Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in Langflow (CVSS 9.3), to deploy a Monero cryptocurrency…
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in Langflow (CVSS 9.3), to deploy a Monero cryptocurrency…
Yuze is an open-source SOCKS5 proxy tool that has been employed by CL-STA-1062 to route traffic and maintain persistence in targeted environments.
A now-patched flaw in WinRAR (CVE-2025-8088) was weaponized by Gamaredon to place malicious HTA downloaders into the Windows Startup folder, enabling automatic…
Sygnia, tracking the China-nexus group as Velvet Ant, discovered that the group backdoored Linux PAM and OpenSSH components to maintain persistent access…
Velvet Ant, tracked by Sygnia, is a China-nexus threat actor known for targeting infrastructure components like F5 BIG-IP, Cisco NX-OS, and Linux…
Operation Highland is a campaign by the China-linked Velvet Ant group that backdoored Linux PAM and OpenSSH components to maintain persistent access…
A cross-platform information stealer deployed as the final payload in the Mastra supply chain attack. It harvests browser history, steals data from…
On June 17, 2026, a software supply chain attack codenamed 'easy-day-js' compromised 145 npm packages under the @mastra/* namespace, a popular open-source…
A French-speaking attacker, operating under the handle 'Poisson,' breached a small French automotive business using a keylogger to steal banking and email…
Dropbear SSH is a lightweight SSH server used by AryStinger for persistence on infected routers, listening on port 2332. It allows remote…