AdamTheAnalyst

🚨Alert🚨 CVE-2026-1731 (CVSS 9.9): Remote code execution in Remote Support (RS) and Privileged Remote Access (PRA) 📊 2.5M+ Services are found on the https://t.co/g3tSyh1Boc yearly. 🔗Hunter Link:https://t.co/aqFhp2xMa5 👇Query HUNTER : https://t.co/yFFcJwegJK="BeyondTrust Privileged Remote Access"||https://t.co/yFFcJwegJK="BeyondTrust Remote Support" 📰Refer:https://t.co/NjbbLJ5hNp #hunterhow #infosec #infosecurity #OSINT #Vulnerability

⚠️ Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections Source: https://t.co/BBJAp1bRZq A critical zero-day vulnerability in Cloudflare's Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path. The requests targeting the /.well-known/acme-challenge/ directory could reach origins even when customer-configured WAF rules explicitly blocked all other traffic. The vulnerability was detected while reviewing applications where WAF configurations blocked global access and permitted only specific sources. #CybersecurityNews #vulnerabilitynews

From LNK to PlugX: Tracking UNC6384’s Zero-Day Abuse Chain https://t.co/lbvbIpST2g Chinese threat actor UNC6384 is actively exploiting a newly disclosed Windows LNK zero-day vulnerability (ZDI-CAN-25373) to target European diplomats with PlugX malware via Canon DLL sideloading, as reported by Arctic Wolf Labs. The initial stage involves a malicious LNK file embedded in EU/NATO-themed spearphishing emails—making early detection of shortcut file execution a critical warning signal. I’ve authored a Microsoft Defender XDR detection rule to catch this abuse chain and help teams stay ahead.🤝 #Cybersecurity #ZeroDay #ZDICAN25373

Proactive detection for UNC6040 (aka ShinyHunters) https://t.co/QlsjzTluRM Google's Threat Intelligence Group outlines security strategies to defend against UNC6040, a financially motivated threat actor using voice phishing (vishing) to compromise Salesforce environments. The attackers trick users into approving malicious connected apps, enabling data theft. The blog provides proactive hardening measures, logging protocols, and detection techniques to protect SaaS platforms, especially Salesforce. Below is a Seninel KQL detection for UNC6040 built based on GTIG report. https://t.co/tm0lX0At6w #Cybersecurity #UNC6040 #ShinyHunters

🚨 SpyVPN Alert https://t.co/xaMZl7BcVC, a Chrome extension with 100K+ installs & a “Verified” badge, was caught secretly capturing screens & sending data to its servers. https://t.co/Q4BEu68faT I built a KQL to track screenshot activity via MDE—great for spotting suspicious apps. https://t.co/7oSQgDSwqX #CyberSecurity #DataExfiltration #MDE #KQL

🚨 CVE-2025-8088: WinRAR Zero-Day Used to Deploy RomCom Backdoors ESET has identified spearphishing campaigns leveraging malicious RAR attachments to exploit CVE-2025-8088—a WinRAR zero-day vulnerability. This technique delivers RomCom backdoors, attributed to threat actor Storm-0978 (aka Tropical Scorpius / UNC2596). https://t.co/daMXLc64nn To support fellow Defenders, I’ve crafted a KQL detection to surface indicators of this exploitation. It’s designed to help identify Storm-0978 activity until your infrastructure team rolls out the necessary patch. https://t.co/8Pyya29H0L #Cybersecurity #WinRaRZeroDay #Storm0978