THREAT ALERT: Russia-linked #APT28 is weaponizing a critical MS Office flaw (CVE-2026-21509) in "Operation Neusploit."
Targeting Eastern Europe via Word docs using:
๐น Outlook macros for silent email theft
๐น Steganography in PNGs
๐น Filen API to hide traffic
Patch now! ๐
Attackers no longer wait weeks to weaponize vulnerabilities - exploitation now begins within hours, often targeting cloud infrastructure, AI ecosystems, hosting platforms, and software supply chains simultaneously. This weekโs threat activity clearly demonstrated how credential theft, authentication bypasses, and cloud-native malware operations continued to evolve into highly coordinated intrusion campaigns.
๐๐ฒ๐ ๐ผ๐ฏ๐๐ฒ๐ฟ๐๐ฎ๐๐ถ๐ผ๐ป๐ ๐ผ๐ณ ๐๐ต๐ฒ ๐๐ฒ๐ฒ๐ธ:
๐น2 vulnerabilities added to the CISA KEV catalog
๐นActive exploitations observed in Burst Statistics plugin for WordPress, GUARDIANWALL MailSuite, and Linux Kernel vulnerabilities
๐นThreat actors leveraging cPanel and WebHost Manager (WHM) instances to deploy backdoor
๐นTeamPCP actively abused a critical supply chain vulnerability affecting the TanStack ecosystem
๐นPCPJack Malware Exploits Cloud Infrastructure vulnerabilities
Stay ahead with LOGINSOFT VULNERABILITY INTELLIGENCE
Know more: loginsoft.com/reports/weeklyโฆ#Cybersecurity#Loginsoft#VulnerabilityIntelligence#VulnerabiltyManagement#ThreatIntelligence#CISAKEV#AI#TeamPCP#Ivanti#cPanel#PCPJack#WordPress#Backdoor
๐ก๐๐ฆ๐ง ๐ท๐๐๐ ๐ฐ๐ต๐ฎ๐ป๐ด๐ฒ๐ฑ ๐๐ต๐ฒ ๐ฟ๐๐น๐ฒ๐ ๐ผ๐ป ๐ก๐ฉ๐ ๐ฒ๐ป๐ฟ๐ถ๐ฐ๐ต๐บ๐ฒ๐ป๐. Here's what it means for your vulnerability management.
As of April 15, NIST will only fully enrich CVEs in three categories: CISA KEV entries, federal government software, and critical software under EO 14028.
๐๐๐ฒ๐ฟ๐๐๐ต๐ถ๐ป๐ด ๐ฒ๐น๐๐ฒ? ๐ ๐ฎ๐ฟ๐ธ๐ฒ๐ฑ "๐ก๐ผ๐ ๐ฆ๐ฐ๐ต๐ฒ๐ฑ๐๐น๐ฒ๐ฑ." Including the ๐ฒ๐ป๐๐ถ๐ฟ๐ฒ ๐ฝ๐ฟ๐ฒ-๐ ๐ฎ๐ฟ๐ฐ๐ต ๐ฎ๐ฌ๐ฎ๐ฒ ๐ฏ๐ฎ๐ฐ๐ธ๐น๐ผ๐ด.
The numbers tell the story: โ ๐๐ฉ๐ ๐๐๐ฏ๐บ๐ถ๐๐๐ถ๐ผ๐ป๐ ๐๐ฝ ๐ฎ๐ฒ๐ฏ% since 2020 โ ๐ฐ๐ฎ,๐ฌ๐ฌ๐ฌ ๐๐ฉ๐๐ ๐ฒ๐ป๐ฟ๐ถ๐ฐ๐ต๐ฒ๐ฑ ๐น๐ฎ๐๐ ๐๐ฒ๐ฎ๐ฟ a record and still not enough โ ๐ค๐ญ ๐ฎ๐ฌ๐ฎ๐ฒ ๐ฎ๐น๐ฟ๐ฒ๐ฎ๐ฑ๐ ๐ฟ๐๐ป๐ป๐ถ๐ป๐ด ๐ฏ๐ฏ% ๐ฎ๐ต๐ฒ๐ฎ๐ฑ of last year
If your vulnerability management was built assuming comprehensive NVD enrichment, you now have a blind spot. An unenriched CVE is just a number with ๐ป๐ผ ๐๐ฉ๐ฆ๐ฆ ๐๐ฐ๐ผ๐ฟ๐ฒ, ๐ป๐ผ ๐๐ฃ๐ ๐บ๐ฎ๐ฝ๐ฝ๐ถ๐ป๐ด, ๐ฎ๐ป๐ฑ ๐ป๐ผ ๐๐ฎ๐ ๐๐ผ ๐ฎ๐๐๐ผ๐บ๐ฎ๐๐ถ๐ฐ๐ฎ๐น๐น๐ ๐ฎ๐๐๐ฒ๐๐ ๐ฟ๐ถ๐๐ธ.
