ThreatsDay Bulletin: 47 Zero-Days Exposed, AI-Driven Intrusions Surge, and Major Cybersecurity Risks Unveiled
In the ever-evolving landscape of cybersecurity, recent developments underscore a troubling trend: attackers are increasingly leveraging trusted components to execute their malicious activities. This week, a series of incidents highlighted vulnerabilities that could have significant implications for organizations worldwide.
47 Zero-Days Exposed at Pwn2Own Berlin 2026
The Pwn2Own Berlin 2026 hacking contest concluded with security researchers uncovering 47 zero-day vulnerabilities across various platforms, including Windows, Linux, VMware, and NVIDIA. Participants collectively earned $1,298,250 in rewards, with DEVCORE taking the lead by amassing 50.5 Master of Pwn points and $505,000 in total earnings. Their exploits included significant breaches of Microsoft SharePoint, Microsoft Exchange, Microsoft Edge, and Windows 11. Following DEVCORE, STARLabs SG and Out Of Bounds secured $242,500 and $95,750, respectively.
AI Security Concerns Raised by NCSC
The U.K. National Cyber Security Centre (NCSC) has issued a warning regarding the deployment of agentic artificial intelligence (AI) tools in enterprise settings. The NCSC emphasized the importance of implementing robust security controls, stating, “If an agent is over-privileged or poorly designed, a single failure can quickly become a serious incident.” This guidance comes amid growing concerns about the potential misuse of AI technologies in cyberattacks.
Polish Government Urges Shift from Signal
In a significant policy shift, the Polish government has recommended that public officials cease using the Signal messaging app. Instead, they are directed to adopt mSzyfr, an encrypted messaging solution developed by a prominent Polish research organization. This decision stems from rising social engineering attacks attributed to advanced persistent threat (APT) groups, which have increasingly targeted Signal users.
Dutch Police Unmask Fraud Suspects
The Dutch police have successfully identified 74 out of 100 suspects involved in various fraud schemes through an initiative dubbed “Game Over?!” This campaign displayed blurred images of the suspects in public spaces, giving them a two-week window to surrender before the images were unblurred. Among those identified, the youngest suspect is 14 years old, while the oldest is 42. The initiative aims to combat rising fraud rates in the Netherlands.
Espionage Discussions Between U.S. and China
In a recent statement, U.S. President Donald Trump revealed discussions with Chinese President Xi Jinping regarding cyberattacks and espionage activities. Trump acknowledged the mutual nature of these operations, stating, “We spy like hell on them too.” This admission comes amidst ongoing allegations of extensive cyber intrusions by China into U.S. networks.
Ransomware Threats in South Korea
The Gunra ransomware family has emerged as a significant threat, targeting five South Korean companies since its discovery in April 2025. Initially based on Conti ransomware, Gunra has since transitioned to a Ransomware-as-a-Service (RaaS) model, claiming 32 victims as of March 2026.
Composer Token Leak
Composer, a widely used dependency manager for PHP, has urged users to update to versions 2.9.8 or 2.2.28 (LTS) following a critical vulnerability that could leak GitHub Actions tokens in logs. This vulnerability has been assigned the CVE identifier CVE-2026-45793, with a CVSS score of 7.5. Users are advised to disable any GitHub Actions workflows running Composer commands until the update is applied.
Persistence of Linux Rootkits
The persistence of the OrBit Linux rootkit has been documented by cybersecurity firm Intezer. Initially reported in July 2022, OrBit employs advanced evasion techniques and has been actively refined by its operators. New artifacts indicate ongoing development, with two distinct lineages identified: a full-featured version and a lighter variant that sacrifices some capabilities for a smaller footprint.
AI-Driven Intrusions in Latin America
Two new campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, have been identified as using agentic AI to facilitate intrusions against government and financial organizations in Latin America. These campaigns have established traffic tunnels to victim systems, enabling AI agents to conduct malicious attacks directly within internal networks. The attackers have successfully bypassed traditional security measures by framing their actions as authorized penetration testing.
Mythos AI Model Expands threat intelligence Sharing
Anthropic has announced that users of its Mythos AI model can now share cybersecurity threats with other organizations. This development aims to enhance collective defenses against emerging vulnerabilities. The initiative aligns with Cloudflare’s assessment of Mythos as a significant advancement in threat detection and vulnerability discovery.
Discord Implements End-to-End Encryption
Discord has announced that all voice and video calls on its platform are now protected by default with end-to-end encryption (E2EE). This enhancement, powered by the DAVE protocol, aims to bolster user privacy and security, although the company has stated that text messages will not receive similar encryption due to engineering challenges.
Azure Identity Exploitation
Microsoft has reported a sophisticated attack orchestrated by Storm-2949, which exploited the Self-Service Password Reset (SSPR) process to exfiltrate sensitive data from an unnamed organization. The attackers targeted IT personnel and senior leadership, leveraging legitimate cloud features to gain access to sensitive resources.
App Store Fraud Prevention
Apple has reported that its App Store successfully blocked over $2.2 billion in fraudulent transactions in 2025. The company also rejected more than 2 million problematic app submissions and terminated numerous developer accounts due to fraud concerns.
Conclusion
The cybersecurity landscape continues to evolve, with attackers adapting their strategies to exploit trusted components and technologies. Organizations must remain vigilant, implementing robust security measures and staying informed about emerging threats.
For further information on the latest cybersecurity developments, threat intelligence, and breaking updates from across the Middle East.
Source: thehackernews.com
