MDR
Managed Detection and Response
Overview
Overview
What to expect
Features
Bring calm and confidence
to your cyber security
Security needs
Security needs
What best describes your current situation?
Overview
Overview
Actively looking for a provider
Unhappy with current provider
Want to augment capabilities
Considering outsourcing
Case study
CymruSOC
Protecting vital public services in Wales by detecting and responding to threats, 24/7
Read more
Resources
All resources
Blogs
Case studies
About
About us
Explore our company and values
Company
Company
Partners
News
Careers
Latest insights
Socura named one of the UK's Best Workplaces for Wellbeing and for Development 2026
Read more
Our commitment to responsible AI adoption as a founding signatory of the CREST AI Charter
Read more
Get in touch
Get in touch
Threat
alerts
Stay informed about the latest threats and vulnerabilites
Threat alert
July 1, 2026
CVE-2026-8451: Pre-Authentication Memory Overread in Citrix NetScaler
On June 30, 2026, Citrix released security bulletin CTX696604, addressing a suite of high-severity vulnerabilities affecting customer-managed Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway appliances.
July 1, 2026
Threat alert
June 17, 2026
DragonForce Backdoor.Turn Campaign of Weaponisation Microsoft Teams
Ransomware cartel known as DragonForce, has been observed successfully weaponising Microsoft Teams' network relay infrastructure to mask command-and-control communications. By routing malicious operations through official Microsoft infrastructure, the threat actors rendered their activities virtually indistinguishable from legitimate business collaborations, evading traditional detection mechanisms.
June 18, 2026
Threat alert
June 3, 2026
Supply Chain Worm Campaign Updates (Miasma, TeamPCP, & VS Code Exploit)
Threat actors have officially moved beyond basic "nuisance" typosquatting through deploying sophisticated, automated, and self-propagating worms targeting trusted namespaces. By subverting continuous integration (CI/CD) pipelines and developer IDEs, they have turned the very systems designed to build and secure our code into automated distribution nodes. Recent threat landscape is dominated by TeamPCP and the Shai-Hulud worm, a self-propagating payload is engineered to steal publishing credentials, enumerate every package accessible to those credentials, inject malicious logic, and republish backdoor versions automatically.
June 3, 2026
Threat alert
May 14, 2026
Nightmare-Eclipse: GreenPlasma and YellowKey
In May 2026, a security researcher operating under the pseudonym "Nightmare-Eclipse" disclosed two new zero-day vulnerabilities targeting the Microsoft Windows ecosystem: GreenPlasma and YellowKey. This follows the researcher's previous zero-days (BlueHammer and RedSun) which were actively weaponised shortly after release.
May 20, 2026
Threat alert
May 6, 2026
CVE-2026-0300: Unauthenticated Remote Code Execution in the PAN-OS User-ID Authentication Portal
CVE-2026-0300 is a critical zero-day vulnerability affecting Palo Alto Networks PAN-OS firewalls. The flaw exists within the User-ID™ Authentication Portal and allows an unauthenticated, remote attacker to execute arbitrary code with root privileges via specially crafted network packets.
May 7, 2026
Threat alert
April 29, 2026
Windows Architecture Vulnerabilities: CVE-2026-32202 & PhantomRPC
As traditional security defences improve, advanced threat actors are increasingly targeting foundational architectural components within the Microsoft Windows operating system. Two recent vulnerabilities—CVE-2026-32202 and an unpatched flaw known as "PhantomRPC"—highlight this shift. Attackers are using logical flaws and protocol abuses to achieve stealthy initial access and rapid privilege escalation.
April 29, 2026
Threat alert
April 23, 2026
npm Supply-Chain Worm Attack
A sophisticated, self-propagating supply-chain worm has been identified within the Node Package Manager (npm) ecosystem. Initially spotted on 21 April 2026, the attack targets high-value endpoints, including AI agent tooling and database operations. Threat actors compromised multiple packages linked to Namastex Labs, most notably the embedded PostgreSQL server utility, pgserve. The malware behaves as a highly aggressive infostealer, harvesting developer credentials, browser data, cloud service keys, and cryptocurrency wallets. Crucially, the attack leverages a worm-like mechanism to recursively spread across both the npm and PyPI ecosystems using stolen publish tokens. To ensure persistence and evade law enforcement takedowns, the attackers exfiltrate stolen data to a decentralised Internet Computer Protocol blockchain canister.
April 23, 2026
Threat alert
April 17, 2026
Microsoft Defender Vulnerability Suite (CVE-2026-33825, RedSun, UnDefend)
The April 2026 security landscape was effectively upended by a researcher known as "Nightmare-Eclipse". Driven by a public grievance with Microsoft’s Security Response Center (MSRC) over their vulnerability disclosure process, the researcher released a triad of weaponised zero-day exploits on GitHub. These tools ( BlueHammer, RedSun, and UnDefend ) turned the operating system’s primary defence mechanism into its greatest vulnerability. While Microsoft addressed BlueHammer in its April 2026 Patch Tuesday update, RedSun and UnDefend remain critically unpatched and are actively being exploited in the wild.
April 17, 2026
Threat alert
April 15, 2026
CVE-2026-34621: Adobe Acrobat Reader Prototype Pollution
Adobe released a security update (APSB26-43) to address CVE-2026-34621, a critical zero-day vulnerability in Adobe Acrobat and Reader. Flaw lies in an improperly Controlled Modification of Object Prototype Attributes within the embedded JavaScript engine, has been exploited in the wild since at least November.
April 16, 2026
Next