
Hello all,
This week was thankfully somewhat quiet, with the normal level of vulnerabilities. Next week is Patch Tuesday, so expect an incoming tsunami of things to prioritize. Now that’s not to say that this week didn’t have any notable items, there definitely were, such as our headline items from Palo Alto, Ubiquiti, Veeam, and Zimbra. And there are plenty other items that you should check out.
Headline NEWS:
- Palo Alto Networks Patches 13 Vulnerabilities the worst of these can achieve a Denial of Service (DoS) and potentially arbitrary code execution. Prisma Access Agent has defects that make it susceptible to Man in the Middle (MitM) attacks via VPN traffic interception and DLP bypass. Additionally, there were over 500 defects patched in Palo Alto’s Prisma browser, which is based on Chromium. If you have Palo in your network, update soon.
- Ubiquiti Inc. unleashed 25 Security Advisories, what most of us call patches, last week. They are for products such as UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UnifiOS. Some of these are critical, so don’t wait on updating.
- Veeam has released an update for Veeam Backup & Replication. A defect has been identified in the Veeam Backup BinaryFormatter that can enable an authenticated domain user to execute code on backup servers. There is a mitigation available, and there is also a patch. The majority of Veeam defects found lately are not exploitable if vendor configuration guidance is followed and you don’t domain join your Veeam Backup & Recovery server, leaving it as a Workgroup server. Seems a lot easier to me, but maybe you like patching often.
- Zimbra Collaboration Suite is a popular mail server that has two interfaces, a classic Ajax webmail one, and a modern web version. The Ajax one is faster and tends to be preferred. It is also preferred by threat actors that have discovered a Cross Site Scripting (XSS) flaw that enables a specially crafted email to execute a threat actor’s code when the email is opened. If your enterprise uses the Classic Web Client, the Ajax version, upgrade immediately. While not known to be currently exploited, it is only a matter of time now.
In Ransomware, Malware, and Vulnerabilities News:
- Extortion crew hijacks Microsoft 365 accounts via fake passkey setup is an evil-genius method of gaining access to someone’s account. The user receives notification or a voice call informing them that they need to upgrade their security to use Passkeys. The threat actor then walks the use through a process that appears nearly identical to actually enrolling a passkey. However, it is actually a very clever Man-in-the-Middle (MitM) attack to steal a session token while the user is occupied with the things on screen. In reality they are not registering a Passkey, merely being tricked into giving up their current credential and session token. Remember, Microsoft will not call you – ever. If your own tech support calls out of the blue for something like this, hang up and call them on a number you know is correct to reach them.
In Other News Events of Note and Interest:
- Microsoft GDID (Global Device Identifier). Contained in the notes of the FBI takedown of an evil dirtbag member of the Scattered Spider ransomware group, it was revealed that every Windows device that has a Microsoft account has a unique, unalterable GDID. This GDID is logged by all sorts of and telemetry on the internet and by various providers. Since we haven’t heard much about this before, I suspect it wasn’t widely known it existed. For anyone who is privacy focused, this should send a chill up your spine. According to reports, the only way to change the GDID is to do a fresh install of Windows. Otherwise, your activity is correlatable anywhere that your Windows machine’s GDID is visible. Note that if you log into your Microsoft account after a fresh reinstall, your new GDID is now also registered to your account. Many vendors such as Apple and Google have similar ID’s, but they are transparent about their use and location. Microsoft has been very secretive about it thus far. I expect that this GDID-Bleed (I coined it first) will grow like a mushroom.
Musings
Information is not the problem. We have lots of information. In fact, we have an overwhelming, massively excessive, insistently invasive, and perniciously persistent amount of information knocking on the synapses of our brains every day. The human psyche was not designed to ingest, process, and digest the vast and varied inputs that hammer against us every waking moment. Social Media has developed a curated steam of items that are designed to make us feel we’re missing out if we don’t read about how the mating ritual of the Japanese white-spotted pufferfish creates elaborate geometric patterns in the sand, or that Big Brutus was the world’s largest steam shovel (actually electric). Why do I need to know this? I don’t. But there is so much vying for my time and attention that it just slips on in. I must do a better job of filtering what I allow. Yes, there is a time and place to expand my horizons, to learn about things such as the world’s largest sewing needle in Sacramento, California, but it should not consume what precious little time I have allocated to me every day. Since my livelihood is in the Information Technology sphere, I’m not quite sure how to escape the information glut, but I’m aware and am starting to push back. How about you?

Keep the shields up!
