Cyber Threat Brief

By Carolina Clear Tech, LLC

Your daily cybersecurity briefing. Vulnerabilities, ransomware, threat actors, and patches that matter, explained for IT professionals and business leaders protecting small and mid-sized organizations... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Cyber Threat Brief:

How many episodes does Cyber Threat Brief have?

The podcast currently has 74 episodes available.

Cyber Threat Brief episodes:

March 05, 20262026-03-05: Cisco confirms active exploitation of two more SD-WAN vulnerabilities as federal agencies face
Show Notes - 2026-03-05
Stories Covered
Today:
Cisco Catalyst SD-WAN Manager Actively Exploited (CVE-2026-20122, CVE-2026-20128) [Critical Alerts]
Cisco Secure Firewall Management Center Root Access Flaws (CVE-2026-20079, CVE-2026-20131) [Critical Alerts]
Phobos Ransomware Admin Pleads Guilty to Wire Fraud Conspiracy [Ransomware & Extortion]
University of Mississippi Medical Center Resumes Operations After 9-Day Ransomware Attack [Ransomware & Extortion]
Brute Force Attack Exposes Ransomware Infrastructure Network [Ransomware & Extortion]
XP95 Ransomware Claims Eholo Health Psychology Platform (1.1M Medical Notes) [Ransomware & Extortion]
Microsoft Disrupts Tycoon2FA Phishing Platform [Business & Infrastructure Threats]
Cloudflare: Attackers Weaponizing Cloud Infrastructure at Scale [Business & Infrastructure Threats]
LastPass Phishing Campaign Using Fake Support Email Threads [Business & Infrastructure Threats]
LeakBase Data Trading Forum Seized in Global Operation [Business & Infrastructure Threats]
FreeScout Mail2Shell Zero-Click RCE Vulnerability [Business & Infrastructure Threats]
Bitwarden Adds Passkey Login Support for Windows 11 [Windows / AD Security]
Kaspersky Dismisses Claims Coruna iPhone Exploit Kit is NSA-Linked [General Security News]
APT28 Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine [General Security News]
Windows 10 KB5075039 Fixes Broken Recovery Environment [Vulnerability Disclosures]
Microsoft Security Update Guide CVE Disclosures [Vulnerability Disclosures]
CVEs Referenced
CVE-2020-27932, CVE-2022-20775, CVE-2023-32434, CVE-2023-38606, CVE-2024-23222, CVE-2024-24856, CVE-2024-42317, CVE-2024-57875, CVE-2025-21985, CVE-2025-37745, CVE-2025-71238, CVE-2026-0038, CVE-2026-20079, CVE-2026-20122, CVE-2026-20127, CVE-2026-20128, CVE-2026-20131, CVE-2026-23231, CVE-2026-23234, CVE-2026-23235, CVE-2026-23236, CVE-2026-23237, CVE-2026-23238, CVE-2026-23865, CVE-2026-25541, CVE-2026-3336
Indicators of Compromise
Domains:
verify-lastpass[.]com
Read the full brief
...more
28min
March 04, 20262026-03-04: CISA adds two actively exploited vulnerabilities to the KEV catalog
Show Notes - 2026-03-04
Stories Covered
Today:
CISA Adds VMware Aria Operations Command Injection to KEV Catalog (CVE-2026-22719) [Critical Alerts]
Qualcomm Chipset Memory Corruption Exploited in Targeted Attacks (CVE-2026-21385) [Critical Alerts]
CrushFTP Brute-Force Campaign Targets Default Credentials [Critical Alerts]
Insight Hospital Data Leaked Following September 2025 Breach [Ransomware & Extortion]
Signed Malware Impersonating Workplace Apps Deploys RMM Backdoors [Business & Infrastructure Threats]
Fake Tech Support Spam Deploys Havoc C2 Framework [Business & Infrastructure Threats]