At ๐๐ผ๐ด๐ถ๐ป๐๐ผ๐ณ๐, we've spent 18 years building deep cybersecurity expertise and proprietary vulnerability intelligence from first principles. ๐๐ข๐ฉ๐ ๐ฒ๐ป๐ฟ๐ถ๐ฐ๐ต๐ฒ๐ ๐๐ฉ๐ ๐ฑ๐ฎ๐๐ฎ ๐๐ถ๐๐ต ๐๐-๐ฝ๐ผ๐๐ฒ๐ฟ๐ฒ๐ฑ ๐๐ต๐ฟ๐ฒ๐ฎ๐ ๐๐ฐ๐ผ๐ฟ๐ฒ๐, ๐๐ฃ๐ฆ๐ฆ ๐ฐ๐ผ๐ฟ๐ฟ๐ฒ๐น๐ฎ๐๐ถ๐ผ๐ป, ๐ฒ๐ ๐ฝ๐น๐ผ๐ถ๐ ๐บ๐ฎ๐๐๐ฟ๐ถ๐๐ ๐ฎ๐ป๐ฎ๐น๐๐๐ถ๐, ๐ฎ๐ป๐ฑ ๐ฝ๐ฟ๐ฒ-๐ก๐ฉ๐ ๐ถ๐ป๐๐ถ๐ด๐ต๐๐ independent of whether NIST gets to it or not.
The era of relying on a single source of truth is over. Your security stack shouldn't have to wait for enrichment that may never come.
๐ฆ๐๐ฎ๐ฟ๐ ๐๐ผ๐๐ฟ ๐๐ฟ๐ฒ๐ฒ ๐ง๐ฟ๐ถ๐ฎ๐น ๐ก๐ผ๐: vi.loginsoft.com/sign-up#Cybersecurity#NVD#NIST#CVE#NVDEnrichment #CVEBacklog #NVD2026 #CISAKEV#LOVI#VulnerabilityManagement#Loginsoft#VulnerabilityIntelligence#CVSSScore#PatchPrioritization#NotScheduled#CVEEnrichment
This weekโs threat landscape reveals a dangerous pattern, attackers are no longer choosing between new or old vulnerabilities. Theyโre exploiting both simultaneously, across enterprise systems and IoT environments.
๐๐ฒ๐ ๐ต๐ถ๐ด๐ต๐น๐ถ๐ด๐ต๐๐ ๐ผ๐ณ ๐๐ต๐ฒ ๐๐ฒ๐ฒ๐ธ:
๐น7 vulnerabilities added to the CISA KEV catalog
๐นActive exploitations observed in Qinglong, cPanel and LiteLLM vulnerabilities
๐นAPT28 exploited a recently patched Microsoft vulnerability
๐นMirai-Based Nexcorium and Tuxnokill Botnets Leveraged DVR and Legacy Router Vulnerabilities
Patch delays are no longer just a risk - theyโre an entry point.
If you're tracking threat activity or managing exposure at scale, now is the time to move from reactive patching to proactive intelligence-driven defense.
Stay ahead with LOGINSOFT VULNERABILITY INTELLIGENCE
Know more: loginsoft.com/reports/weeklyโฆ#Cybersecurity#Loginsoft#VulnerabilityIntelligence#VulnerabiltyManagement#ThreatIntelligence#CISAKEV#Microsoft#IoTSecurity#APT28#InfoSec#Mirai#Nexcorium#Tuxnokill
Recent activity highlighted how attackers are strategically exploiting gaps across enterprise systems and connected devices, accelerating intrusion timelines and expanding their reach at scale.
๐๐ฒ๐ ๐๐ถ๐ด๐ต๐น๐ถ๐ด๐ต๐๐ ๐ผ๐ณ ๐๐ต๐ฒ ๐๐ฒ๐ฒ๐ธ:
๐น10 vulnerabilities added to the CISA KEV catalog, impacting critical platforms like Cisco Catalyst SD-WAN Manager, Microsoft Defender, JetBrains TeamCity, Kentico Xperience, Zimbra, PaperCut, and more
๐นRapid exploitation observed in application-layer technologies such as Breeze Cache (WordPress) and LMDeploy, showing how quickly vulnerabilities are weaponized post-disclosure
๐นMirai botnet evolution continues, with campaigns like tuxnokill (D-Link routers) and Nexcorium (TBK DVR devices) leveraging unpatched and legacy IoT infrastructure
Stay ahead with proactive intelligence. Stay secure with LOVI.
