Cyber threat landscape seems to be trending towards living-off-the-land techniques, using OS-native commands and legitimate credentials to avoid traditional detection tools
Its critical to prioritize & focus on identity in depth to mitigate against these lethal attack vectors
🚨 Zimbra has fixed a critical stored XSS flaw in its Classic Web Client.
A crafted email could run malicious code when opened and expose mailbox information, session data, or account settings.
Read the full story on THN 🠖 https://t.co/mRRKCXV3a3
Zimbra has not reported in-the-wild exploitation. Update to version 10.1.19.
The Federal Bureau of Investigation (FBI) is releasing this FLASH to highlight the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the cyber criminal group TeamPCP. TeamPCP actors have conducted large-scale software supply chain compromises by targeting widely used developers and security tools, gaining access to victim environments and extracting sensitive data, including but not limited to cloud access tokens, SSH keys, and Kubernetes secrets. The FBI encourages organizations to contact the FBI if they have been compromised, and to implement the actions in the Recommendations section to reduce the likelihood and impact of compromise by TeamPCP actors.
Learn More Here: https://t.co/RqFqHFdEdC
🚨 5,800+ arrests, USD 293 million intercepted across 97 countries
The results of Operation First Light 2026 highlight the global scale of social engineering fraud and associated money laundering.
Coordinated by INTERPOL, the operation targeted the criminal networks behind business email compromise, investment scams, sextortion and romance fraud, uncovering more than 142,000 victims worldwide.
Key operational results:
🔵 152,808 cases analysed
🔵 23,715 cases solved
🔵 15,606 suspects identified
🔵 31,014 bank accounts blocked
🔵 99 INTERPOL Notices and Diffusions issued
Through the use of INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism, member countries swiftly froze both fiat and virtual illicit assets, protecting individuals and businesses from further financial harm.
Read more ➡️🔗 https://t.co/vncv2g7KCq
🇰🇪 Official Partnership Announcement 🇰🇪
The National Computer and Cybercrimes Coordination Committee, @NC4Kenya, joins the 7th Africa Cyber Defense Forum as the Official Government Partner.
Kenya's national cyber authority stands beside Africa's premier cybersecurity gathering proudly proclaiming: Digital Sovereignty isn't a Side Conversation, it's State Business.
Together, we are setting the terms for how Africa defends its digital future.
#ACDF2026 #NC4Kenya #CyberSovereignty #ShapingTheFutureOfCyberDefenseInAfrica
🚨 A suspected China-nexus campaign is targeting Indian taxpayers, tax professionals, and finance teams with fake Income Tax Department emails.
Operation DragonReturn leads victims to a fake tax-filing utility that uses DLL sideloading, JPG payload concealment, and DCRat.
Read: https://t.co/w01NFtCVdi
Welcome to the new week.
Do you need to join a team of cyber professionals
Are you looking for access to mentorship in cyber
Are you in: Technical Cyber / Forensics, Law Enforcement, or Legal Specialists in ICT
Register with us today:
Website: https://t.co/baMSFQgaRl
🛑 Ransomware crews are stacking three ugly paths into enterprise networks.
🔸 Anubis: Citrix Bleed 2
🔸 The Gentlemen: Go backdoor + BYOVD
🔸 VECT/TeamPCP: supply-chain credential theft
How the attack paths connect: https://t.co/vXCvUOAW7O
Green IT practices:
Turn devices off at the end of the day to reduce both energy and your overall attack surface.
Regularly delete unnecessary files and emails to conserve storage and reduce the risk of data breaches.
Keep software up to date to extend the lifespan of devices
🛑 Ousaban hides a ZIP payload inside an image after a fake “corrupted” PDF screens victims in Spain and Portugal.
The Windows banking trojan watches 24+ banks and can log keys, grab screenshots, tamper with the clipboard, and enable remote control.
How the fake PDF turns into Ousaban: https://t.co/sl9naD0siR
The future of CyberSecurity
The weaponization of disinformation amid rising geopolitical tensions promise to transform cyber risk from an IT concern into a fundamental business issue
The rise of AI-powered attacks & its imminent threat
Potential promise of quantum computing
Good morning @KRACare . Today is the deadline for returns submission.
Unfortunately, the SYSTEM has been down and unresponsive from yesterday (Password Reset)
Would you consider extending the deadline to allow Kenyans to fulfill their obligation
Beware of how to securely file your @KRACare returns:
There will be scams seeking to deceive you, to compromise your privacy
Verify any updates or emails asking for any payment unless you can confirm their source as KRA
Reach out to us for support through [email protected]
🚨 CVE-2026-55200 now has public PoC code.
The libssh2 flaw lets a malicious SSH server trigger memory corruption in a connecting client.
> No credentials
> No user interaction
> Affected through libssh2 1.11.1
The real cleanup problem is finding bundled and static copies in curl, Git, PHP, and appliances.
Learn more ➝ https://t.co/yAzGSfzm1H
We must arise as cyber defenders / offenders, within Africa
Cyber is a key catalyst that promotes growth and needs to be aligned with business objectives
There is an urgent need to have capable cyber experts who are able not only to defend but also offend, if the need arises.
🛑 A new #Linux kernel exploit (CVE-2026-46331) gets root without modifying a single file on disk.
It poisons the cached copy of /bin/su in memory. The binary on disk stays untouched. File-integrity checks come back clean.
The root shell is already open.
Details here ↓ https://t.co/y2FDVjcSEq
Cybercriminals often use deceptive links to steal personal information, install malware, or compromise your accounts. Before clicking any link, watch out for these common warning signs:
🔹 Urgent or threatening language
🔹 Misspelled or suspicious web addresses
🔹 Unexpected prizes or offers that seem too good to be true
🔹 Generic greetings instead of your name
A moment of caution can prevent a cyber incident.
🛡️ Stay vigilant. Stay secure. Stay cyber aware.
Are you ready to serve your country as a CIA Case Officer? In this challenging and rewarding role, you will gather human intelligence from assets around the world and work with foreign partners to conduct operations in order to safeguard our Nation. Learn more at https://t.co/ocBOBt8JaL.
CA DG @Mugonyid today addressed participants at the opening ceremony of the Africa Internet Summit (AIS) 2026, a premier annual event organized by @TESPOK_KENYA.The summit brought together stakeholders from across Africa,to discuss the future of the Continent's digital ecosystem
Factors that are driving access to cyber opportunities in Kenya include:
Rapid deployment of digital transformation within the region
Cyber law and legislation for governance purpose
Growth of AI within the technology ecosystem
Cyber criminals are collaborating to wreak havoc