Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
AICISA Adds One Known Exploited Vulnerability to Catalog
CISA has added CVE-2026-20182, a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. Federal agencies must remediate this vulnerability according to BOD 22-01 requirements and follow Emergency Directive 26-03 guidance for Cisco SD-WAN systems. While the directive is mandatory for federal civili
AIVerber Dental Group Notifies Patients About January Hacking Incident
Five healthcare organizations across the United States have disclosed data breaches affecting thousands of patients, with incidents ranging from email account compromises to unauthorized network access. The breaches, occurring between July 2025 and March 2026, exposed sensitive patient information including Social Security numbers, medical records, and health insurance details. All affected organi
AIStealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers have identified malicious code in three versions of the popular npm package node-ipc (versions 9.1.6, 9.2.3, and 12.0.1), which contains stealer backdoor functionality targeting developer credentials and secrets. The compromised package poses significant supply chain security risks to enterprise development environments that rely on Node.js dependencies.
AICisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco has issued critical security updates for a maximum-severity authentication bypass vulnerability (CVE-2026-20182, CVSS 10.0) in Catalyst SD-WAN Controller and Manager products. The flaw, affecting peering authentication mechanisms, has been actively exploited in limited attacks to gain unauthorized administrative access. Organizations using these SD-WAN solutions should prioritize immediate p
AIPCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
A new credential theft framework called PCPJack has been identified targeting exposed cloud infrastructure by exploiting five CVEs to spread in a worm-like manner. The malware harvests credentials from cloud services, containers, developer tools, productivity platforms, and financial services before exfiltrating data through attacker-controlled infrastructure, while also removing competing TeamPCP
AIIvanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti has issued a warning about CVE-2026-6973, a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) that is being actively exploited in limited attacks. The flaw, caused by improper input validation, allows authenticated users with administrative access to execute remote code on affected systems running EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1.
AIDarkSword Malware
DarkSword is a sophisticated, likely government-designed iOS malware exploiting six zero-day vulnerabilities across iOS versions 18.4-18.7, deployed by multiple commercial surveillance vendors and state-sponsored actors since November 2025. The exploit chain has been used in targeted campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine, deploying three distinct malware families post-compro
AIRowhammer Attack Against NVIDIA Chips
Two independent research teams have demonstrated critical Rowhammer attacks against NVIDIA Ampere-generation GPUs that exploit GDDR memory bitflips to gain complete control over host CPU memory and achieve full system compromise. The attacks, named GDDRHammer and GeForge, work by corrupting GPU page tables to escalate privileges to root access, with a third attack variant functioning even when IOM
AIAnti-DDoS Firm Heaped Attacks on Brazilian ISPs
Huge Networks, a Brazilian DDoS protection firm, was found to be harboring infrastructure used to launch massive DDoS attacks against Brazilian ISPs through a botnet exploiting vulnerable TP-Link routers. The company's CEO claims the malicious activity resulted from a January 2024 security breach that compromised development servers and his personal SSH keys, suggesting a competitor may be attempt
AIAttacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
Cybercriminals are exploiting Windows Phone Link functionality to intercept SMS messages and bypass two-factor authentication through a new attack campaign. The attacks deploy CloudZ RAT malware alongside a novel plugin called Pheno to compromise the connection between Windows PCs and smartphones, enabling unauthorized access to text messages and authentication codes.
AIFrom Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
Dark Reading commemorates its 20th anniversary by identifying 20 pivotal cybersecurity news events from the past two decades that have fundamentally shaped today's enterprise threat landscape. The retrospective spans from landmark incidents like Stuxnet to emerging AI-driven security challenges exemplified by ChatGPT, illustrating the evolution of cyber risks facing modern organizations.
AIThe Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
The Hacker News, a cybersecurity news publication with nearly 20 years of experience, has announced the launch of its 'Cybersecurity Stars Awards 2026' with submissions now open. The awards aim to recognize and celebrate the often-overlooked achievements of cybersecurity leaders, teams, and security products that work continuously to defend against threats.
AIMuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
Iranian state-sponsored threat actor MuddyWater conducted a false flag ransomware attack in early 2026, using Microsoft Teams as an initial attack vector through social engineering techniques. Rapid7 identified this operation, which represents a concerning evolution in nation-state tactics that disguise espionage activities as financially-motivated cybercrime.
AI‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
Tyler Robert Buchanan, a 24-year-old British national and senior member of the Scattered Spider cybercrime group, has pleaded guilty to wire fraud conspiracy and aggravated identity theft for his role in 2022 SMS phishing attacks targeting major technology companies. The attacks compromised at least a dozen firms including Twilio, LastPass, and DoorDash, enabling SIM-swapping schemes that stole at