Know more: loginsoft.com/reports/weeklyโฆ#Cybersecurity#LOVI#Loginsoft#Vulnerability#Intelligence#CISAKEV#Microsoft#Cisco#JetBrains#Zimbra#PaperCut#Kentico#Mirai#Tuxnokill#Nexcorium#DLink#TBKDVR
The latest threat activity reveals a clear pattern the most trusted systems are now the most targeted. This weekโs developments show attackers focusing on enterprise platforms that sit at the core of business operations endpoint management systems, remote access solutions, collaboration tools, and even developer workflows.
๐๐ฒ๐ ๐ฑ๐ฒ๐๐ฒ๐น๐ผ๐ฝ๐บ๐ฒ๐ป๐๐ ๐ผ๐ณ ๐๐ฒ๐ฒ๐ธ:
๐น3 vulnerabilities added to the CISA KEV catalog
๐นActive exploitation detected in Tianxin Internet Behavior Management System, Flowise AI, Ninja Forms - File Upload WordPress plugin
๐นMicrosoft Warns of high-velocity Medusa Ransomware attacks targeting global sectors
๐นNCSC Warns of Router Exploitation and Credential Theft via Malicious DNS Infrastructure
Know more : loginsoft.com/reports/weeklyโฆ
Stay safe and secured with Loginsoft Vulnerability Intelligence
#Cybersecurity#Loginsoft#LOVI#Vulnerability#Intelligence#InfoSec#CISAKEV#ActiveExploits#ThreatIntel#Tianxin#NinjaForms#Microsoft#Medusa#Ransomware#Storm_1175#FlowiseAI#Fortinet#TrueConf
March 2026 highlighted a rapidly evolving cybersecurity landscape marked by active exploitation of critical vulnerabilities and sustained ransomware activity across sectors.
๐๐ป ๐๐ต๐ถ๐ ๐ฟ๐ฒ๐ฝ๐ผ๐ฟ๐, ๐๐ผ๐'๐น๐น ๐น๐ฒ๐ฎ๐ฟ๐ป ๐ฎ๐ฏ๐ผ๐๐:
๐นVulnerabilities added to the CISA KEV catalog in March 2026
๐นActively exploited vulnerabilities in March 2026
๐นRansomware insights for March 2026
Stay ahead with Loginsoft Vulnerability Intelligence (LOVI) - tracking real-world exploitation before it becomes your next incident.
Full report here: loginsoft.com/reports/monthlโฆ#Cybersecurity#Loginsoft#Vulnerability#Intelligence#LOVI#March2026#InfoSec#ThreatIntel#CISAKEV#ActiveExploitations#Ransomware#Malware#Apple#Google#Microsoft
February 2026 was not just another month of vulnerability disclosures - it was a month defined by acceleration across the entire threat landscape. A notable rise in CISA KEV additions, coupled with in-the-wild exploitation across enterprise platforms, network infrastructure, and endpoint software, characterized Februaryโs threat landscape.
๐๐ป ๐๐ต๐ถ๐ ๐ฟ๐ฒ๐ฝ๐ผ๐ฟ๐, ๐๐ผ๐'๐น๐น ๐น๐ฒ๐ฎ๐ฟ๐ป ๐ฎ๐ฏ๐ผ๐๐:
๐นVulnerabilities added to the CISA KEV catalog in February 2026
๐นActively exploited vulnerabilities in February 2026
๐นRansomware insights for February 2026
Stay ahead with Loginsoft Vulnerability Intelligence (LOVI) - tracking real-world exploitation before it becomes your next incident.
Full report here: loginsoft.com/reports/monthlโฆ#Cybersecurity#Loginsoft#Vulnerability#Intelligence#LOVI#February2026#InfoSec#ThreatIntel#ActiveExploitations#Ransomware#Microsoft#Google#Dell#CISAKEV#Malware#Botnet
2026 opened with a sharp escalation in real-world exploitation, underscoring how quickly both newly disclosed and long-standing vulnerabilities can be operationalized by threat actors.
