Risk & Resilience

Researchers uncover a global IRSF scam using fake CAPTCHA pages and over 120 Keitaro campaigns driving SMS fraud, crypto theft, and large scale cybercrime operations.

CISA has added four actively exploited vulnerabilities affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers to its KEV catalog, setting a May 2026 deadline for federal agencies to act.

CISA and NCSC report FIRESTARTER backdoor on Cisco Firepower devices used in a federal cyber incident, showing persistence even after patches and firmware updates.

Tropic Trooper launches a cyber campaign using a trojanized SumatraPDF reader and GitHub powered AdaptixC2 to target users in Taiwan, Japan, and South Korea.

Microsoft has released an out of band update fixing CVE 2026 40372 in ASP.NET Core, a critical privilege escalation flaw affecting DataProtection cryptography that could allow SYSTEM level access under specific conditions.

Researchers have identified Lotus Wiper, a destructive malware targeting Venezuela’s energy sector, capable of wiping systems, deleting recovery mechanisms, and disabling infrastructure through multi stage batch scripts and disk overwriting techniques.

Security researchers report malicious Docker images and VS Code extensions tied to Checkmarx supply chain compromise, exposing developer credentials, cloud tokens, and CI/CD secrets through multi-stage malware and npm propagation.

Gartner’s warning about misconfigured AI disrupting critical infrastructure highlights urgent risks for Pakistan’s power grid and 5G rollout. Safe overrides, digital twins, and strong AI governance are essential to prevent self-inflicted outages in increasingly automated national systems.

Microsoft has released fixes for 169 vulnerabilities including a SharePoint zero day under active exploitation, a high severity Windows Defender privilege escalation flaw, and a critical Windows IKE remote code execution issue impacting enterprise systems.

Google fixes Antigravity IDE vulnerability enabling prompt injection based code execution as researchers uncover wider AI tool security flaws across coding agents and platforms.

Anthropic’s Mythos model signals a shift in cybersecurity, discovering thousands of zero-day vulnerabilities and accelerating exploit timelines. The development challenges traditional security assumptions, forcing enterprises to rethink patch velocity, continuous exposure management, and AI-driven defense strategies.

AI governance must evolve alongside deployment as agentic systems expand enterprise attack surfaces. This analysis explores secure-by-design frameworks, emerging AI threats, and why Pakistani enterprises must strengthen internal governance amid rapid AI adoption and fragmented regulation.