BBLabs News · EN

One technical cybersecurity story a day. Zero noise.

Technical newsletter de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Chinese APT Webworm targets EU governments using Discord and Microsoft Graph API as covert command-and-control channels.

Restrict Discord and Microsoft Graph API access to only hosts that explicitly need it.
Enable Unified Audit Log in Azure and hunt for registered apps with suspicious Graph permissions.
Detect SoftEther VPN or SOCKS tunnel traffic originating from critical infrastructure hosts.

Public PoC released for CVE-2026-31635 (DirtyDecrypt), a Linux kernel local privilege escalation flaw discovered by Zellic and V12.

Attackers exploit trusted tokens, packages, and accounts across 25 incidents reported this week.

Microsoft open-sources RAMPART and Clarity, two frameworks for security-testing AI agents at development time.

Repo jacking on bundler.io let an attacker claim Bundler's orphaned GitHub repo and inject malicious code into any Ruby project referencing it.

5,718 malicious commits pushed to 5,561 GitHub repos in six hours to steal CI/CD pipeline secrets.

FBI shut down First VPN, a criminal VPN service used by dozens of ransomware groups for network reconnaissance and corporate intrusions.

Infosecurity Europe 2026 brings together ransomware, offensive AI, and critical infrastructure defense as the dominant themes in London.

Anthropic is preparing to roll out Mythos to Claude Code, a restricted model flagged for major security risks to public and private software.