๐๐ป ๐๐ต๐ถ๐ ๐ฟ๐ฒ๐ฝ๐ผ๐ฟ๐, ๐๐ผ๐'๐น๐น ๐น๐ฒ๐ฎ๐ฟ๐ป ๐ฎ๐ฏ๐ผ๐๐:
๐นVulnerabilities added to the CISA KEV catalog in January 2026
๐นActively exploited vulnerabilities in January 2026
๐นRansomware insights for January 2026
Stay ahead with Loginsoft Vulnerability Intelligence (LOVI) - tracking real-world exploitation before it becomes your next incident.
Full report here: loginsoft.com/reports/monthlโฆ
Check out our Annual Vulnerability Intelligence Report 2025 for deeper insights - Read here: loginsoft.com/reports/annualโฆ#Cybersecurity#Loginsoft#VulnerabilityIntelligence#LOVI#January2026#Infosec#Microsoft#Fortinet#SmarterTools#Malware#Ransomware#Qilin#Akira#Sinobi
Here is our Annual Vulnerability Intelligence Report - 2025, powered by LOVI and enriched with intelligence from a wide range of trusted open sources, delivering a comprehensive, year-long view of the global cyber threat landscape as it evolved throughout 2025
๐๐ฒ๐ ๐ผ๐ฏ๐๐ฒ๐ฟ๐๐ฎ๐๐ถ๐ผ๐ป๐ ๐๐ต๐ฟ๐ผ๐๐ด๐ต๐ผ๐๐ ๐๐ต๐ฒ ๐๐ฒ๐ฎ๐ฟ:
๐น Over 300 actively exploited vulnerabilities tracked across the enterprise and OSS ecosystem
๐น Ransomware trends highlighting newly identified families, the top 10 most active groups, and the key vulnerabilities they exploited in real-world campaigns.
๐น Identified actively exploited vulnerabilities tied to 50+ new malware strains and threat actors, highlighting how the latest and trending vulnerabilities were abused in real-world attacks during 2025
๐น Month-by-month analysis of actively exploited vulnerabilities
Explore how 2025 shaped the future of cyber defense and how to stay ahead in 2026.
Know more: loginsoft.com/reports/annualโฆ
Stay updated with Loginsoft Vulnerability Intelligence
#Loginsoft#Vulnerability#Intelligence#LOVI#CybersecurityRecap#Vulnerabilities#VulnerabilityReport2025 #InfoSec#Threats#Ransomware#CISAKEV#OSSIntel#Raas#Microsoft#Apple#Google#Linux#Android#ActiveExploitations#ZeroDay#PoC#DOYOUKNOWCVE
The React2Shell Crisis: Technical Deep Dive into CVE-2025-55182 and Widespread Exploitation Activity
Here is our detailed breakdown of React2Shell - the critical vulnerability in React Server Components.
๐ง๐ต๐ถ๐ ๐ฏ๐น๐ผ๐ด ๐ฐ๐ผ๐๐ฒ๐ฟ๐:
๐น The root cause behind the React2Shell flaw
๐น How attackers are exploiting it
๐น Indicators to identify exposure in your environment
๐น A practical defense checklist teams can act on now
Stay ahead and secure with LOVI
Read more: loginsoft.com/post/the-reactโฆ#Cybersecurity#Loginsoft#Vulnerability#Intelligence#LOVI#React2Shell#Log4Shell#InfoSec#ReactServerComponents
Shai-Hulud 2.0: Inside the Most Sophisticated Supply-Chain Attack
The Shai-Hulud campaign has evolved from a September worm into a fully automated, ecosystem-wide breach compromising npm packages, harvesting cloud & CI/CD secrets, and embedding persistence through GitHub workflows.
In this breakdown, we have covered:
โข What Shai-Hulud is and how it first appeared
โข How the 2.0 variant executed a stealthier, faster supply-chain attack
โข How to identify impacted libraries and repos
โข A complete attack timeline + key defensive takeaways
Read the full analysis here: loginsoft.com/post/shai-huluโฆ#Cybersecurity#Loginsoft#Vulnerability#Intelligence#LOVI#ShaiHulud#SupplyChain#Attack#npmpackages
#DoYouKnowAdversary
Ransomware Alert!
The Gentlemen ransomware campaign, first observed in the summer of 2025, has disrupted multiple organizations across diverse industries. The operation demonstrates a sophisticated blend of persistence and precision, using tailored evasion mechanisms, adjusting its behavior around existing security controls, and abusing both trusted and vulnerable system components to slip past multi-layered defenses. The ransomware also forcefully terminates essential backup, database, and security services to amplify operational impact and ensure maximum damage.
