Executive Summary The recent disclosure by Google 's Threat Intelligence Group (GTIG) highlights a significant escalation in the adversarial misuse of the Gemini AI platform by advanced persistent threat (APT) actors and information operations (IO) groups. These threat actors, including state-sponsored groups from Iran, China, North Korea, and Russia, are leveraging Gemini AI to facilitate every phase of the cyberattack lifecycle. While Google has implemented robust safety

Executive Summary In February 2026, over 60 leading software vendors, including Microsoft , SAP , Intel , and Adobe , issued critical security updates addressing a broad spectrum of vulnerabilities across operating systems, cloud services, and network platforms. This unprecedented, coordinated patch release cycle targets both newly discovered and actively exploited zero-day vulnerabilities, with several flaws already leveraged by advanced persistent threat (APT) groups for in

Executive Summary The emergence of the Reynolds ransomware family marks a significant escalation in adversarial tradecraft, leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique to systematically neutralize Endpoint Detection and Response ( EDR ) security tools. By embedding a vulnerable kernel-mode driver directly within its payload, Reynolds achieves a high degree of stealth and operational efficiency, enabling the ransomware to disable security controls and

Executive Summary The North Korea-linked threat actor UNC1069 has escalated its offensive operations against cryptocurrency organizations by integrating advanced artificial intelligence (AI) lures and multi-stage malware into its attack arsenal. Recent campaigns have demonstrated the use of AI-generated deepfake videos, sophisticated social engineering, and a modular malware framework targeting both Windows and macOS environments. The primary objective of these attacks is th

Executive Summary The Shields Up initiative, spearheaded by the Cybersecurity and Infrastructure Security Agency (CISA) , marks a pivotal shift in how organizations approach cybersecurity. As the threat landscape evolves with the proliferation of generative AI , cloud-native security platforms, and increasingly complex supply chains, both public and private sectors are urged to adopt advanced technologies and best practices. This report explores the technical and practical as

Executive Summary A critical pre-authentication remote code execution (RCE) vulnerability, CVE-2024-12356 [VERIFIED - NVD], has been identified and patched in BeyondTrust 's flagship products: Privileged Remote Access (PRA) and Remote Support (RS) [VERIFIED - NVD]. This vulnerability enables unauthenticated attackers to execute arbitrary operating system commands as the site user, potentially resulting in full system compromise, data exfiltration, and lateral movement with

Executive Summary A sophisticated cyber espionage campaign attributed to the China-linked threat group UNC3886 has targeted Singapore’s telecommunications sector, specifically impacting major providers such as M1 , SIMBA Telecom , Singtel , and StarHub . This campaign, which persisted undetected for nearly a year, leveraged multiple zero-day vulnerabilities in Fortinet and VMware products, advanced Linux rootkits, and credential harvesting techniques to gain and maintain a

Executive Summary The exploitation of SolarWinds Web Help Desk (WHD) for unauthenticated remote code execution (RCE) in multi-stage attacks represents a critical threat to organizations with internet-exposed WHD servers. Multiple vulnerabilities, including CVE-2024-23476 , CVE-2024-23477 , and related deserialization and authentication bypass flaws, have been weaponized by threat actors to gain initial access, establish persistence, and escalate privileges within enterprise

Executive Summary Fortinet has recently addressed a critical security vulnerability, identified as CVE-2026-21643 , in its FortiClientEMS product. This flaw, classified as a SQL injection vulnerability, enables unauthenticated remote attackers to execute arbitrary code or system commands on affected systems by sending specially crafted HTTP requests. With a CVSS v3.1 base score of 9.1, this vulnerability is considered critical and poses a significant risk to organizations r

Executive Summary In late January 2026, Dutch authorities, including the Dutch Data Protection Authority and the Council for the Judiciary , confirmed that a sophisticated cyberattack leveraging a zero-day exploit in Ivanti Endpoint Manager Mobile (EPMM) resulted in unauthorized access to employee contact data. This incident is part of a broader campaign targeting European governmental and critical infrastructure entities, with the European Commission and Finnish governmen

