Risk & Resilience

Cybersecurity researchers have identified a new TrickMo Android banking trojan variant that uses TON based command and control infrastructure, SOCKS5 proxying, and SSH tunnelling to target banking and cryptocurrency users in Europe.

A critical cPanel vulnerability CVE-2026-41940 is being actively exploited by threat actor Mr_Rot13 to deploy Filemanager backdoor, enabling credential theft, ransomware, botnet activity, and persistent system compromise across global infrastructure.

Instructure confirms an agreement with ShinyHunters following a Canvas breach involving 3.65TB of stolen data impacting nearly 9000 institutions, with threat actors leveraging a vulnerability to exfiltrate sensitive education records.

A Mini Shai Hulud worm linked to TeamPCP has compromised npm and PyPI packages across TanStack, Mistral AI, Guardrails AI and others, deploying credential stealers, CI/CD exploits, and cross ecosystem propagation techniques.

Newly identified TCLBANKER banking trojan targets 59 financial platforms using WhatsApp and Outlook worms, highlighting evolving cybercrime tactics.

Palo Alto Networks reports active exploitation of PAN OS CVE-2026-0300 allowing root level RCE, with espionage activity linked to suspected state sponsored threat cluster CL STA 1132.

Ivanti warns of CVE-2026-6973 in EPMM being actively exploited in limited attacks, enabling admin authenticated remote code execution, alongside multiple patched vulnerabilities.

Dirty Frag Linux kernel vulnerability enables local privilege escalation to root across major distributions including Ubuntu, RHEL, Fedora, and CentOS, with active exploitation risk.

China linked group Silver Fox targets organizations in India and Russia using phishing emails with tax themed lures to distribute ValleyRAT and newly identified ABCDoor malware, according to Kaspersky analysis.

A critical cPanel vulnerability CVE 2026 41940 is being actively exploited to target government, military, and MSP networks globally, enabling authentication bypass and remote control, with thousands of systems impacted.

A critical Weaver E-cology vulnerability CVE 2026 22679 is being actively exploited, enabling unauthenticated remote code execution through debug API endpoints affecting enterprise systems globally.

AI assisted cyber attacks are rising sharply in 2026, lowering barriers for attackers, accelerating exploit timelines, and increasing phishing, malware, and supply chain threats globally.