Leverage our #ThreatIntelligence to anticipate attack patterns, strengthen defenses, and refine response strategies.
๐ For more information, Visit #LOVI: vi.loginsoft.com/threat-profileโฆ#CyberThreatIntelligence#MalwareCampaign#MitreAttack#TTPs#CyberSecurity#VulnerabilityIntelligence#Infosec#OSINT#ThreatInformedDefense#CTI#Ransomware
This week brought a wave of active exploits and critical updates, as both old and new vulnerabilities drew the attention of threat actors worldwide.
๐๐ฒ๐ ๐ผ๐ฏ๐๐ฒ๐ฟ๐๐ฎ๐๐ถ๐ผ๐ป๐ ๐ผ๐ณ ๐๐ต๐ฒ ๐๐ฒ๐ฒ๐ธ:
๐น CISA added 9 vulnerabilities to KEV catalog
๐น Active exploitations were observed in WordPress plugins, Milesight industrial routers.
๐น EnemyBot, Sysrv-k, Andoryu, and Androxgh0st exploited flaws in GitLab, cloud gateways, and PHP apps.
๐น IoT botnets Mirai, Bashlite, Tsunami, and BrickerBot ramped up attacks on EirD1000 routers.
๐น Storm-1175 exploited GoAnywhere MFT, linked to Medusa ransomware activity.
๐น CrowdStrike reported zero-day attacks on Oracle E-Business Suite targeting enterprise systems.
Update, detect, defend - stay protected.
Full report here: loginsoft.com/reports/weeklyโฆ#Cybersecurity#LOVI#Loginsoft#Vulnerability#Intelligence#CISAKEV#Microsoft#Windows#InternetExplorer#WordPress#Milesight#Grafana#Botnet#EnemyBot#Andoryu#Androxghost#BrickerBot#Tsunami#Storm1175#Medusa#Ransomware#Cl0P#GracefulSpider
5K Followers 9 Following@Openwall oss-security mailing list thread summaries, currently maintained by @solardiz. Originally setup and maintained as an automated feed by @eugeneteo.
1.5M Followers 2 FollowingWe're an AI safety and research company that builds reliable, interpretable, and steerable AI systems. Talk to our AI assistant @claudeai on https://t.co/FhDI3KQh0n.
69K Followers 879 FollowingThreat intelligence platform - Data from Deep Web, Dark Web, Open Web || For data API integration : [email protected] Democratizing Cyber Security.
6K Followers 938 Followinghttps://t.co/9I6nRUiFjm is a service that provides threat intelligence data about observed network scanning and cyber attacks.
3K Followers 1K FollowingCrowdfense is the world-leading research hub and acquisition platform for zero-day exploits and vulnerability research. We offer the highest bounties
1.8M Followers 374 FollowingMinister for Railways, Information & Broadcasting, Electronics & Information Technology, Government of Bharat | Former IAS | Alumnus @IITKanpur @Wharton
2.8M Followers 10 FollowingThe official handle of the Republic Media Network | DIGITAL | TV | MEDIA | Subscribe to WhatsApp Channel Here - https://t.co/xyHvysKg6I
233K Followers 9 FollowingOfficial Twitter account of National Crime Investigation Bureau (NGO), Our main objective is to make citizens aware of the rights given by constitution and law.
55K Followers 98 FollowingHacker | Hall of Fame: Google, Apple, X, NASA | BlackHat MEA x1 | CVE ร4 | HackTheBox SME (Guru) | BC: P1 warrior | Featured in NASAโs IT Talk | OSCP | OSCP+
9K Followers 11 FollowingProactive Defense Against Future Threats | Pioneering #CyberSec and #ThreatIntelligence in Europe & MENA since โ12.
CTI Platform: #USTA Risk Intel: #BLINDSPOT
50K Followers 606 FollowingFather | Lawyer | Bug Bounty Hunter | Complete newbie | Every Law has its own Bugs. https://t.co/Cwuy2zfF8N https://t.co/Bd9ltJWS5X
11K Followers 6 FollowingCutting-edge security research by @SonarSource to educate the world about code security across all software.
We're also at @[email protected] ๐ฆฃ
19K Followers 210 FollowingTech lead and security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own.
Backup @[email protected]
2K Followers 547 FollowingProud dad and husband, reverse engineer, exploit developer, author of SANS SEC670, and SEC665. Windows kernel developer, Air Force