Amazon Threat Intelligence has flagged an active Interlock ransomware campaign that is leveraging a newly disclosed Cisco Secure Firewall Management Center flaw (CVE-2026-20131). The vulnerability, rated 10.0 on the CVSS scale, enables unauthenticated attackers to gain root privileges on affected devices.
Outpost24, a well‑known cybersecurity firm, fell victim to a meticulously crafted seven‑stage phishing operation aimed at one of its C‑suite leaders. The attackers masqueraded as reputable brands, leveraging familiar domains to coax the executive into surrendering login details, underscoring the rising sophistication of social‑engineering attacks.
A new investigation reveals that popular AI development platforms—Amazon Bedrock, LangSmith, and SGLang—contain sandbox design flaws that can be abused to steal data and launch remote code execution attacks. The findings highlight how DNS queries can become covert channels for exfiltrating sensitive information from AI code‑execution environments. The report, authored by security firm BeyondTrust, demonstrates a practical exploit against Amazon Bedrock's AgentCore interpreter, showing how attackers can gain an interactive shell and move laterally within a target network. These revelations underscore the urgent need for stronger isolation and monitoring in AI‑driven workloads.
LeakNet ransomware has shifted its initial‑access strategy, leveraging the ClickFix social‑engineering technique through compromised websites. By prompting victims to run fabricated commands, the group bypasses traditional credential‑theft methods. The campaign also introduces a Deno‑based in‑memory loader, allowing the malicious payload to execute without touching disk. This combination creates a stealthy, fast‑moving threat that challenges conventional detection tools.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed the Wing FTP information‑disclosure flaw, CVE‑2025‑47813, into its Known Exploited Vulnerabilities catalog. The medium‑severity issue leaks server installation paths and is already being leveraged by threat actors. Experts recommend immediate mitigation steps, including patching, configuration hardening, and continuous monitoring, to reduce exposure while organizations reassess their reliance on legacy FTP services.
A recent advisory from China's National Computer Network Emergency Response Technical Team (CNCERT) has highlighted significant security concerns surrounding the OpenClaw AI agent. The self-hosted, open-source platform, previously known as Clawdbot and Moltbot, presents serious risks due to its default configurations.
A sophisticated evolution of the GlassWorm campaign has been identified, significantly escalating its reach by exploiting the Open VSX registry. This new tactic weaponizes a large number of extensions to infiltrate developer environments.
In a significant global operation, INTERPOL has successfully dismantled a vast network of malicious digital infrastructure, taking down 45,000 IP addresses and servers. This coordinated effort also led to the apprehension of 94 individuals suspected of involvement in various cybercriminal activities.
Cybersecurity researchers have identified a novel iteration of the Click-Fix malware, signaling an alarming evolution in its operational tactics. This new variant poses a significant threat, necessitating a deeper understanding of its mechanisms and potential impact.
Security researchers have brought to light a significant set of nine vulnerabilities, collectively dubbed 'CrackArmor,' within the Linux kernel's AppArmor module. These flaws could potentially allow unprivileged users to gain elevated system access and bypass crucial security barriers.
Free AI Security Board
Practitioner's Guide