Starkiller Phishing Suite Bypasses MFA with AitM Reverse Proxy [Business & Infrastructure Threats]
Mitsubishi Electric MELSEC iQ-F Series Ethernet Modules (CVE-2026-1874, CVE-2026-1875, CVE-2026-1876) [Vulnerability Disclosures]
CVEs Referenced
CVE-2024-4040, CVE-2025-31161, CVE-2025-54309, CVE-2026-1874, CVE-2026-1875, CVE-2026-1876, CVE-2026-21385, CVE-2026-22719
Indicators of Compromise
IP Addresses:
9.0.2.0, 5.189.139.225
Read the full brief
...more
18min
March 03, 20262026-03-03: Hackers are exploiting a critical Fortinet VPN bug disclosed Friday to execute remote code on
Show Notes - 2026-03-03
Stories Covered
Today:
Fortinet SSL-VPN Flaws Under Active Exploitation [Critical Alerts]
Action: [Critical Alerts]
LockBit Rebrands as CATS-Bit After Seizure [Ransomware & Extortion]
Action: [Ransomware & Extortion]
Medusa Ransomware Adds VM Escape Capability [Ransomware & Extortion]
Action: [Ransomware & Extortion]
State Department Exposes Personal Data of 7,000 Employees [Breaches & Leaks]
Action: [Breaches & Leaks]
Rite Aid Breach Exposes 160,000 Customers [Breaches & Leaks]
Action: [Breaches & Leaks]
Aventon eBike App Leaks Location Data [Breaches & Leaks]
Action: [Breaches & Leaks]
Gravy Analytics Settles FTC Charges Over Location Data Sales [Breaches & Leaks]
Action: [Breaches & Leaks]
Fake Russian Federal Police Emails Deliver Malware [Nation-State & Advanced Threats]
Action: [Nation-State & Advanced Threats]
Qualcomm Video Driver Flaw Impacts 75 Million Devices [Vulnerabilities & Exploits]
Action: [Vulnerabilities & Exploits]
CISA Adds Flaws in Apache Solr, Ivanti, and PHPJabbers [Vulnerabilities & Exploits]
Action: [Vulnerabilities & Exploits]
AI-Generated Vulnerabilities Introduced by Copilot [Vulnerabilities & Exploits]
Action: [Vulnerabilities & Exploits]
TunnelVision VPN Bypass Persists After 2024 Disclosure [Vulnerabilities & Exploits]
Action: [Vulnerabilities & Exploits]
VMware ESXi Root Privilege Escalation [Vulnerabilities & Exploits]
Action: [Vulnerabilities & Exploits]
DDoS Operators Exploit Apache Traffic Server Bug [Business & Infrastructure Threats]
Action: [Business & Infrastructure Threats]
Windows Patch Tuesday Bundles Two Zero-Days [Business & Infrastructure Threats]
Action: [Business & Infrastructure Threats]
QNAP NAS Devices Hijacked for Crypto Mining [Business & Infrastructure Threats]
Action: [Business & Infrastructure Threats]
Ransomware groups rebrand under law enforcement pressure. [Trends & Context]
VPN and firewall appliances remain high-value targets. [Trends & Context]
Virtualization platforms are ransomware targets. [Trends & Context]
AI-generated code introduces security debt. [Trends & Context]
Location data remains poorly protected. [Trends & Context]
CVEs Referenced
CVE-2023-33063, CVE-2023-33106, CVE-2024-21762, CVE-2024-32766, CVE-2024-3661, CVE-2024-37085, CVE-2024-38479, CVE-2024-43047, CVE-2024-45519, CVE-2024-48882, CVE-2024-54677, CVE-2024-55591, CVE-2025-22224, CVE-2025-22457, CVE-2025-24472, CVE-2025-24983, CVE-2025-24990, CVE-2025-24991
Read the full brief
...more
26min
March 02, 20262026-03-02: A CVSS 10 authentication bypass in Cisco SD-WAN (CVE-2026-20127) has been exploited since 2023
Show Notes - 2026-03-02
Stories Covered
Today:
ShinyHunters Breaches Wynn Resorts; Qilin Targets NYC Transit Union; UFP Technologies Hit [Ransomware & Extortion]
