Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments | Microsoft Security Blog
Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examines how this tradecraft conceals execution behind specially crafted HTTP cookies.
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)
If you squint and look at the CISA KEV list, you might think it's made up exclusively of vulnerabilities in file transfer solutions.
While this would be wrong (and you shouldn’t squint, it’s bad for your eyes), file transfer solutions do play a decent role in the CISA
How One Letter Hid a Ransomware Army
Qilin ransomware bypassed Windows Defender and Carbon Black EDR using a one-letter filename trick. It spread to 30 endpoints before Halcyon stopped it cold. Zero encryption.
Varonis, posted yesterday: A Quiet "Storm": Infostealer Hijacks Sessions, Decrypts Server-Side https://www.varonis.com/blog/storm-infostealer
More:
Infosecurity-Magazine: New 'Storm' Infostealer Remotely Decrypts Stolen Credentials https://www.infosecurity-magazine.com/news/storm-infostealer-remotely/ #infosec #threatresearch
A Quiet "Storm": Infostealer Hijacks Sessions, Decrypts Server-Side
Meet Storm, a new infostealer that tiptoes around endpoint security tools, remotely decrypts browser credentials, and lets operators restore hijacked sessions.
New.
AhnLab: A malicious LNK that spreads a Python-based backdoor and how it’s spreading (Kimsuky group) https://asec.ahnlab.com/en/93151/ #infosec #threatresearch #Python #malware
Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) - ASEC
Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) ASEC
I’d come running back to EU again: TA416 resumes European government espionage campaigns | Proofpoint US
Key findings From mid-2025 onwards, the China-aligned threat actor TA416 resumed observed targeting of European government and diplomatic organizations following a period of reduced EU-
Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns
BlueVoyant's Security Operations Center (SOC) reviews Augmented Marauder's multi-pronged phishing campaigns delivering the Casbaneiro banking trojan…
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets - Check Point Research
Key Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf software installed in the targets’ environment. The investigation led to the discovery of a zero-day vulnerability in the TrueConf client, tracked as CVE-2026-3502 with a CVSS score of 7.8. […]
New.
Any.Run: Release Notes: Cross-Platform Threat Analysis with macOS, SSL Decryption, and 1,300+ New Detections https://any.run/cybersecurity-blog/release-notes-march-2026/ @anyrun_app #infosec #threatresearch #Apple #macOS
Release Notes: SSL Decryption, macOS, Windows Server & 1300+ New Detecions
March updates in ANY.RUN bring stronger phishing detection, broader sandbox coverage with macOS and Windows Server, new detections, and fresh TI reports.
AA