Dirty Frag (CVE-2026-43284, CVE-2026-43500) exploits page-cache corruption in IPsec ESP and RxRPC modules, allowing any authenticated user to escalate to root without audit trails. Affects kernels from ~2017...

https://captechgroup.com/about-us/threat-intelligence-center/dirty-frag-linux-lpe-vulnerability-affects-unpatch-c65348?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=dirty-frag-linux-lpe-vulnerability-affects-unpatched-systems-across-enterprise

PCPJack succeeds TeamPCP with a modular architecture that targets cloud credentials across AWS, GitHub, Kubernetes, and crypto exchanges. It uses parquet files from Common Crawl for stealthy target identification, then pivots...

https://captechgroup.com/about-us/threat-intelligence-center/pcpjack-malware-steals-cloud-secrets-after-teampcp-d2ed64?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=pcpjack-malware-steals-cloud-secrets-after-teampcp-replacement

CallPhantom: 28 malicious Android apps harvested millions from 7.3M users via fake call history promises. The scheme exploited Google Play's vetting, used fake gov.in developer names, and deployed dark patterns redirecting to...

https://captechgroup.com/about-us/threat-intelligence-center/fake-call-history-apps-steal-payments-from-73m-pla-d7d91b?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=fake-call-history-apps-steal-payments-from-7-3m-play-store-users

Analysis of 25M alerts shows professional services firms systematically miss threats hidden in alert noise: 450k alerts/year, 99% uninvestigated, ~1 genuine compromise per week. Worse: 51% of forensically confirmed...

https://captechgroup.com/about-us/threat-intelligence-center/25m-alerts-expose-one-missed-threat-per-week-in-pr-83931f?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=25m-alerts-expose-one-missed-threat-per-week-in-professional-service-firms

Penetration testing reveals AI systems carry high-risk findings at 32% versus 13% for traditional software. The problem: prompt injection attacks are up 540% YoY on HackerOne, yet most orgs lack remediation...

https://captechgroup.com/about-us/threat-intelligence-center/penetration-tests-reveal-ai-security-flaws-exceed-2f503c?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=penetration-tests-reveal-ai-security-flaws-exceed-legacy-software-vulnerabilitie

ClickFix campaign targeting Australian critical infrastructure via compromised WordPress sites. Attackers deliver Vidar Stealer through fake Cloudflare/CAPTCHA prompts, malware operates in-memory to evade forensics,...

https://captechgroup.com/about-us/threat-intelligence-center/clickfix-attacks-deliver-vidar-stealer-to-australi-f720ef?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=clickfix-attacks-deliver-vidar-stealer-to-australian-infrastructure-targets

Quarterly vulnerability scans and annual pen tests can't keep pace with 2026 threat velocity. Exploits weaponize within hours of disclosure. Cloud resources deploy in under 60 seconds. Static scanning misses ephemeral risks,...

https://captechgroup.com/about-us/threat-intelligence-center/ctem-at-scale-becomes-essential-as-2026-threat-exp-e744b3?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=ctem-at-scale-becomes-essential-as-2026-threat-exposure-accelerates

The Instructure/Canvas breach reveals systemic vendor risk: 3.65TB exfiltrated, 275M users affected, schools legally liable under FERPA despite no direct control. Compromised authentication across interconnected...

https://captechgroup.com/about-us/threat-intelligence-center/shinyhunters-breaches-instructure-exposes-school-d-afb7b7?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=shinyhunters-breaches-instructure-exposes-school-data-through-vendor-dependency

Under-resourced K-12 districts and local governments operate without incident response infrastructure, vendor diversity, or recovery redundancy. Supply chain attacks hit thousands simultaneously (MOVEit breach)....

https://captechgroup.com/about-us/threat-intelligence-center/free-cybersecurity-research-hub-helps-under-resour-d885fb?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=free-cybersecurity-research-hub-helps-under-resourced-schools-and-local-governme

Unit 42 analysis reveals Volt Typhoon and Salt Typhoon completing data exfiltration in 39 seconds post-compromise using living-off-the-land tactics: PowerShell, WMI, legitimate RDP. Full infrastructure breach in...

https://captechgroup.com/about-us/threat-intelligence-center/salt-typhoon-and-volt-typhoon-target-critical-infr-b6236b?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=salt-typhoon-and-volt-typhoon-target-critical-infrastructure-in-39-second-data-t