Zero-Days, Shadow AI, and Stealth Tactics Define This Week in Cybersecurity

Major Threats & Vulnerabilities

Zero-Day Vulnerabilities and Active Exploits

Apple patched CVE-2026-20700, a zero-day vulnerability in the dynamic linker (dyld) exploited in targeted attacks across iOS, iPadOS, and macOS. The flaw was part of a multi-CVE exploit chain targeting recent Apple devices. Users are urged to update immediately.

CVE-2026-21514 in Microsoft Word allows attackers to bypass OLE protections and execute malicious code without user warnings. Microsoft confirmed active exploitation and has released a patch.

A denial-of-service flaw in Windows RasMan service was actively exploited to crash VPN connectivity. Microsoft has issued a fix for this vulnerability, which affects local users.

Remote Code Execution and System Compromise Risks

CVE-2026-25646, a 30-year-old heap buffer overflow in libpng, has resurfaced with remote code execution potential via crafted PNG files. This legacy flaw poses serious supply chain risks.

A remote code execution flaw in Windows Notepad allows attackers to exploit malicious Markdown links. Users should update to version 11.2510 or later to mitigate the risk.

BeyondTrust Remote Support and Privileged Remote Access products contain a critical flaw that enables unauthenticated remote code execution. A patch is available and should be applied immediately.

Authentication and Access Control Flaws

FortiOS versions 7.6.0–7.6.4 contain an authentication bypass vulnerability due to improper handling of LDAP responses when anonymous binds are enabled. This could allow unauthorized VPN or SSO access.

Industry News

Cybercrime Trends and Espionage

The Picus Red Report 2026 reveals a 38% decline in ransomware encryption, with attackers shifting toward stealthy tactics and identity abuse to maintain persistent access.

A state-aligned espionage campaign has breached government and infrastructure targets in 37 countries, including the energy and finance sectors.

Ransomware and Data Breaches

BridgePay suffered a ransomware attack that disrupted payment APIs and terminals nationwide, impacting thousands of merchants and public-sector entities.

Flickr is investigating a third-party data leak involving email metadata. While no passwords or payment data were exposed, users may be at risk of phishing.

Cloud and AI Threats

TeamPCP is behind a campaign exploiting Docker, Kubernetes, and React apps, compromising at least 185 servers since late 2025.

A viral AI caricature trend has exposed the risks of shadow AI use, where unsanctioned LLMs are used to process sensitive data, potentially aiding phishing and reconnaissance.

Other Notable Developments

Attackers are abusing Bing ads and Azure infrastructure to deliver fake Microsoft support pages, targeting at least 48 U.S. organizations.

Security Tips & Best Practices

macOS and Endpoint Security

To secure macOS endpoints, organizations should:

• Enable FileVault and System Integrity Protection
• Deploy macOS-compatible EDR and use application allowlisting
• Apply least privilege and harden browser and extension policies

SSO and Identity Protection

To secure SSO environments, implement the following:

• Enforce phishing-resistant MFA
• Disable legacy authentication protocols
• Harden federation and LDAP configurations
• Apply least-privilege access controls
• Monitor for geolocation anomalies and suspicious token reuse

Open-Source and AI Security

To mitigate risks from open-source dependencies:

• Use SBOMs and automated scanning to identify vulnerable libraries
• Enforce secure defaults and sandbox high-risk components
• Monitor runtime behavior for signs of exploitation

Zero-Click and OSINT Safety

To defend against zero-click vulnerabilities in desktop apps:

• Be cautious of calendar invites from unknown sources
• Disable or sandbox browser extensions used by desktop apps
• Apply patches promptly

For responsible OSINT use:

• Validate findings with multiple sources
• Use trusted threat intelligence feeds
• Restrict access to sensitive outputs
• Comply with legal and platform rules

Tools & Resources

• OpenClaw integrated VirusTotal scanning into its AI agent marketplace to detect malicious AI skills.
• Claude Opus 4.6 identified over 500 high-severity vulnerabilities in open-source libraries.
• EpsteIn is an open-source OSINT tool that matches LinkedIn profiles to Epstein-related court records.
• Kubernetes now supports OCI images as volumes, simplifying infrastructure and data management.

If you want to see more from our Newsletter Archive please click here.