Malware

The US Cybersecurity and Infrastructure Security Agency (CISA) has identified three vulnerabilities being actively exploited by cyber attackers: CVE-2026-8398 in Daemon Tools Lite, CVE-2026-45321 in TanStack, and CVE-2026-48027 in Nx Console. All three contain embedded malicious code or unspecified security issues. CISA maintains a Known Exploited Vulnerabilities catalog to track threats affecting government systems. While federal agencies must patch these flaws urgently, CISA recommends all organizations prioritize fixing these vulnerabilities as part of their security practices. Regular monitoring and timely updates remain critical for protecting networks from active cyber threats. Source: CISA.

Cybercrime insurance policies are being examined for their effectiveness against Mythos-related threats. As cyber attacks evolve, businesses in India are questioning whether existing insurance coverage adequately protects against emerging malware variants and sophisticated cyber threats. Insurance providers are reassessing policy terms and coverage limits to address modern cybersecurity challenges. Understanding policy exclusions and claim procedures is crucial for Indian organizations seeking comprehensive protection. Experts recommend reviewing coverage details and working with insurers to ensure adequate protection against current threats. Source: Forbes India.

Microsoft is testing automatic device isolation in Defender for Endpoint to help security teams rapidly contain ongoing cyberattacks. The feature acts as a quick network disconnection to prevent attackers from maintaining control and stealing data. However, SANS Institute research warns that misconfigured settings could allow attackers to disable user accounts. Security experts emphasize that such automated defense tools are essential since modern ransomware and malware operate at machine speed, faster than human response. The feature is particularly valuable for under-resourced security teams and helps limit damage spread. Still, these automation capabilities require careful tuning and testing to prevent misuse. No production release date has been announced yet. Source: SecurityWeek.

Microsoft has identified a cryptojacking campaign exploiting SEO poisoning techniques to direct users to malicious websites that hijack GPU resources for cryptocurrency mining. The attackers abuse ScreenConnect remote access software and Microsoft .NET utilities to establish control over high-performance computers. The campaign also leverages AI chatbots to distribute malicious links, expanding its reach. Victims unknowingly allow their systems' processing power to be used for unauthorized mining operations, degrading performance and increasing electricity consumption. Source: Microsoft Security Blog.