Threat Research

Pawn Storm, a Russia-aligned APT group, is targeting Ukraine’s defense supply chain and allied nations. It deploys PRISMEX, a modular malware suite using steganography, COM hijacking, and cloud-based C2. The group exploited multiple flaws, including a Windows zero-day (CVE-2026-21513). Malicious .lnk files via CVE-2026-21509 may chain with CVE-2026-21513, per Akamai findings....

Threat actors are exploiting multiple FortiGate vulnerabilities including CVE-2025-59718, CVE-2025-59719, and the recently patched CVE-2026-24858. to bypass authentication and gain administrative access to firewall devices. After access, they download configuration files containing sensitive data, including service account credentials that can be easily decrypted....

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) details active exploitation of a pre-authentication RCE flaw in BeyondTrust Remote Support software that enables attackers to execute OS-level commands and fully compromise affected systems....

Two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, are impacting Ivanti Endpoint Manager Mobile (EPMM). They are actively exploited in the wild, targeting enterprise mobile fleets and corporate networks. The flaws allow unauthenticated remote code execution on affected servers....

APT28, a Russian state-sponsored threat group also known as Fancy Bear or UAC-0001, is conducting a sophisticated espionage campaign against European military and government entities. The operation primarily targets maritime and transportation organizations in Poland, Slovenia, Turkey, Greece, the UAE, and Ukraine....

In January 2026, Uncovered an in-the-wild campaign dubbed Operation Neusploit targeting Central and Eastern Europe. The attackers used malicious Microsoft RTF files to exploit CVE-2026-21509 and deploy backdoors via a multi-stage infection chain....