Viscount Jan Broucinek
Headline NEWS
- Palo Alto Networks Patches 13 Vulnerabilities
- Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
- Veeam Backup BinaryFormatter Flaw Enables Remote Code Execution
- Zimbra urges customers to patch critical web client XSS flaw
Ransomware, Malware, and Vulnerabilities News
- Good News, Government News, and Interesting
- CISA orders feds to patch max severity ColdFusion flaw by Friday
- CISA orders feds to prioritize patching Langflow auth bypass flaw
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
- Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
- Microsoft device telemetry key to unmasking alleged Scattered Spider hacker
- NetNut cracked as Google and FBI target 2 million-device botnet
- Canadian spy agency says it hacked drug traffickers, extremists, and a ransomware gang last year
- Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks
- Police arrests 5,800 suspects in global anti-fraud crackdown
- Vulnerabilities and Exploits
- Chrome Update Patches 27 Vulnerabilities including Two Code Execution Flaws
- No (Bad) CAP: Inside an Ongoing LSHIY Password Spray Attack
- New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
- Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
- 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
- Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks
- CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
- Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)
- Kerberos Reflection LPE CVE-2026-26128 PoC Released
- Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability
- LG and Alienware monitors caught auto-installing Windows adware
- Multiple PHP Vulnerabilities Enable DoS and Memory Corruption Attacks
- Wireshark 4.6.7 patches a dozen security flaws
- New highly destructive Windows backdoor known as GigaWiper
- Phishing, Malware, and Similar
- Extortion crew hijacks Microsoft 365 accounts via fake passkey setup
- New Ghost Phishing Wave Is Breaking Traditional Email Security
- New Forg365 phishing platform uses AI to target Microsoft 365 accounts
- New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
- Fake IT support calls on Microsoft Teams push EtherRAT malware
- Chinese hackers develop LONGLEASH malware to expand ORB network
- AnyDesk Phishing Attack Uses Scheduled Task Persistence and Artifact Deletion to Evade Detection
- Vidar Infostealer Hammers SMBs via Malvertising Campaign
- New Helix vishing group emerges in SharePoint data theft attacks
- Breaches, Leaks, and Ransomware
- US Government Agency Paid $1M to Data Extortion Group Kairos
- Russian hackers steal government logins
- Moody Bible Institute breach leaves 2.3M accounts needing salvation
- Moody Bible Institute Data Breach Exposes 2.3 Million Email Addresses
- The ‘first’ AI-run ransomware attack still needed a human
- JadePuffer ransomware used AI agent to automate entire attack
- Accenture confirms breach after hacker offers stolen data for sale
- Accenture Confirms Data Breach After Hacker Claims Source Code Theft
- AssuranceAmerica data breach exposes records of 6.9 million drivers
- A Puerto Rico Government Agency Exposed 1 Million Social Security Numbers
- ‘GodDamn’ Ransomware Uses BYOVD to Smite US Companies
- What leaked messages tell us about global hacking gang Conti
Other News Events of Note and Interest
- Allstate Insurance quits Broadcom, alleges vengeful license audit on the way out
- Another German state heads down the open source sovereignty road
- Cloud repatriation is back on the agenda
- OpenSSH 10.4 arrives with security fixes and a post-quantum signature option
- Apple’s Liquid Glass is having problems… again
- Apple loses challenges against EU rules to curb Big Tech
- Chrome Web Store policy updates: Enhancing user privacy and platform integrity
- How tech workers are feeling in 2026: a workforce splitting in two
- All Cars Sold in the EU Now Require a Camera Aimed at Your Face. It’s Still Not Clear Where That Data Goes
- Meta is Quietly Launching Pocket, an App for Vibe-coding and Scrolling Small ‘Gizmos’
- Why Brands Must Stop the Rise of Blanding
- DuckDuckGo Browser Can Now Block Video Ads, Including YouTube’s
- Google Workspace Updates: Streamline identity lifecycle management in Google Workspace with new inbound SCIM support
- Ethernet at 50: How a half-century-old technology keeps reinventing itself
- AI, LLM’s, and Skynet
- Suspecting AI cheating, Ivy League prof ordered an in-person final; scores fell 50%
- A global workspace in language models
- Anthropic says Claude has carved out its own space to ponder
- Claude Sonnet 5 won’t follow commands, argues with users, and tells them to go to sleep
- SpaceXAI releases Grok 4.5, which Elon describes as an ‘Opus-class model’
- Elon Musk praises Mythos/Fable, promises not to ‘cut off’ Anthropic
- ByteDance debuts Seedream 5.0 Pro with advanced reasoning
- Available today: OpenAI’s GPT-5.6 in Microsoft 365 Copilot
- The Quest to Make Humanoid Robots Safe Enough for Humans
- The Robots are here – Why Unitree matters
- Humanoid robots controlled by surgeons did world-first operation on live pigs
- Midjourney wants Hollywood studios to reveal the details of their AI usage
- Anthropic says Alibaba must be punished for largest Claude cloning attack
- China’s cybersecurity standard on AI agent deployment
- Meta debuts Muse Image, Superintelligence Labs’ first AI image model
- Introducing Muse Image: Image Generation Built for Your World
- Introducing GPT‑Live (via) OpenAI finally upgraded the model used by ChatGPT voice mode!
- The People Who Will Thrive in the AI Age
- Govern AI agent identities and access the same way you govern your employees
- Microsoft expects more Windows security updates from AI-discovered flaws
- Microsoft is rewriting Windows patch guidance because of AI
- Why AI has made security hard
- Microsoft
- Microsoft Confirms Windows GDID Device Identifier That Cannot Be Disabled, Documented in FBI Case Filing
- I stopped using Wireshark for first-line troubleshooting after discovering Windows’ built-in packet capture tool
- Windows settings backup becoming a new resilience baseline
- Unexpected Windows bloat is due to bug, not by design
- Upcoming retirement of OWA Light in Exchange Server
- Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
- Microsoft’s new Windows 11 recovery tool is the ultimate Undo button – how to enable it
- Microsoft confirms Secure Boot update failing on some Windows 11 PCs, blocks update due to known issues
- Cross-Tenant Message Recall in Exchange Online
