Aggregator

Ransomware Group AtomSilo Returns After 5 Year Absence

The post Bitdefender Threat Debrief | March 2026 appeared first on Security Boulevard.

A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. [...]

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10, #11 and #12).

My favorite quotes from the report follow below:

• [in Google Cloud] “software exploitation overtook credentials as the primary initial access vector for the first time.” and “Threat actors exploited third-party software-based entry (44.5%) more frequently than weak credentials.” [A.C. — some of you may say this is because AI is making more zero days, but a dozen more mundane answers may be correct instead]

THR H1 2026 image 1

• “While threat actors continued to use brute-force attacks against weak credentials, the increase in RCE represents a pivot toward more automated exploitation of unpatched application-layer vulnerabilities.” [A.C. — to some extent “creds or vulns” debate is rather pointless as the real answer is “both”, and it varies by environment too, see below]
• “Threat actors continued to transition from traditional phishing to voice-based social engineering (vishing), and credential harvesting from third-party SaaS tokens to facilitate large-scale, silent data exfiltration.” [A.C. — again, this means “AND” not “OR” because classic phishing still works well in many cases, but yes “credential harvesting from third-party SaaS” has become very fruitful too]
• [overall] Still “Identity compromise underpinned 83% of compromises. [A.C. — so, yes, “creds” still beat “vulns” on many environments]

THR H1 2026 image 2

• “High-volume data theft operations — executed through compromised but legitimate access channels — remained the primary goal for threat actors, with our metrics showing they targeted data in 73% of cloud-related incidents.” [A.C. — again, not new, but very useful data confirming the running trend. Beware!]
• “The window between vulnerability disclosure and mass exploitation collapsed by an order of magnitude, from weeks to days.” [A.C. — again, some of you may see the invisible robot hand of an AI here, but, as usual, the reality is more complicated…]
• “Trend analysis from 2008–2025 indicates cloud services will soon surpass email as the primary data exfiltration pathway.” [A.C. — $32B reasons to finally get serious about it across all clouds?]
• “45% of intrusions resulted in data theft without immediate extortion attempts at the time of the engagement, and these were often characterized by prolonged dwell times and stealthy persistence.”
• “The traditional incident response model is no longer viable when dealing with containerized workloads and serverless architectures where data can vanish in seconds.” [A.C. — a very useful reminder here! Cloud is cloudy! Don’t be that guy who thinks that cloud is a rented colo. Cloud is not JUST somebody else’s computer.]
• “Threat actors used large language models (LLM) to automate credential harvesting and transition from a developer’s local environment to full cloud administration access.” [A.C. — this really should not be news for anybody in 2026, but if it is, HERE IS SOME NEWS: BAD GUYS USE AI!]
• Thus “Prevent LLM exploitation as an extension of living-off-the-land (LOTL) by treating LLM activity with the same scrutiny as administrative command-line tools.” [A.C. — or, as I say, “with AI agents, every prompt injection is an RCE”]

Now, go and read the CTHR 13 report!

Related posts:

• Google Cloud Security Threat Horizons Report #12 Is Out!
• EP112 Threat Horizons — How Google Does Threat Intelligence podcast
• Google Cloud Security Threat Horizons Report #11 Is Out!
• Google Cloud Security Threat Horizons Report #10 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #8 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #7 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #6 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #2 Is Out!
• Illicit coin mining, ransomware, APTs target cloud users in first Google
• Cybersecurity Action Team Threat Horizons report

Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out! was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out! appeared first on Security Boulevard.

Alleged Sale of 1.8 Million Patient Records From Maple Respiratory Colombia Including Full Medical History

The vendor said six of the 83 vulnerabilities it addressed this month are more likely to be exploited.

The post Microsoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days appeared first on CyberScoop.

AI is speeding up attacks but otherwise not changing their fundamental nature, said FBI official Jason Bilnoski.

The post FBI says even in an AI-powered world, security basics still matter appeared first on CyberScoop.

A vulnerability was found in GNOME libsoup. It has been classified as problematic. This issue affects some unknown processing of the component TLS Handshake Handler. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2026-2436. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in PX4 Autopilot up to 1.12.x/1.15.x and classified as problematic. This vulnerability affects unknown code of the component Landing Page Handler. Such manipulation leads to state issue. This vulnerability is traded as CVE-2026-26741. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability has been found in Adobe Premiere Pro up to 25.5 and classified as critical. This affects an unknown part of the component File Parser. This manipulation causes out-of-bounds read. This vulnerability appears as CVE-2026-27269. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Adobe Substance3D up to 11.1.2. Affected by this issue is some unknown functionality of the component File Handler. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2026-27215. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe Substance3D up to 11.1.2. Affected by this vulnerability is an unknown functionality of the component File Handler. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-27214. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Substance3D up to 11.1.2. Affected is an unknown function of the component File Handler. Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2026-27218. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in PX4 Autopilot up to 1.12.x/1.15.x. This impacts an unknown function of the component Configuration Handler. Performing a manipulation results in protection mechanism failure. This vulnerability is cataloged as CVE-2026-26742. The attack must originate from the local network. There is no exploit available.

A vulnerability described as problematic has been identified in Adobe Substance3D up to 11.1.2. This affects an unknown function of the component File Handler. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-27219. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Adobe Substance3D up to 11.1.2. The impacted element is an unknown function of the component File Handler. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2026-27217. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.