BlueHammer Windows Local Privilege Escalation Zero-Day Publicly Released

Executive Summary On 3 April 2026, a disgruntled security researcher publicly released a working proof-of-concept for an unpatched Windows local privilege escalation (LPE) vulnerability named BlueHammer. The flaw combines a time-of-check to time-of-use (TOCTOU) race condition and path-confusion issue in Windows Defender’s signature-update mechanism. It allows a low-privileged local user to access the SAM database,…

Read More

Active Data Theft Campaign Targeting Snowflake Customers via Anodot Third-Party SaaS Integration Breach

Executive Summary On 7 April 2026, reports emerged in open source that multiple companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. While numerous cloud storage and SaaS vendors were targeted using the stolen tokens, the majority of the data theft attacks targeted the cloud-based data warehouse platform Snowflake….

Read More

Axios npm Package Compromised to Deliver Remote Access Trojan

Executive Summary According to a released report by StepSecurity, on 30 March 2026, an unnamed threat actor compromised a npm account associated with the Axios library and published malicious package versions, impacting developers and organizations relying on the dependency. The threat actor introduced backdoored versions of 1.14.1 and 0.30.4 that included a hidden malicious component designed…

Read More

Chinese Threat Actors Implant BPFdoor in Telecom Networks

Executive Summary According to a released report from Rapid7 Labs, Chinese threat actor Red Menshen is targeting telecommunication networks in undisclosed regions with the goal of carrying out espionage against corporate and government agencies. This campaign, reported on 26 March 2026, has been a long-term operation gaining access to telecom critical environments for an extended period…

Read More

Why Fraud Now Belongs on the CISO’s Desk

For years, fraud and cybersecurity have been treated as separate problems, owned by different teams and addressed with different tools. Fraud programs focused on screening transactions at checkout. Security programs focused on defending the perimeter. That division once made sense. Today, it no longer does. Modern attacks do not exploit infrastructure first, but rather identity….

Read More