Cisco SD-WAN Authentication Bypass CVE-2026-20127 (CVSS 10, KEV Deadline Passed) [Critical Alerts]
APT28 Exploited MSHTML Zero-Day Before February Patch Tuesday (CVE-2026-21513, KEV Deadline Tomorrow) [Critical Alerts]
Roundcube Webmail Actively Exploited - Two KEV Entries (Deadline March 13) [Critical Alerts]
SolarWinds Web Help Desk Pre-Auth RCE Chain (Multiple KEV Entries) [Critical Alerts]
North Korea's Famous Chollima Publishes 26 Malicious npm Packages (StegaBin Campaign) [Business & Infrastructure Threats]
OpenClaw ClawJacked: Malicious Websites Could Hijack Local AI Agent [Business & Infrastructure Threats]
UNC2814 GRIDTIDE: China-Nexus Espionage Group Hit 53 Organizations in 42 Countries [Business & Infrastructure Threats]
UK NCSC Warning: Elevated Iranian Cyber Threat; SIM-Swap Scams Follow Dubai Strikes [Business & Infrastructure Threats]
Windows Server 2016 Approaching End of Support - 20 Percent of Servers Still Running It [Windows / AD Security]
Anthropic Claude Code RCE via Malicious Project Configurations (CVE-2025-59536) [General Security News]
Chrome CVE-2026-0628: Malicious Extensions Could Hijack Gemini AI Panel (Patched) [General Security News]
LLMs Can Deanonymize Online Users with High Precision [General Security News]
Google Developing Merkle Tree Certificates for Quantum-Resistant HTTPS [General Security News]
Wireshark 4.6.4 Released [Vulnerability Disclosures]
Google API Keys Usable Against Gemini Endpoints [Vulnerability Disclosures]
CVEs Referenced
CVE-2022-20775, CVE-2024-28986, CVE-2025-40536, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554, CVE-2025-49113, CVE-2025-59536, CVE-2025-68461, CVE-2026-0628, CVE-2026-20127, CVE-2026-21509, CVE-2026-21513
Indicators of Compromise
Domains:
wellnesscaremed[.]com, 67[.]63
IP Addresses:
127.0.0.1
Read the full brief
...more
21min
March 01, 20262026-03-01: OpenClaw's ClawJacked vulnerability (7 CVEs) lets any malicious website hijack a locally running AI
Show Notes - 2026-03-01
Stories Covered
Today:
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket (CVE-2026-26319, CVE-2026-26322, CVE-2026-24763, CVE-2026-25593, CVE-2026-25157, CVE-2026-25475, CVE-2026-26329) [Critical Alerts]
SentinelOne Intelligence Brief: Iranian Cyber Activity Outlook [Business & Infrastructure Threats]
QuickLens Chrome Extension Steals Crypto, Shows ClickFix Attack [Business & Infrastructure Threats]
Hackers Weaponize Claude Code in Mexican Government Cyberattack [Business & Infrastructure Threats]
Who is the Kimwolf Botmaster "Dort"? [General Security News]
OpenClaw, but in Containers: Meet NanoClaw [General Security News]
Canadian Tire Data Breach Impacts 38 Million Accounts [General Security News]
$4.8M in Crypto Stolen After Korean Tax Agency Exposes Wallet Seed [General Security News]
Vim: OS Command Injection and Memory Corruption (CVE-2026-28417, CVE-2026-28418, CVE-2026-28421, CVE-2026-28422) [Vulnerability Disclosures]
CVEs Referenced
CVE-2026-24763, CVE-2026-25157, CVE-2026-25475, CVE-2026-25593, CVE-2026-26319, CVE-2026-26322, CVE-2026-26329, CVE-2026-28417, CVE-2026-28418, CVE-2026-28421, CVE-2026-28422
Indicators of Compromise
Domains:
extensionanalyticspro[.]top, drivers[.]solutions, google-update[.]icu, drivers[.]solutions.
