Executive Summary The recent autonomous discovery of over 500 high-severity vulnerabilities by Claude Opus 4.6 , a cutting-edge large language model developed by Anthropic , marks a watershed moment in cybersecurity. These vulnerabilities, found across major open-source libraries such as Ghostscript , OpenSC , and CGIF , have the potential to impact a vast array of enterprise, cloud, and critical infrastructure systems worldwide. The vulnerabilities include memory corruption,

Executive Summary On February 6, 2026, BridgePay Network Solutions , a major U.S. payment gateway and solutions provider, experienced a critical outage across its payment processing infrastructure. The disruption was rapidly confirmed to be the result of a ransomware attack, leading to a nationwide service interruption that affected merchants, municipalities, and integrators reliant on BridgePay ’s platform. Key services, including the BridgePay Gateway API (BridgeComm) , Pay

Executive Summary Germany’s Federal Office for the Protection of the Constitution ( BfV ) and Federal Office for Information Security ( BSI ) have issued a critical warning regarding a highly targeted phishing campaign exploiting the Signal messaging platform. This campaign is not based on exploiting software vulnerabilities but rather leverages advanced social engineering techniques to compromise the accounts of politicians, military personnel, and journalists. Attackers im

Executive Summary On February 5, 2026, Flickr identified a security incident involving a vulnerability in a third-party email service provider. This vulnerability potentially exposed user data, including real names, email addresses, usernames, account types, IP addresses, general location, and account activity. No passwords or payment card information were compromised. Flickr responded by shutting down access to the affected system within hours of discovery and notified bot

Executive Summary Between January 2024 and February 2026, a state-aligned threat group tracked as TGR-STA-1030 conducted a widespread cyberespionage campaign targeting at least 70 government and critical infrastructure organizations across 37 countries. The group, operating from Asia and exhibiting strong indicators of Chinese regional interests, focused on ministries of finance, law enforcement, border control, energy, telecommunications, mining, trade, and national parliam

Executive Summary A critical supply chain attack has compromised the official dYdX client libraries distributed via both the npm and PyPI package repositories. Malicious actors leveraged access to legitimate developer accounts to publish trojanized versions of these packages, which deliver advanced wallet-stealing malware and a Python-based Remote Access Trojan ( RAT ). The attack specifically targets developers and backend systems integrating with the dYdX decentralized

Executive Summary Spain's Ministry of Science, Innovation, and Universities experienced a significant cyberattack resulting in the partial shutdown of its IT systems and the suspension of key administrative services for researchers, universities, and students. The incident, which began in 2023 and was publicly acknowledged in February 2026, involved the exploitation of a critical Insecure Direct Object Reference (IDOR) vulnerability. This flaw enabled a threat actor, using t

Executive Summary The Shai-hulud supply chain attack, first identified in late 2025, has emerged as one of the most consequential and technically sophisticated threats to the global software ecosystem. This campaign, targeting the npm package registry and its vast network of open-source maintainers, has demonstrated the devastating potential of automated, cloud-native supply chain attacks. By compromising trusted developer accounts and injecting malicious code into widely u

Executive Summary The DKnife Linux toolkit represents a significant escalation in adversary-in-the-middle (AitM) threats targeting network infrastructure. This modular, China-nexus malware framework is engineered to compromise Linux-based routers and edge devices, enabling attackers to intercept, manipulate, and exfiltrate network traffic at the gateway level. By leveraging deep packet inspection, DNS hijacking, credential harvesting, and malicious payload delivery, DKnife

Executive Summary A critical remote code execution (RCE) vulnerability, designated Metro4Shell (CVE-2025-11953), has been discovered and is being actively exploited in the wild. This flaw impacts the Metro Development Server within the React Native CLI npm package , a foundational tool in the JavaScript and mobile application development ecosystem. The vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on affected systems via a net

