# Top Stories

CISA and NCSC warned that Firestarter malware infected a federal agency's Cisco Firepower device running ASA software in September 2025, providing persistent backdoor access that survives security patches and firmware updates. The malware maintains remote access capabilities even after standard remediation efforts, highlighting a critical threat to federal network infrastructure.

Researchers disclosed Pack2TheRoot, a vulnerability in the PackageKit daemon that allows local Linux users to escalate privileges to root by exploiting package installation and removal functions. The flaw affects multiple Linux distributions and could enable attackers with initial system access to gain complete administrative control.

CVE-2026-33626, a Server-Side Request Forgery vulnerability in LMDeploy (an open-source LLM toolkit), was exploited in the wild within 13 hours of public disclosure. The high-severity flaw (CVSS 7.5) allows attackers to access sensitive data through SSRF attacks against AI model deployment infrastructure.

TeamPCP compromised the Bitwarden CLI NPM package (@bitwarden/[email protected]) in a supply chain attack, injecting malicious code into the 'bw1.js' file. The attack is part of a broader Checkmarx supply chain campaign targeting developer tools and password management infrastructure.

Over 10,000 Zimbra Collaboration Suite instances exposed online are vulnerable to ongoing XSS attacks exploiting a cross-site scripting security flaw. The widespread exposure affects email and collaboration systems globally, enabling potential data theft and session hijacking.

Home security giant ADT confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen customer data unless a ransom is paid. The breach compromises personal information of ADT customers, adding to growing concerns about security companies themselves being targeted.

Kaspersky discovered 26 malicious cryptocurrency wallet apps on the Apple App Store that impersonate legitimate wallets to steal recovery phrases and private keys, active since fall 2025. The fake apps redirect users to browser pages mimicking the App Store to distribute trojanized versions of popular wallet software.

NASA's OIG revealed a Chinese national posed as a U.S. researcher in a multi-year spear-phishing campaign targeting NASA employees, government entities, universities, and private companies to obtain sensitive information in violation of export control laws. The operation successfully duped NASA personnel into providing access to defense-related software and technologies.

Tropic Trooper deployed a trojanized SumatraPDF reader to deliver the AdaptixC2 Beacon and abuse Microsoft Visual Studio Code tunnels for remote access in attacks targeting Chinese-speaking individuals. The campaign demonstrates the APT group's evolution toward legitimate software abuse for persistent access.

ESET discovered GopherWhisper, a new China-aligned APT group targeting 12 Mongolian government systems using Go-based backdoors, injectors, and loaders since November 2023. The group leverages cloud services including Slack, Discord, Microsoft Outlook, and file.io for command and control communications.