Executive Summary On January 29, 2026, the Warlock ransomware group, also known as Gold Salem and Storm-2603 , successfully breached the network of SmarterTools by exploiting unpatched authentication bypass vulnerabilities in SmarterMail (CVE-2026-23760 and CVE-2026-24423). The attackers gained initial access through a single, unpatched SmarterMail virtual machine, moved laterally within the Windows-centric infrastructure using Active Directory , and attempted to deploy r

By Guy Halfon, CEO at Rescana The old buckets no longer hold Every market has a moment when its categories stop making sense. Third-party risk is at that moment now. For years, vendors fit neatly into familiar buckets: SaaS providers, infrastructure partners, outsourced services. Reviews were slow because vendors were slow. Annual assessments worked because change was incremental. Trust was something you established, documented, and revisited later. AI vendors don’t fit tho

Executive Summary Publication Date: July 5, 2024 This report details the service disruption experienced by Microsoft Exchange Online beginning on June 20, 2024, where legitimate emails were incorrectly flagged as phishing and subsequently quarantined. The incident, which persisted for at least two weeks, was caused by a change in Exchange Online ’s phishing detection system that misidentified certain domain creation dates, resulting in widespread false positives. Microsoft

Executive Summary The threat actor known as Bloody Wolf has recently intensified a spear-phishing campaign targeting organizations in Uzbekistan and Russia, leveraging the legitimate remote administration tool NetSupport RAT for malicious purposes. This campaign, active since at least 2023, demonstrates a sophisticated attack chain involving custom Java-based loaders, multi-layered persistence mechanisms, and infrastructure overlap with IoT malware such as the Mirai botnet

Executive Summary The emergence of the TeamPCP worm marks a significant escalation in the threat landscape targeting cloud-native infrastructure. Since late 2025, this highly automated, worm-driven campaign has systematically exploited misconfigured and vulnerable cloud services, including Docker , Kubernetes , Ray , and Redis , as well as critical vulnerabilities in React and Next.js applications, most notably the React2Shell vulnerability ( CVE-2025-55182 , CVSS 10.0).

Executive Summary On January 30, 2026, the European Commission detected traces of a cyberattack targeting its central infrastructure responsible for managing staff mobile devices. The incident was contained and the affected system was cleaned within nine hours, with no evidence found of compromise to the mobile devices themselves. However, unauthorized access to staff names and mobile numbers of some Commission employees may have occurred. The attack is strongly linked to ex

Executive Summary The recent autonomous discovery of over 500 high-severity vulnerabilities by Claude Opus 4.6 , a cutting-edge large language model developed by Anthropic , marks a watershed moment in cybersecurity. These vulnerabilities, found across major open-source libraries such as Ghostscript , OpenSC , and CGIF , have the potential to impact a vast array of enterprise, cloud, and critical infrastructure systems worldwide. The vulnerabilities include memory corruption,

Executive Summary On February 6, 2026, BridgePay Network Solutions , a major U.S. payment gateway and solutions provider, experienced a critical outage across its payment processing infrastructure. The disruption was rapidly confirmed to be the result of a ransomware attack, leading to a nationwide service interruption that affected merchants, municipalities, and integrators reliant on BridgePay ’s platform. Key services, including the BridgePay Gateway API (BridgeComm) , Pay

Executive Summary Germany’s Federal Office for the Protection of the Constitution ( BfV ) and Federal Office for Information Security ( BSI ) have issued a critical warning regarding a highly targeted phishing campaign exploiting the Signal messaging platform. This campaign is not based on exploiting software vulnerabilities but rather leverages advanced social engineering techniques to compromise the accounts of politicians, military personnel, and journalists. Attackers im

Executive Summary On February 5, 2026, Flickr identified a security incident involving a vulnerability in a third-party email service provider. This vulnerability potentially exposed user data, including real names, email addresses, usernames, account types, IP addresses, general location, and account activity. No passwords or payment card information were compromised. Flickr responded by shutting down access to the affected system within hours of discovery and notified bot