Read the full brief
...more
14min
February 28, 20262026-02-28: CISA confirms RESURGE malware can remain dormant on compromised Ivanti devices
Show Notes - 2026-02-28
Stories Covered
Today:
CISA warns that RESURGE malware can be dormant on Ivanti devices (CVE-2025-0282) [Critical Alerts]
Steaelite RAT bundles data theft and ransomware in one tool [Ransomware & Extortion]
Ransomware payments dropped 8% in 2025, but attacks surged 50% [Ransomware & Extortion]
Malicious Go crypto module steals passwords and deploys Rekoobe backdoor [Business & Infrastructure Threats]
Microsoft testing batch file security improvements [Windows / AD Security]
Pentagon designates Anthropic supply chain risk over AI military dispute [General Security News]
OCaml buffer over-read enables remote code execution (CVE-2026-28364) [Vulnerability Disclosures]
Linux kernel ksmbd and networking CVEs [Vulnerability Disclosures]
CVEs Referenced
CVE-2025-0282, CVE-2025-40039, CVE-2025-71147, CVE-2025-71150, CVE-2025-71152, CVE-2025-71154, CVE-2025-71160, CVE-2025-71161, CVE-2025-71162, CVE-2025-71163, CVE-2025-71229, CVE-2025-71232, CVE-2025-71235, CVE-2025-71237, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980, CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-22996, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23212, CVE-2026-23216, CVE-2026-23220, CVE-2026-23222, CVE-2026-23228, CVE-2026-28364
Indicators of Compromise
Hashes:
3526af9189533470bc0e90d54bafb0db7bda784be82a372ce112e361f7c7b104, 52bbc44eb451cb5e16bf98bc5b1823d2f47a18d71f14543b460395a1c1b1aeda, b1221000f43734436ec8022caaa34b133f4581ca3ae8eccd8d57ea62573f301d
IP Addresses:
154.84.63.184
Read the full brief
...more
17min
February 27, 20262026-02-27: Five Eyes issues urgent joint alert for two Cisco SD-WAN vulnerabilities under active exploitation
Show Notes - 2026-02-27
Stories Covered
Today:
Cisco Catalyst SD-WAN Zero-Days Under Active Exploitation (CVE-2022-20775, CVE-2026-20127) [Critical Alerts]
Trend Micro Apex One Critical RCE Vulnerabilities (CVE-2025-71210, CVE-2025-71211) [Critical Alerts]
Copeland XWEB Industrial Controllers (23 CVEs) [Vulnerability Disclosures]
Johnson Controls Frick Quantum HD Pre-Auth RCE (6 CVEs) [Vulnerability Disclosures]
EV Charging Platform Authentication Bypass (Multiple Vendors) [Vulnerability Disclosures]
Yokogawa CENTUM VP Industrial Systems (6 CVEs) [Vulnerability Disclosures]
Pelco Sarix Pro 3 IP Camera Authentication Bypass (CVE-2026-1241) [Vulnerability Disclosures]
Juniper PTX Routers Critical RCE (CVE-2026-21902) [Vulnerability Disclosures]
Zyxel Critical UPnP Vulnerability (Multiple Models) [Vulnerability Disclosures]
Microsoft Vitess Database Vulnerabilities (CVE-2026-27965, CVE-2026-27969) [Vulnerability Disclosures]
NATS Server WebSocket Pre-Auth Memory DoS (CVE-2026-27571) [Vulnerability Disclosures]
AJV JSON Validator ReDoS (CVE-2025-69873) [Vulnerability Disclosures]
Chromium Vulnerabilities in Edge (CVE-2026-3062, CVE-2026-3063) [Vulnerability Disclosures]
Ransomware Payment Rates Hit Record Low 28% [Ransomware & Extortion]
UAT-10027 Targets US Education and Healthcare with Dohdoor Backdoor [Business & Infrastructure Threats]
Trojanized Gaming Tools Distribute Java-Based RAT [Business & Infrastructure Threats]
Steaelite RAT Combines Data Theft and Ransomware [Business & Infrastructure Threats]
CrowdStrike: eCrime Breakout Time Drops to 29 Minutes [Business & Infrastructure Threats]
ManoMano Data Breach Impacts 38 Million Customers [Business & Infrastructure Threats]
Google API Keys Expose Gemini AI Data [Business & Infrastructure Threats]
