UAT-8837 targets critical infrastructure sectors in North America
Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor based on...
6-day and IP Address Certificates are Generally Available
Short-lived and IP address certificates are now generally available from Let’s Encrypt. These certificates are valid for 160 hours, just over six days. In...
Stealthy CastleLoader Malware Attacking US Government Agencies and Critical Infrastructure
A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in...
This WhatsApp Link Can Hand Over Your Account in Seconds
A sophisticated phishing campaign impersonating WhatsApp Web uses fake meeting links and QR codes to hijack accounts and enable real-time surveillance.
The post This WhatsApp...
Output from vibe coding tools prone to critical security flaws, study finds
Popular vibe coding platforms consistently generate insecure code in response to common programming prompts, including creating vulnerabilities rated as ‘critical,’...
Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft
RedVDS cyber-crime-as-a-service platform powering phishing, BEC attacks and other fraud has cost victims millions - Read more
Texas judge throws out second lawsuit over CrowdStrike outage
A US judge has dismissed a lawsuit filed by CrowdStrike shareholders over the July 2024 outage that caused widespread disruption around the world. ...
Sicarii Ransomware: Truth vs Myth
Key findings
Sicarii is a newly observed RaaS operation that surfaced in late 2025 and has only published 1 claimed victim. The group explicitly brands itself...
Siemens RUGGEDCOM ROS
View CSAF
Summary
Ruggedcom ROS devices contain a temporary denial of service vulnerability that could allow an attacker to crash and restart the device. Siemens has...
Siemens TeleControl Server Basic
View CSAF
Summary
TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges....
Latest article
Great responsibility, without great power
Welcome to this week’s edition of the Threat Source newsletter. As I’m writing this, today (April 28) is International Superhero Day. If you don’t know the origin story behind...
Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM
What is CVE-2026-41940?
CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr...
Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications
Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software, triggering an MS-DEFCON level...
Almost half of UK businesses hit by cyber attacks
The government's annual cyber security report reveals UK businesses are still struggling with the impact of attacks and breaches. - Read more
