FISA

 In April 2026, a critical zero-day vulnerability affecting Adobe Acrobat Reader was identified as actively exploited in real-world attacks. The vulnerability, which had remained undiscovered and unpatched, allowed threat actors to compromise systems through specially crafted PDF documents. This campaign had been ongoing since at least December 2025, indicating a prolonged period of undetected exploitation and highlighting the sophistication of the attack. The attack is particularly dangerous because it requires minimal user interaction. In most observed cases, the exploit is triggered simply by opening a malicious PDF file, without the need for enabling macros or performing additional actions. This significantly lowers the barrier for successful exploitation and increases the effectiveness of phishing and social engineering campaigns, as PDF documents are widely trusted and commonly used across organizations. From a technical standpoint, the exploit leverages a previously unknow...

In April 2026, a critical cybersecurity incident was identified involving the Smart Slider 3 Pro plugin, a widely used component in WordPress and Joomla environments. The incident was the result of a software supply chain compromise, where attackers gained unauthorized access to the vendor’s update infrastructure and distributed a malicious version of the plugin through the official update channel. The compromised version, identified as 3.5.1.35, was made available to users for a limited period of approximately six hours before being detected and removed. This attack is particularly significant because it did not rely on exploiting a vulnerability within the plugin itself, but instead leveraged the inherent trust placed in legitimate software updates. As a result, any system that performed an update during the affected timeframe may have unknowingly installed a backdoored version of the plugin. This significantly increases the risk level, as traditional security controls often conside...

  Google   released  security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability,   CVE-2026-5281   (CVSS score: N/A), concerns a use-after-free bug in   Dawn , an open-source and cross-platform implementation of the WebGPU standard. Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page," according to a description of the flaw in the NIST's National Vulnerability Database (NVD). As is customary for these alerts, Google did not provide any further details on how the shortcoming is being exploited and who may be behind the effort. This is typically done so as to ensure that a majority of users are updated with a fix and prevent other actors from joining the exploitation bandwagon. Google is aware that an exploit f...

What Is Masjesu? Cybersecurity researchers at Trellix have pulled back the curtain on a sophisticated and deliberately low-profile botnet known as Masjesu, a DDoS-for-hire operation that has been quietly recruiting customers and compromising devices globally since it first appeared in 2023. Marketed openly on Telegram, Masjesu offers paying clients the ability to launch volumetric Distributed Denial-of-Service (DDoS) attacks against virtually any target. What makes it particularly dangerous is not its raw power, but its design philosophy: stealth, persistence, and strategic evasion over aggressive widespread infection. How It Works Once Masjesu's malware lands on a compromised IoT device, typically a router or gateway, it follows a precise sequence of actions: It attempts to bind a socket to a hard-coded TCP port (55988), which allows the attacker to connect to the device directly. If this fails, the execution chain terminates immediately, a deliberate fail-safe to avoid dete...

  Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called  Project Glasswing  that will use a preview version of its new frontier model,  Claude Mythos , to find and address security vulnerabilities. The model will be   used   by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, along with Anthropic, to secure critical software. The company said it's forming this initiative in response to capabilities observed in its general-purpose frontier model that demonstrate a "level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.Because of its cybersecurity capabilities and concerns that they could be abused, Anthropic has opted not to m...

  What's Happening? U.S. cybersecurity and intelligence agencies, including the FBI and CISA, have issued a formal warning confirming that Iranian-affiliated threat actors are actively targeting internet-facing Operational Technology (OT) devices, specifically Programmable Logic Controllers (PLCs), deployed across critical infrastructure sectors in the United States. The consequences are real and already documented: degraded PLC functionality, falsified readings on industrial control screens, operational disruptions, and in some cases, direct financial losses. Who Is Being Targeted and How? The attacks are focused on Rockwell Automation and Allen-Bradley PLC devices, particularly CompactLogix and Micro850 models. The targeted sectors include: Government services and facilities Water and Wastewater Systems (WWS) Energy infrastructure The attack method is methodical. The threat actors leveraged third-party hosted infrastructure combined with legitimate engineering software,...

Security teams have been talking about alert fatigue for years. And yet, for many SOCs, the problem isn’t getting better. It’s getting worse. As environments expand across cloud, SaaS, identity, and legacy systems, analysts are flooded with signals that all demand attention but rarely arrive with enough context to act quickly. Staffing shortages only amplify the issue. The result is a SOC stuck reacting to noise instead of responding to real risk. Recent industry research reinforces what analysts already know. False positives remain one of the top challenges in detection and response, and many analysts encounter low-value alerts so frequently that it slows investigations and contributes directly to burnout. Alert fatigue isn’t just an efficiency problem. It’s an operational risk. Why alert fatigue persists, and why it’s not your fault Alert fatigue isn’t a reflection of weak analysts or underperforming teams. It’s the outcome of security models that haven’t kept pace with modern compl...

  Last week, the industry learned that Anthropic was developing Claude Capybara, also called Mythos, a powerful new AI model with substantially improved capabilities in vulnerability discovery, exploit development, and multi-step attack reasoning. While the details emerged through a data leak rather than a formal launch, the market response was unmistakable: AI has crossed a critical cyber security threshold. The frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scale, speed and through novel methods that previously were the domain of advanced nation state entities. For security leaders, this development is both a warning and a call to action. It crystallizes a trend we’ve been closely monitoring and preparing for: the democratization and industrialization of cyber attacks. Two Structural Shifts Redefining Cyber Risk Claude Mythos is the early signal of two profound shifts in the threat landscape: 1.  ...

  AI assistants like ChatGPT have quickly become trusted environments for handling some of the most sensitive data people own. Users discuss medical symptoms, upload financial records, analyze contracts, and paste internal documents—often assuming that what they share remains safely contained within the platform.   That assumption was challenged when new research uncovered a previously unknown vulnerability that enabled silent data leakage from ChatGPT conversations without user knowledge or consent. While the issue has since been fully resolved by OpenAI, the discovery delivers a much broader lesson for enterprises and security leaders: AI tools should not be assumed secure by default.   Just as organizations learned not to blindly trust cloud providers, the same logic now applies to AI vendors. Native security does not equal sufficient security. AI requires an independent security layer on top.   From Trusted Assist...