Executive Summary A critical remote code execution (RCE) vulnerability, CVE-2025-55182 , has been identified in React Native and related frameworks implementing React Server Components (RSC) . This vulnerability, dubbed "React2Shell," is being actively exploited in the wild. The flaw arises from insecure deserialization within the RSC Flight protocol, enabling unauthenticated attackers to execute arbitrary code on affected servers. Attackers are leveraging this vulnerability

Executive Summary The resurgence of the GlassWorm malware campaign marks a critical escalation in the threat landscape for developer ecosystems worldwide. This sophisticated supply chain attack leverages trojanized extensions in both the Microsoft Visual Studio Marketplace and OpenVSX , targeting developers by impersonating widely used tools such as Flutter , React , Tailwind , Vim , and Vue . The campaign’s primary objectives are credential harvesting, cryptocurrency walle

Executive Summary A critical vulnerability has been identified in the OpenClaw AI Assistant (also known as Clawdbot ), which enables remote attackers to hijack the assistant and exfiltrate sensitive session credentials from users’ browsers. This flaw, disclosed by ZeroPath security researchers, allows any malicious website visited in the same browser session as the OpenClaw extension to abuse the assistant’s local browser relay server. Attackers can leverage this to steal

Executive Summary CVE-2026-21509 is a critical security feature bypass vulnerability affecting Microsoft Office (CVSS 7.8), which has been weaponized in a sophisticated espionage campaign by the Russian state-sponsored group APT28 (also known as Fancy Bear or UAC-0001 ). The campaign, tracked as Operation Neusploit , leverages malicious RTF and Word documents to deliver advanced malware payloads, including the MiniDoor email stealer and the Covenant Grunt command-and-co

Executive Summary On November 28, 2025, a threat actor achieved full administrative access to an Amazon Web Services (AWS) environment in just eight minutes, marking a significant escalation in the speed and automation of cloud attacks. The operation began with the compromise of valid credentials found in public Simple Storage Service (S3) buckets containing Retrieval-Augmented Generation (RAG) data for AI models. Leveraging these credentials, the attacker conducted rapid r

Executive Summary Within just three days of public disclosure, Russian state-linked threat actors weaponized a critical Microsoft Office vulnerability, CVE-2023-36884 , to launch targeted cyber-espionage and ransomware campaigns. This vulnerability enables remote code execution via malicious Office documents, bypassing standard security controls. The exploitation was observed in the wild by multiple security vendors, with attacks primarily targeting government, defense, and c

Executive Summary In January 2026, Panera Bread experienced a significant data breach attributed to the cybercriminal group ShinyHunters . The attackers gained unauthorized access to Panera Bread ’s systems by compromising a Microsoft Entra Single Sign-On (SSO) code, likely through a vishing (voice phishing) campaign. Following a failed extortion attempt, the attackers publicly leaked a dataset containing 5.1 million unique customer records. The compromised data includes na

Executive Summary A critical remote code execution vulnerability has been identified and patched in OpenSSL , the ubiquitous cryptographic library underpinning secure communications across the internet and enterprise environments. The flaw, tracked as CVE-2025-15467 , is a high-severity stack buffer overflow that can be triggered by unauthenticated attackers via maliciously crafted CMS (Cryptographic Message Syntax) messages using AEAD ciphers such as AES-GCM . This vulnerab

Executive Summary A critical path traversal vulnerability in WinRAR (CVE-2023-38831) continues to be actively exploited by a diverse array of threat actors, including advanced persistent threat (APT) groups and financially motivated cybercriminals. This flaw enables attackers to craft malicious archive files that, when extracted by vulnerable versions of WinRAR , can deposit malware into arbitrary locations on a victim’s system, such as the Windows Startup folder, thereby ac

Executive Summary Recent threat intelligence and open-source reporting confirm a significant escalation in cyber-espionage campaigns orchestrated by Pakistan-linked Advanced Persistent Threat (APT) groups, most notably APT36 (also known as Transparent Tribe ), targeting Indian government, defense, and academic entities. These campaigns, active through 2024 and into 2025, leverage advanced spear-phishing, weaponized Windows shortcut ( .LNK ) files, ISO payloads, and custom ma