Microsoft Expands Windows Backup Restore to Hybrid Environments [Windows / AD Security]
Microsoft to Auto-Launch Copilot in Edge from Outlook Links [Windows / AD Security]
CrowdStrike FalconID Brings Phishing-Resistant MFA [General Security News]
Anthropic Refuses Pentagon Demands to Remove AI Guardrails [General Security News]
LLMs Generate Predictable Passwords [General Security News]
Microsoft Threat Modeling Guidance for AI Applications [General Security News]
Post-Quantum Cryptography Migration Urgency [General Security News]
Block Announces 40% Layoffs Citing AI Tools [General Security News]
CVEs Referenced
CVE-2022-20775, CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-69873, CVE-2025-71210, CVE-2025-71211, CVE-2026-1241, CVE-2026-20127, CVE-2026-21654, CVE-2026-21656, CVE-2026-21657, CVE-2026-21718, CVE-2026-21902, CVE-2026-24663, CVE-2026-25085, CVE-2026-27571, CVE-2026-27965, CVE-2026-27969, CVE-2026-3062, CVE-2026-3063
Indicators of Compromise
IP Addresses:
79.110.49.15
Read the full brief
...more
40min
February 26, 20262026-02-26: Cisco issued emergency patches for two SD-WAN zero-days exploited since 2023 by sophisticated
Show Notes - 2026-02-26
Stories Covered
February 26, 2026
Today:
Cisco SD-WAN Zero-Days Exploited Since 2023 (CVE-2026-20127, CVE-2022-20775) [Critical Alerts]
Scattered LAPSUS$ Hunters Recruiting Women for Vishing Attacks [Ransomware & Extortion]
RAMP Forum Seizure Disrupts Ransomware Ecosystem [Ransomware & Extortion]
Marquis Sues SonicWall Over Backup Breach Leading to Ransomware Attack [Business & Infrastructure Threats]
Google Disrupts GRIDTIDE Global Espionage Campaign [Business & Infrastructure Threats]
Fake Next.js Job Interview Tests Deploy Backdoors on Developer Machines [Business & Infrastructure Threats]
Claude Code Flaws Allow RCE and API Key Exfiltration (CVE-2026-21852, CVE-2025-59536) [Vulnerability Disclosures]
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware [Vulnerability Disclosures]
SolarWinds Patches Four Critical Serv-U Vulnerabilities [Vulnerability Disclosures]
UFP Technologies Discloses Data Theft in Cyberattack [Vulnerability Disclosures]
US Sanctions Russian Exploit Broker Operation Zero [General Security News]
LLMs Enable Automated Deanonymization of Pseudonymous Users [General Security News]
CVEs Referenced
CVE-2022-20775, CVE-2025-59536, CVE-2026-20127, CVE-2026-21852
Indicators of Compromise
IP Addresses:
20.9.8.2, 20.12.6.1, 20.15.4.2, 20.18.2.1
Read the full brief
...more
21min
February 25, 20262026-02-25: APT28 exploited a Microsoft Office zero-day in January
Show Notes - 2026-02-25
Stories Covered
Today:
Microsoft Office Zero-Day Exploited by APT28 (CVE-2026-21509) [Critical Alerts]
FileZen OS Command Injection Actively Exploited (CVE-2026-25108) [Critical Alerts]
January 2026 CVE Landscape Summary [Critical Alerts]
SolarWinds Serv-U Critical Root Code Execution Flaws [Vulnerability Disclosures]
VMware Aria Operations Remote Code Execution [Vulnerability Disclosures]
InSAT MasterSCADA BUK-TS Remote Code Execution [Vulnerability Disclosures]
Schneider Electric EcoStruxure Building Operation XXE Vulnerability [Vulnerability Disclosures]
Gardyn Home Kit Multiple Vulnerabilities [Vulnerability Disclosures]
Microsoft 365 Copilot Data Controls Expanded [Vulnerability Disclosures]
North Korea's Lazarus Group Deploys Medusa Ransomware [Ransomware & Extortion]
Wynn Resorts Employee Data Breach [Ransomware & Extortion]
CarGurus Data Breach Exposes 12.4 Million Records [Ransomware & Extortion]
