Codex Consulting Group

New A0Backdoor malware uses DNS MX records for C2, deployed via Microsoft Teams social engineering targeting financial and healthcare orgs

CVE-2026-20127 in Cisco SD-WAN controllers was exploited for three years before CISA and Five-Eyes partners issued emergency guidance.

A Russian-speaking threat actor used commercial AI tools to compromise over 600 FortiGate firewalls in just five weeks, per Amazon Threat Intelligence.

Critical CVSS 9.9 pre-auth RCE in BeyondTrust Remote Support and PRA is now actively exploited after a PoC was published on GitHub.

Microsoft patches 55 vulnerabilities including six actively exploited zero-days targeting Windows Shell, MSHTML, Word, DWM, RDP, and RasMan.

China-linked ransomware group Storm-2603 compromised SmarterTools by exploiting critical SmarterMail vulnerabilities, then turned the same flaws against the vendor's customers.

Chinese APT Lotus Blossom hijacked Notepad++ updates for six months to deploy the custom Chrysalis backdoor targeting telecom and government organizations.

CVE-2026-1281 and CVE-2026-1340 give attackers full remote code execution on Ivanti mobile device management servers. Already exploited in the wild.

Russian APT ELECTRUM breached ~30 Polish energy sites, disabling OT equipment beyond repair in the first major attack on distributed energy resources.

A campaign targeting ~100 organizations via Okta and Microsoft Entra SSO has already breached Match Group, Betterment, and Crunchbase.

CVE-2026-24858 lets attackers with any FortiCloud account access other organizations' devices. CISA KEV listed, CVSS 9.4.