Aggregator

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

The Hackers News
4 weeks ago
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies
The Hacker News

How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?

Anyrun
4 weeks ago

Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex threats without burning out. The practical path forward combines three capabilities: continuous real-time intelligence that keeps detection systems current automatically, instant IOC investigation that cuts triage […]

The post How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts? appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

CVE-2026-7307 | Keycloak on Red Hat SAML Endpoint improper validation of syntactic correctness of input (WID-SEC-2026-1612)

Vuldb Updates
4 weeks ago
A vulnerability classified as problematic has been found in Keycloak on Red Hat. Affected by this issue is some unknown functionality of the component SAML Endpoint. Performing a manipulation results in improper validation of syntactic correctness of input. This vulnerability is cataloged as CVE-2026-7307. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2026-7571 | Keycloak on Red Hat Access Token external control of assumed-immutable web parameter (WID-SEC-2026-1612)

Vuldb Updates
4 weeks ago
A vulnerability classified as critical was found in Keycloak on Red Hat. This affects an unknown part of the component Access Token Handler. Executing a manipulation can lead to external control of assumed-immutable web parameter. This vulnerability is registered as CVE-2026-7571. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2026-37981 | Keycloak on Red Hat Requests insufficient granularity of access control (WID-SEC-2026-1612)

Vuldb Updates
4 weeks ago
A vulnerability categorized as problematic has been discovered in Keycloak on Red Hat. The impacted element is an unknown function of the component Requests Handler. Executing a manipulation can lead to insufficient granularity of access control. The identification of this vulnerability is CVE-2026-37981. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2026-4630 | Keycloak on Red Hat Authorization Services Protection API Endpoint authorization (WID-SEC-2026-1612)

Vuldb Updates
4 weeks ago
A vulnerability identified as problematic has been detected in Keycloak on Red Hat. This affects an unknown function of the component Authorization Services Protection API Endpoint. The manipulation leads to authorization bypass. This vulnerability is referenced as CVE-2026-4630. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

Hackers Use Single-Letter Go Module Typosquat to Deploy DNS-Based Backdoor

Cyber Security News
4 weeks ago

A seemingly innocent typo in a Go module name has been quietly serving a live backdoor for nearly three years. Security researchers uncovered a malicious package called github.com/shopsprint/decimal that impersonates the popular github.com/shopspring/decimal library, differing by just a single letter in its name. The package went live in 2017 but was weaponized in August 2023, when attackers slipped in […]

The post Hackers Use Single-Letter Go Module Typosquat to Deploy DNS-Based Backdoor appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad