BRONZE BUTLER exploits Japanese asset management software vulnerability
The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932)
Similar Posts
LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
Bys sSecurity experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive (“US now deciding what’s next…
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Bys sTwo more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below – checkmarx/ast-github-action checkmarx/kics-github-action Cloud security
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow an
Patient death at London hospital linked to cyber attack on NHS
Bys sRebecca Whittaker reports: The death of a patient has been linked to a cyber-attack on the NHS last year. Cyber criminals attacked two major NHS trusts causing more than 1,000 cancer treatment delays, 2,000 outpatient appointments to be cancelled and more than 1,000 operations postponed. King’s College Hospital NHS Foundation Trust said on Wednesday; a patient died during the cyber…
RCMP thumb drive with informant, witness data obtained by criminals: watchdog
Bys sJim Bronskill reports: The RCMP lost a USB key containing personal information about victims, witnesses and informants, and later learned it was being offered for sale by criminals, the federal privacy watchdog says. A detailed report from the Office of the Privacy Commissioner of Canada reveals the RCMP told the watchdog about the breach in March…
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Bys sPieter Arntz reports: Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it serious enough to issue a separate update of the stable……