Defense Contractor Employee Jailed for Selling Zero-Days to Russian Broker [Business & Infrastructure Threats]
Diesel Vortex Phishing Targets Freight and Logistics [Business & Infrastructure Threats]
Threat Intelligence Supply Chain Vulnerabilities [Business & Infrastructure Threats]
Developer-Targeting Campaign Using Malicious Next.js Repositories [Business & Infrastructure Threats]
UAC-0050 Targets European Financial Institution [Business & Infrastructure Threats]
1Campaign Platform Enables Malicious Google Ads [Business & Infrastructure Threats]
RoguePilot Flaw in GitHub Codespaces (Patched) [Business & Infrastructure Threats]
CrowdStrike Report: Attackers Need Just 29 Minutes to Own a Network [Business & Infrastructure Threats]
Windows 11 KB5077241 Update Improves BitLocker, Adds Sysmon [Windows / AD Security]
UK Fines Reddit $19 Million for Children's Data Violations [General Security News]
Open Redirect Scanning Increase [General Security News]
Operation Red Card 2.0: 651 Arrests in Africa [General Security News]
Group Relative Policy Optimization Can Unalign LLMs [General Security News]
CVEs Referenced
CVE-2021-35211, CVE-2021-35247, CVE-2024-28995, CVE-2025-29628, CVE-2025-29629, CVE-2025-29631, CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541, CVE-2026-1226, CVE-2026-1227, CVE-2026-21410, CVE-2026-21509, CVE-2026-22553, CVE-2026-25108
Indicators of Compromise
IP Addresses:
89.248.168.239
Read the full brief
...more
40min
February 24, 20262026-02-24: Dell RecoverPoint zero-day exploited by Chinese threat actors since mid-2024 with CISA deadline
Show Notes - 2026-02-24
Stories Covered
Today:
Dell RecoverPoint for VMs Zero-Day (CVE-2026-22769) [Critical Alerts]
Wormable XMRig Campaign (CVE-2025-55182, CVE-2020-14979) [Critical Alerts]
600+ FortiGate Devices Compromised by AI-Assisted Amateur [Vulnerability Disclosures]
JPEG-Embedded Malware Campaign [Vulnerability Disclosures]
Android Mental Health Apps with 14.7M Installs Riddled with Flaws [Vulnerability Disclosures]
CrowdStrike 2026 Global Threat Report [Ransomware & Extortion]
Vikor Scientific Data Breach (Everest Ransomware) [Ransomware & Extortion]
ATM Jackpotting Attacks Surged in 2025 [Ransomware & Extortion]
Optimizely Data Breach via Vishing Attack [Business & Infrastructure Threats]
Anthropic Accuses Chinese AI Labs of Distillation Attacks [Business & Infrastructure Threats]
Google Suspends Accounts for Antigravity Usage with Third-Party AI Tools [Business & Infrastructure Threats]
Google Gemini Chat Histories Disappearing [Business & Infrastructure Threats]
Microsoft Classic Outlook Mouse Pointer Bug [Windows / AD Security]
Microsoft SharePoint "Reimagined Experience" Coming in April [Windows / AD Security]
When Identity Isn't the Weak Link, Access Still Is [Windows / AD Security]
UnsolicitedBooker Targets Central Asian Telecoms [General Security News]
APT28 Operation MacroMaze Targets Europe [General Security News]
Iran's MuddyWater Debuts New Malware [General Security News]
Ukraine Sentences Individual for Aiding North Korean IT Fraud [General Security News]
Spain Arrests Anonymous Fénix Hacktivists [General Security News]
Anthropic Rolls Out Claude Code Security [General Security News]
CrowdStrike Typosquatting Campaign Analysis [General Security News]
CVEs Referenced
CVE-2020-14979, CVE-2025-55182, CVE-2026-22769
Indicators of Compromise
IP Addresses:
6.0.3.1
Read the full brief
...more
29min

FAQs about Cyber Threat Brief:

How many episodes does Cyber Threat Brief have?

The podcast currently has 74 episodes available.