Enigma Global Software

The Cookie Forger: How a Cryptographic Shortcut Opened Palo Alto VPNs That single log line was the first confirmed signal of active exploitation of CVE-2026-0257, an authentication bypass vulnerability in PAN-OS that Palo Alto Networks had disclosed just five days earlier. Within two weeks, CISA would add the flaw to its Known Exploited Vulnerabilities catalog, and security teams across the world would scramble to understand why a feature designed for user convenience had become an adversary's skeleton key. read now on: https://lnkd.in/dPfwHntc

The Pipeline Is the Target: How Trusted Dev Tools Became Weapons The logic behind these attacks is elegant in its cruelty. A modern CI/CD pipeline is a trust engine. Code enters at one end; tested, signed, deployable artifacts emerge at the other. Every tool referenced along that path inherits the pipeline's trust. If an attacker can substitute a single dependency, a single GitHub Action, a single extension version, they inherit that trust too. They do not need to breach a firewall. They do not need to phish an employee (though they sometimes do that as well). They simply need to become part of the machinery that already has permission to touch secrets, source code, and production credentials. read now on: https://lnkd.in/dvazu5hn

Seventeen Million Ghosts: Inside the Dutch Takedown of a Nameless Botnet read now: https://lnkd.in/dD85E5wJ

GREYVIBE: The AI-Powered Espionage Crew That Kept Tripping Over Its Own Code. read now: https://lnkd.in/dC8VWb7f

Google has disclosed a critical zero-click vulnerability (CVE-2026-0073) in the Android System component as part of its May 2026 Android Security Bulletin. The flaw resides in the wireless Android Debug Bridge (ADB) daemon's TLS certificate verification function (adbd_tls_verify_cert in auth.cpp),... https://lnkd.in/d8dDR_Gz

In March 2026, multiple state-sponsored threat actors—primarily Chinese and Iranian—have been observed exploiting the ongoing US-Israeli military conflict with Iran to conduct cyber espionage campaigns against critical infrastructure, government, and diplomatic targets. Chinese-aligned groups, including the cluster tracked as UNK_InnerAmbush,... https://lnkd.in/d95jCxda

On or around April 1, 2026, the ShinyHunters extortion group successfully breached Charter Communications, the operator of the Spectrum brand and one of the largest telecommunications providers in the United States. The attack was initiated through a voice phishing (vishing)... https://lnkd.in/dpEV5G5Q

The North Korean state-sponsored threat group Kimsuky (also tracked as APT43, Velvet Chollima, Black Banshee, THALLIUM, and Emerald Sleet) has expanded its offensive capabilities with new malware tools including HTTPSpy and HelloDoor, while also abusing legitimate Visual Studio Code tunnels... https://lnkd.in/dW-i-dvc

Intel Report [CRITICAL] A critical remote code execution (RCE) vulnerability in Samba's printing subsystem, tracked as CVE-2026-4480, has been reported affecting widely deployed infrastructure across enterprise and operational technology (OT) environments. This vulnerability reportedly allows unauthenticated attackers to execute arbitrary code on affected... https://lnkd.in/djfii-Pi

Intel Report [HIGH] GreyVibe is a previously undocumented Russia-nexus threat actor discovered by WithSecure in January 2026, active since at least August 2025. The group extensively leverages generative AI tools including ChatGPT, Google Gemini, and Ideogram AI across all phases of its operations—from... https://lnkd.in/dKZM4Xus