Enigma-Global

By the time security researchers at Aikido confirmed the compromise, thousands of developers and CI/CD pipelines had potentially ingested credential-theft malware baked into libraries they trusted implicitly. enigma-global.com/og/blog/red-ha…

Google published its monthly Android Security Bulletin and buried inside the dense list of 124 patched vulnerabilities was a single line that should have stopped every mobile security team cold enigma-global.com/og/blog/cve-20…

Intel Report [HIGH] - A new cyber espionage campaign codenamed Operation Dragon Weave has been identified by Seqrite Labs, targeting government officials and citizens in the Czech Republic and Taiwan. The campaign delivers an AdaptixC2 agent through... enigma-global.com/og/report/oper…

Intel Report [CRITICAL] - CIFSwitch is a critical local privilege escalation (LPE) vulnerability in the Linux kernel's CIFS client that has been present since 2007—hidden in plain sight for 19 years. Discovered by SpaceX security engineer Asim... enigma-global.com/og/report/cifs…

Intel Report [HIGH] - Gamaredon, a Russian state-sponsored espionage group formally attributed to Russia's Federal Security Service (FSB) Center 18, has been observed deploying a sophisticated worm dubbed GammaWorm that conceals its components within... enigma-global.com/og/report/gama…

Thousands of Attacks Per Day: The Mass Exploitation of Citrix NetScaler The Patch Was Ready. The Attackers Were Faster... read now on: enigma-global.com/og/blog/mass-e…

Screening Serpens Blinds EDR Tools Before the Fight Even Starts read now on: enigma-global.com/og/blog/screen…

Intel Report [CRITICAL] - A coordinated wave of destructive cyberattacks attributed to Iranian state-linked threat actors has targeted organizations across the Middle East, United States, and Western nations following the U.S.-Israeli military strikes... enigma-global.com/og/report/iran…

Intel Report [CRITICAL] - Multiple critical vulnerabilities affecting the Windows Netlogon service have been identified and are being actively exploited or have public proof-of-concept exploits available. These vulnerabilities collectively target the... enigma-global.com/og/report/mult…

Intel Report [CRITICAL] - An Iran-nexus advanced persistent threat group known as Screening Serpens (also tracked as UNC1549, Smoke Sandstorm, and Iranian Dream Job) has been conducting sophisticated cyber espionage campaigns against entities in the... enigma-global.com/og/report/iran…

Intel Report [HIGH] - A sophisticated cyber espionage campaign codenamed Operation Dragon Weave has been identified targeting government, research, academic, technology, and financial sectors in the Czech Republic and Taiwan. The campaign, attributed... enigma-global.com/og/report/oper…

One Packet to Rule Them All: CVE-2026-41089 and the Netlogon Crisis read now on: enigma-global.com/og/blog/cve-20…

The Key Taped to the Door: How CVE-2026-8732 Hands WordPress Sites to Attackers read now on: enigma-global.com/og/blog/wp-map…

The Cookie Forger: How a Cryptographic Shortcut Opened Palo Alto VPNs That single log line was the first confirmed signal of active exploitation of CVE-2026-0257, a bypass vulnerability in PAN-OS that PaloAlto had disclosed just five days earlier. enigma-global.com/blog/palo-alto…

The Pipeline Is the Target: How Trusted Dev Tools Became Weapons A modern CI/CD pipeline is a trust engine. Code enters at one end; tested, deployable artifacts emerge at the other. Every tool referenced along that path inherits the pipeline's trust. enigma-global.com/og/blog/truste…

GREYVIBE: The AI-Powered Espionage Crew That Kept Tripping Over Its Own Code. read now: enigma-global.com/blog/greyvibe-…

Seventeen Million Ghosts: Inside the Dutch Takedown of a Nameless Botnet. read now: enigma-global.com/blog/dutch-tak…

In March 2026, multiple state-sponsored threat actors—primarily Chinese and Iranian—have been observed exploiting the ongoing US-Israeli military conflict with Iran to conduct cyber espionage campaigns against critical... enigma-global.com/og/report/chin…

On or around April 1, 2026, the ShinyHunters extortion group successfully breached Charter Communications, the operator of the Spectrum brand and one of the largest telecommunications providers in the United States. The... enigma-global.com/og/report/char…

The North Korean state-sponsored threat group Kimsuky (also tracked as APT43, Velvet Chollima, Black Banshee, THALLIUM, and Emerald Sleet) has expanded its offensive capabilities with new malware tools including HTTPSpy and... enigma-global.com/og/report/kims…