Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT
Researchers identified a remote access trojan distributed through multiple malicious Packagist packages posing as Laravel utilities. Packages such as nhattuanbl/lara-helper and nhattuanbl/simple-queue contain identical malicious payloads, while another package automatically installs the RAT through a dependency chain. The campaign demonstrates how supply chain attacks can target PHP developer ecosystems through trusted package repositories.
Source: Socket

Silver Dragon APT Targets Organizations in Southeast Asia and Europe
Check Point researchers are tracking the APT group Silver Dragon, believed to operate under the broader Chinese nexus APT41 umbrella. The group targets organizations in Europe and Southeast Asia using exploitation of internet facing servers and phishing emails with malicious attachments. To maintain persistence, attackers hijack legitimate Windows services so malware activity blends into normal system processes.
Source: Check Point Research

Critical FreeScout Vulnerability Allows Full Server Compromise
A critical vulnerability in the open source help desk platform FreeScout tracked as CVE-2026-28289 enables zero click remote code execution. The flaw bypasses a previously patched vulnerability and allows attackers to manipulate file processing through a malicious .htaccess upload, ultimately enabling full server compromise.
Source: SecurityWeek

VMware Aria Operations Vulnerability Exploited in the Wild
CISA warned that CVE-2026-22719, a high severity command injection vulnerability in VMware Aria Operations, is being actively exploited. The flaw allows unauthenticated attackers to execute arbitrary commands during support assisted product migration processes, potentially leading to remote code execution on affected systems.
Source: SecurityWeek

Critical RCE Flaw in Qwik Framework Enables Server Takeover
A critical vulnerability tracked as CVE-2026-27971 in the Qwik web framework allows attackers to take over servers with a single crafted request. The flaw resides in the framework’s server side communication layer and poses a significant risk to applications built on the platform due to the potential for remote code execution.
Source: SecurityOnline