The software supply chain and mobile ecosystems are facing a wave of high-precision exploitation. On the Packagist registry, malicious PHP packages have been found embedding a cross-platform RAT that targets Laravel environments. Simultaneously, Google has uncovered Coruna, a sophisticated iOS exploit kit utilizing 23 different vulnerabilities to compromise iPhones. Furthermore, the rising popularity of the OpenClaw AI agent is being weaponized via malicious GitHub repositories and fake installers that capitalize on Bing AI search results to deliver infostealers to unsuspecting users. Here are the top 10 highlights from the past 24 hours.
01
Cybersecurity researchers have identified malicious PHP packages on Packagist that masquerade as Laravel utilities, enabling a cross-platform RAT affecting Windows, macOS, and Linux systems.
02
Google has identified a new exploit kit named Coruna, also known as CryptoWaters, which targets iOS versions 13.0 to 17.2.1 through five exploit chains and 23 exploits.
03
Silver Dragon, an advanced persistent threat group linked to APT41, has been targeting governments in Europe and Southeast Asia since 2024 using phishing emails and exploiting vulnerable servers.
04
Malware-laced fake installers for the AI agent OpenClaw were distributed via malicious GitHub repositories, targeting users searching Bing AI results for "OpenClaw Windows."
05
A critical vulnerability (CVE-2026-28289) in FreeScout allows RCE without user interaction or authentication. The flaw bypasses security checks using a zero-width space (Unicode U+200B) to manipulate filenames.
06
Researchers have identified a targeted Russian cyber campaign against Ukraine that utilizes two new malware strains, BadPaw and MeowMeow.
07
Cisco recently revealed a critical vulnerability in its Secure Firewall Management Center (FMC) Software that allows unauthenticated remote attackers to gain complete root access to affected devices.
08
A new phishing campaign exploits stolen digital certificates from TrustConnect Software PTY LTD to distribute malware disguised as updates for popular applications like Zoom and Microsoft Teams.
09
The CISA added a high-severity vulnerability, CVE-2026-22719, impacting VMware Aria Operations, to its KEV catalog due to active exploitation.
10
FBI and Europol have successfully dismantled LeakBase, one of the largest online forums for trading stolen credentials and cybercrime tools. The platform had over 142,000 members and hosted more than 215,000 messages.
