BeyondTrust RCE Under Active Attack While Nation-States Embrace AI for Cyber Operations

If you’re running BeyondTrust Remote Support or Privileged Remote Access appliances, stop what you’re doing and patch immediately. We’ve got a critical pre-authentication RCE vulnerability that’s moved from theoretical to actively exploited after proof-of-concept code hit the wild.

This is exactly the scenario we all dread – a critical flaw in privileged access management tools that doesn’t require authentication. Think about what these systems protect: your most sensitive administrative access, remote support sessions, and privileged accounts. An attacker gaining RCE on these appliances isn’t just getting a foothold; they’re potentially getting the keys to the kingdom.

The Lazarus Group’s Supply Chain Gambit Shows Why We Can’t Automate Our Way Out of Every Problem

I’ve been digging through this week’s security news, and there’s a fascinating tension emerging between our push for automation and the persistent reality of sophisticated human adversaries. Let me walk you through what caught my attention and why it matters for how we’re building our defenses.

North Korea’s Patient Supply Chain Game

The biggest story this week is the Lazarus Group’s latest supply chain attack, where they’ve been quietly seeding malicious packages across npm and PyPI repositories since May 2025. They’re calling this campaign “graphalgo” after the first npm package they published, and it’s built around fake recruitment themes – classic Lazarus playbook.

State-Backed Hackers Are Using Gemini AI for Reconnaissance — And That’s Just the Beginning

I’ve been watching the AI security space closely, and Google just dropped some news that confirms what many of us have been quietly worrying about. They’ve caught North Korean hackers using Gemini AI to conduct reconnaissance on their targets. This isn’t theoretical anymore — it’s happening right now.

When AI Becomes the Attacker’s Research Assistant

The threat actor Google identified is UNC2970, linked to North Korea, and they’re essentially using Gemini as a sophisticated research tool. Think about it from their perspective: instead of manually gathering intelligence on targets, they can now ask an AI system to help them understand infrastructure, identify potential vulnerabilities, and even craft more convincing social engineering attacks.

MFA Bypass Tools Hit the Streets While Patch Tuesday Brings Six Active Zero-Days

Another week, another reminder that attackers are getting more sophisticated while our patch queues keep growing. This Tuesday brought some particularly interesting developments that I think deserve our attention – from law enforcement finally catching up with MFA bypass tool vendors to some genuinely concerning research about AI systems in autonomous vehicles.

Police Finally Nab a Major MFA Bypass Tool Seller

The Netherlands Police scored a significant win this week by arresting the 21-year-old operator behind JokerOTP, a phishing automation platform that’s been making our lives miserable for months. For those who haven’t encountered this particular headache yet, JokerOTP essentially democratized MFA bypass attacks by providing a turnkey solution for intercepting one-time passwords.

When Legitimate Tools Become Attack Vectors: This Week’s Supply Chain Wake-Up Call

I’ve been digging through this week’s security incidents, and there’s a clear pattern emerging that should have all of us paying attention. We’re seeing attackers increasingly target legitimate platforms and tools rather than building their own infrastructure from scratch. It’s a smart strategy that’s proving frustratingly effective.

The Microsoft Store Becomes a Phishing Platform

The most eye-opening incident this week involves the AgreeTo Outlook add-in being hijacked to steal over 4,000 Microsoft account credentials. Think about that for a moment – this wasn’t some sketchy software downloaded from a questionable website. This was a legitimate add-in distributed through Microsoft’s own store that got compromised and turned into a credential harvesting operation.

North Korea Goes Full AI While Windows Notepad Becomes an Attack Vector

I’ve been tracking some particularly interesting developments this week that show just how creative threat actors are getting. From North Korean hackers using deepfakes to infiltrate crypto companies to a Windows Notepad vulnerability that caught everyone off guard, we’re seeing attack methods that would have seemed like science fiction just a few years ago.

When Your Video Call Isn’t Really a Video Call

The most fascinating story has to be North Korea’s UNC1069 group and their sophisticated campaign against cryptocurrency firms. These aren’t your typical phishing attempts – they’re using deepfake video calls to build trust with targets before deploying their payloads.

The Stealth Shift: Why Cyber Attackers Are Going Underground While We’re Still Fighting the Last War

Remember when ransomware was the big scary monster keeping us all up at night? Well, according to some new research from Picus Labs, we might be fighting the last war while attackers have quietly shifted tactics right under our noses.

Their Red Report 2026 analyzed over 1.1 million malicious files and tracked 15.5 million adversarial actions throughout 2025, and what they found should make us all take a step back. The era of loud, disruptive ransomware attacks might be giving way to something far more insidious: what they’re calling “digital parasites”.

Microsoft’s Zero-Day Nightmare and Why Fake Software Sites Are Getting Scarier

February brought us one of those weeks that makes you question whether you’ve had enough coffee or if the threat environment really is getting this chaotic. We’re looking at six actively exploited zero-days from Microsoft, fake software distribution sites that are getting more sophisticated, and ransomware groups that are basically embedding their own anti-security toolkit right into their payloads.

North Korean Hackers Are Getting Disturbingly Good at Playing the Long Game

I’ve been tracking some concerning developments over the past few days that paint a pretty clear picture: state-sponsored threat actors are getting much more sophisticated in their approach to social engineering, and we need to start thinking differently about how we defend against these attacks.

The New Playbook: AI-Generated Videos and Stolen Identities

The most eye-catching story this week involves North Korean hackers using AI-generated video content and ClickFix techniques to target cryptocurrency companies. What’s particularly interesting here is that they’re deploying custom malware for both macOS and Windows systems – showing they’re willing to invest serious resources into these operations.

Six Zero-Days and a Blast from the Past: February’s Security Wake-Up Call

February’s Patch Tuesday just dropped, and honestly, it’s one of those releases that makes you want to grab an extra cup of coffee before diving in. Microsoft patched six actively exploited zero-days this month – that’s not a typo, six – while threat actors are simultaneously getting nostalgic with IRC-based botnets. Sometimes I wonder if attackers are just trolling us at this point.