Endpoint Security

Cybersecurity
Cisco Talos Exposes UAT-7810 LONGLEASH Backdoor on Ruckus Routers
Cisco Talos disclosed UAT-7810, a China-linked APT building the LapDogs ORB relay network using LONGLEASH malware on compromised Ruckus and ASUS routers.
Cybersecurity
Eight Predatorgate Victims Sue Intellexa for €8 Million
Eight victims of the Greek Predatorgate spyware scandal filed a €8 million civil lawsuit against Intellexa and founder Tal Dilian in a Greek court on ...
CVE Vulnerability Alerts
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
CVE-2026-53359 Januscape is a 16-year-old Linux KVM use-after-free that allows guest VM escape to the host on Intel and AMD systems. Patches are available.
Cybersecurity
Operation DragonReturn: DcRAT Targets India Tax Professionals
China-nexus Operation DragonReturn deploys DcRAT via a cloned Indian tax utility, targeting tax professionals and accountants during India's filing season.
CVE Vulnerability Alerts
CERT/CC Finds Hidden Admin Backdoor CVE-2026-11405 in Tenda Firmware
CERT/CC disclosed CVE-2026-11405, a hidden backdoor in Tenda router firmware granting unauthenticated full admin access. No vendor patch is available.
Cybersecurity
Unit 42 Exposes EtherRAT: Teams Calls Deliver Blockchain-Backed RAT
Unit 42 exposed an active campaign using fake Microsoft Teams IT support calls to install EtherRAT, a Node.js RAT whose C2 runs on Ethereum smart ...
Cybersecurity
QuimaRAT MaaS Sells Cross-Platform Java RAT for Windows, Linux, macOS
QuimaRAT is a new Java-based malware-as-a-service RAT sold from $150 per month that targets Windows, Linux, and macOS enterprise and developer environments.
Cybersecurity
PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords
Jamf Threat Labs disclosed PamStealer, a Rust-based macOS infostealer that uses the PAM API to verify stolen passwords before exfiltrating credentials.
Cybersecurity
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages.
Cybersecurity
VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer
Securonix disclosed VEIL#DROP, an active campaign routing PureLogs Stealer through Google Blogger to bypass reputation-based enterprise security controls.