Mandiant Archives • Daily CyberSecurity

New Knowledge Deliver RCE Vulnerability Exploited in the Wild

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

New Knowledge Deliver RCE Vulnerability Exploited in the Wild

Do Son May 25, 2026

In late 2025, Mandiant responded to a major security incident involving a compromised web server. Specifically, the...

Google Confirms First AI-Generated Zero-Day Exploit Found in the Wild AI-Built Zero-Day Exploit Google Threat Intelligence Report 2026

Google Confirms First AI-Generated Zero-Day Exploit Found in the Wild

Do Son May 12, 2026

The era of “theoretical” AI-driven cyber warfare has officially come to an end. In a report released...

Ghosts in the Hypervisor: Mandiant Exposes the 400-Day vSphere Takeover Hypervisor Persistence vSphere Security

Ghosts in the Hypervisor: Mandiant Exposes the 400-Day vSphere Takeover

Do Son April 9, 2026

A new deep-dive report from Mandiant (part of Google Cloud) explores the evolving threats facing the VMware...

The $32 Billion Fortress: Google Completes Historic Wiz Acquisition to Solve the “AI-Native” Risk Google Wiz acquisition 2026

The $32 Billion Fortress: Google Completes Historic Wiz Acquisition to Solve the “AI-Native” Risk

Do Son March 12, 2026

Google has formally promulgated the successful culmination of its acquisition of Wiz, the preeminent vanguard in global...

Google Dismantles UNC2814’s Global Espionage Network Fueled by Google Sheets UNC2814 Espionage GRIDTIDE Backdoor

Google Dismantles UNC2814’s Global Espionage Network Fueled by Google Sheets

Do Son March 2, 2026

A massive, years-long cyber espionage campaign has been successfully dismantled. Recently, a coordinated effort led by the...

Ghost NICs & Secret Knocks: Dell Zero-Day (CVSS 10) Exploited by UNC6201 FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Ghost NICs & Secret Knocks: Dell Zero-Day (CVSS 10) Exploited by UNC6201

Do Son February 18, 2026

A high-risk zero-day vulnerability in Dell’s virtualization software has become the playground for a sophisticated espionage campaign....

Fake CEO, Real Hack: North Korea Uses AI Deepfakes to Steal Crypto UNC1069 Deepfake Attack Cryptocurrency Malware

Fake CEO, Real Hack: North Korea Uses AI Deepfakes to Steal Crypto

Do Son February 11, 2026

North Korean threat actors are leveling up their social engineering game, using AI-generated deepfakes and sophisticated malware...

“IT Support” Imposters: ShinyHunters Vishing Rings Bypass MFA to Steal Data ShinyHunters Vishing Corporate Vishing Attacks

“IT Support” Imposters: ShinyHunters Vishing Rings Bypass MFA to Steal Data

Do Son February 4, 2026

A new report from Mandiant details how sophisticated voice phishing (vishing) rings are bypassing modern security controls...

Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover Triofox Zero-Day, Host Header Bypass

Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover

Do Son November 11, 2025

Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed that a critical unauthenticated...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CL0P Extortion: Google/Mandiant Expose Zero-Day RCE in Oracle E-Business Suite (CVE-2025-61882)

Do Son October 10, 2025

Google Threat Intelligence Group (GTIG) and Mandiant have jointly disclosed an extensive data theft and extortion campaign...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

CVE-2025-53690: Mandiant and Sitecore Warn of Active Exploitation in ASP.NET Machine Key Configurations

Do Son September 4, 2025

A coordinated disclosure by Mandiant and Sitecore has revealed the active exploitation of a critical configuration vulnerability...

Mandiant Uncovers USB-Borne Malware Campaign Deploying Cryptocurrency Miners

Do Son August 21, 2025

Mandiant’s Managed Threat Defense team has released a detailed analysis of a rapidly spreading USB-based malware campaign...

Signal Phishing Alert: Sophisticated Campaign Targets Armenian Civil Society & Government Signal Phishing, Armenia Cyberattack

Signal Phishing Alert: Sophisticated Campaign Targets Armenian Civil Society & Government

Do Son June 7, 2025

In early March 2025, Armenia became the focal point of a sophisticated spear-phishing campaign that leveraged encrypted...

Scattered Spider (UNC3944) Resurfaces with Ties to DragonForce and RansomHub in Retail Attacks UNC3944, Scattered Spider

Scattered Spider (UNC3944) Resurfaces with Ties to DragonForce and RansomHub in Retail Attacks

Do Son May 7, 2025

A new report from Mandiant, a Google Cloud company, sheds light on the renewed activity of UNC3944,...

Google Launches Unified Security Powered by Gemini AI, Enhances Enterprise Protection Google Unified Security Gemini AI Security

Google Launches Unified Security Powered by Gemini AI, Enhances Enterprise Protection

Do Son April 9, 2025

Google has announced the launch of “Google Unified Security,” an integrated security solution powered by Gemini AI,...

Critical Alert 1 Active Exploit Detected Today