42 has identified a large-scale password spraying and credential theft campaign dubbed 'FortiBleed' targeting Fortinet, Sophos, and MSSQL services. The threat actors use a curated password list derived from prior breaches and previously compromised credentials to conduct password spraying attacks, extract device configurations, and perform offline password cracking. An initial access broker has claimed responsibility on the Exploit[.]in forum, offering stolen credentials for sale. Palo Alto Networks recommends hardening remote access controls, enabling MFA, and monitoring for suspicious login patterns.

1 IoCs
Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

4d ago · unit42

Unit 42 researchers identified a new threat called 'phantom squatting,' where adversaries register AI-hallucinated domains to exploit software supply chains. Large language models (LLMs) frequently generate fictitious domains for legitimate brands, and attackers preemptively register these domains to intercept traffic from AI systems and users. A real-world case involved the 'Montana Empire' phishing kit, which targeted a hallucinated domain 23 days before its registration, demonstrating AI-assisted attack development. The research uncovered 13,229 malicious URLs and approximately 250,000 unregistered hallucinated domains, highlighting a growing risk to AI-driven workflows and developer tooling.

4 IoCs
How We Added WebAuthn to a Browser-Based RDP Client

2d ago · unit42

This article details a research effort to implement WebAuthn redirection in a browser-based RDP client, reverse-engineering Microsoft's undocumented internal handling of WebAuthn in Windows. The research uncovered that Microsoft's mstsc.exe uses an undocumented internal plugin path in webauthn.dll to process hash-only WebAuthn requests from older Windows servers, while public APIs require full clientDataJSON. The work enabled the first non-Windows implementation of WebAuthn redirection in an RDP client, predating FreeRDP's support. The findings highlight critical gaps in Microsoft's documentation and the complexity of cross-platform WebAuthn implementation in RDP environments.

Reporting from Vegas: Networking, AI, and good boys

4w ago · talos

Cisco Talos has expanded its Threat Hunting program to proactively identify advanced adversaries leveraging AI to evade traditional detection. The initiative recently uncovered a KongTuke command-and-control (C2) infrastructure, highlighting the need for hypothesis-driven threat hunting. As attackers increasingly use AI and legitimate tools to stay under the radar, Talos emphasizes continuous monitoring across endpoint, network, and identity data to detect sophisticated intrusions before signatures are available.

15 IoCs 1 Malware
Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

3w ago · talos

Microsoft's June 2026 Patch Tuesday addresses 206 vulnerabilities, including 32 critical, with a focus on remote code execution (RCE) flaws in Windows services, Microsoft Office, and Azure components. Several vulnerabilities are deemed more likely to be exploited, including CVE-2026-42985 in Remote Desktop Client and CVE-2026-47291 in the HTTP Protocol Stack. Talos has released Snort rules to detect exploitation attempts, emphasizing proactive defense against potential attacks targeting these critical flaws.

A tale of two eras

3w ago · talos

Cisco Talos intelligence highlights the growing threat of AI-driven vulnerability discovery, which is outpacing human patching capabilities and enabling rapid exploitation of zero-day vulnerabilities. Organizations are urged to move beyond patch-reliant strategies and adopt a resilient security posture centered on foundational controls, behavioral detection, and incident response readiness. The report emphasizes that some breaches are inevitable, making detection and response capabilities as critical as prevention.

12 IoCs 1 Malware
Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model

2w ago · talos

The article discusses a novel approach to reverse engineering VB6 binaries by leveraging vbdec's live COM object model, enabling AI agents to automate analysis without modifying the core tool. By exposing its parsed project data through the Windows Running Object Table (ROT), vbdec allows local AI agents like Claude Code to interact with and query the disassembler programmatically. This method supports scalable, repeatable, and exhaustive analysis tasks such as decompilation, call graph generation, and database export, all performed locally without uploading sensitive binaries. The technique demonstrates how existing tools can be transformed into queryable services through structured data exposure and simple scripting interfaces.

Close Encounters of the Human Kind

2w ago · talos

Cisco Talos observed a large-scale credential-harvesting campaign targeting over 30,000 Fortinet devices across nearly 200 countries. The campaign leverages known vulnerabilities in Fortinet firewalls and VPN gateways to steal credentials and maintain persistent access. Additionally, fileless variants of Phantom Stealer malware are being used to target browser credentials, employing anti-analysis techniques to evade detection. These threats highlight ongoing exploitation of internet-facing infrastructure and the need for robust patching and multi-factor authentication.

12 IoCs 1 Actors 1 Malware
Introduction to COM usage by Windows threats

1w ago · talos

Component Object Model (COM) is a foundational Windows technology increasingly exploited by threat actors for malicious purposes such as persistence, lateral movement, execution, and evasion. Malware families like Qakbot, Gh0stRAT, and WarmCookie leverage COM interfaces to interact with Windows services including Task Scheduler, WMI, and BITS, often bypassing traditional detection mechanisms. These threats use indirect vtable calls and DCOM for stealthy operations, making static analysis more complex. Understanding COM usage is critical for effective threat hunting and reverse engineering.

1 Actors 2 Malware
Beyond IOCs: AI-enabled threat intelligence

1w ago · talos

Cisco Talos highlights the increasing abuse of Windows Component Object Model (COM) by malware families such as Qakbot and WarmCookie for lateral movement, persistence, and evasion. COM's use of opaque GUIDs and indirect vtable calls complicates manual analysis and static detection, allowing attackers to blend malicious activities with legitimate system processes. Defenders are advised to enhance their ability to detect and interpret COM-related artifacts to uncover hidden stages of the infection chain.

15 IoCs 2 Malware
ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

4d ago · talos

Cisco Talos identified ARToken, a phishing-as-a-service (PhaaS) platform affiliated with the EvilTokens infrastructure, targeting Microsoft 365 users via sophisticated device code phishing. The platform offers affiliates a comprehensive toolkit for token theft, persistence via Primary Refresh Tokens (PRT), business email compromise (BEC), and SharePoint/OneDrive exfiltration. ARToken leverages advanced anti-analysis techniques including client-side behavioral verification and XOR-encrypted payloads to evade detection, while operating through Cloudflare Workers and a React-based dashboard for management.

4 IoCs
Next →