AANew.
WatchTower: You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
Recorded Future: Latin America and the Caribbean Cybercrime Landscape https://www.recordedfuture.com/research/latin-america-and-the-caribbean-cybercrime-landscape
Mandiant: vSphere and BRICKSTORM Malware: A Defender's Guide https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide
Cisco: UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications/
Threat Fabric: The Malware Gap: Why Fraud & Security Controls Still Miss Mobile Malware https://www.threatfabric.com/blogs/the-malware-gap-why-fraud-security-controls-still-miss-mobile-malware
Abnormal Security: Meet VENOM: The PhaaS Platform That Neutralizes MFA https://abnormal.ai/blog/venom-phishing-campaign-mfa-credential-theft
From yesterday:
Zscaler: Anthropic Claude Code Leak https://www.zscaler.com/blogs/security-research/anthropic-claude-code-leak #infosec #threatresearch #vulnerability #malware #threatintel #threatintelligence
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)
If you squint and look at the CISA KEV list, you might think it's made up exclusively of vulnerabilities in file transfer solutions. While this would be wrong (and you shouldn’t squint, it’s bad for your eyes), file transfer solutions do play a decent role in the CISA