The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025. The large-scale exploitation campaign has been codenamed 

In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute, hundreds of applications within the typical enterprise remain disconnected from centralized identity systems. These "dark

is-localhost-ip 2.0.0 - SSRF

Fortinet FortiWeb v8.0.1 - Auth Bypass

Windows Kernel - Elevation of Privilege

Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation

ASP.net 8.0.10 - Bypass

Grafana 11.6.0 - SSRF

Zhiyuan OA - arbitrary file upload leading