Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recently, JUMPSEC’s DART (Detection and Response Team) detected a phishing email targeting a client environment. The email, written in Thai and containing a MediaFire download link, was identified as suspicious by an incident responder and we kicked off an investigation. Since then, we have established infrastructure to track the threat actor, analysed the novel payload in detail, and identified several IoCs below.

Artificial intelligence (AI) is transforming the business landscape at an accelerated pace. The announcement of Mythos from Anthropic, with its limited public release, is just one example of how LLMs are changing the speed at which unknown flaws in IT systems can be exposed.

At the end of 2023, Broadcom completed its acquisition of VMware, reshaping one of the most influential names in virtualization. This move introduced significant changes in licensing, product structure, administration and data protection. As Broadcom reorganizes VMware and its ecosystem, the effects are being felt across customers, partners and backup solution vendors.

VMware vSphere and Microsoft Hyper-V are two of the most popular virtualization platforms. Each solution uses different virtual disk file formats for virtual machines. This means you need to convert virtual disk files when moving VMs between VMware and Hyper-V. For example, you may need to migrate VMs between hypervisors for testing. In other cases, you may need to change the format if you’ve chosen the wrong one when creating the VM. Hyper-V uses VHD and VHDX for VMs, while VMware uses VMDK.

In March 2026, researchers began linking a series of software supply-chain compromises to Replicating Marauder, the BlueVoyant Threat Fusion Cell (TFC) primary identifier for the actor publicly tracked elsewhere as TeamPCP. What made the campaign stand out was that trusted software was poisoned and one compromise repeatedly appeared to enable the next by exposing credentials, release paths, or Continuous Integration and Continuous Delivery or Deployment (CI/CD) trust relationships.

AI Pentesting is having a moment. Well, several moments, actually. Every other week, another vendor announces something, or another LLM-driven pentesting tool tops some benchmark on a target nobody's heard of, another deck claims a new "gold standard" being disrupted, at long last... It's been busy.

Sample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform.

CVE-2026-48172 is an incorrect privilege assignment flaw in the LiteSpeed User-End cPanel Plugin that allows any authenticated cPanel user to execute arbitrary scripts as root. The bug sits in the plugin's lsws.redisAble function, which can be invoked through the standard cPanel JSON API to run code with elevated privileges instead of the calling user's own. The vulnerability carries a CVSS v4.0 base score of 10.0 (Critical).

The classic 'survey reward' scam is back and hitting harder than ever. KnowBe4 Threat Labs is tracking a massive, high-volume campaign that is not only impersonating a wide array of trusted global brands across retail, logistics, and healthcare, but is using hundreds of newly registered domains (NRDs) and sophisticated psychological priming to fly past traditional security defenses.

Researchers at Push Security have analyzed a phishing platform used by organized criminal threat actors like ShinyHunters and BlackFile, finding more than 400 domains linked to attacks launched by the phishing kit.