Telegram Channels Expose Rapid Weaponization of SmarterMail Flaws
Security researchers observed threat actors rapidly sharing proof-of-concept exploits and stolen administrator credentials related to CVE-2026-24423 and CVE-2026-23760 within underground Telegram channels and forums. The critical flaws enable remote code execution and authentication bypass on exposed SmarterMail servers, and weaponization occurred within days of public disclosure.
Source: BleepingComputer

AI in the Middle: Web-Based AI Services Used as C2 Proxies
Threat actors are increasingly leveraging legitimate AI service domains as command and control proxies, blending malicious traffic into normal enterprise activity. AI tools are also being used to generate phishing content, write scripts, analyze stolen data, and even develop full C2 frameworks, significantly reducing operational cost and time-to-scale for attackers.
Source: Check Point Research

Firebase Misconfiguration Exposed 300 Million AI App Messages
An exposed Firebase database leaked approximately 300 million messages belonging to more than 25 million users of the Chat & Ask AI application. As the app acts as a gateway to multiple major AI models, the configuration error had a broad privacy impact across its global user base.
Source: Hackread

CISA Warns of Critical Honeywell CCTV Authentication Bypass
CISA issued an alert regarding CVE-2026-1670, a critical vulnerability affecting multiple Honeywell CCTV products. The flaw allows unauthenticated attackers to change password recovery email addresses, enabling account takeover and unauthorized access to camera feeds. The vulnerability carries a CVSS score of 9.8.
Source: BleepingComputer

GrayCharlie Hijacks Law Firm Websites in Suspected Supply Chain Attack
The threat actor GrayCharlie compromised WordPress websites and injected malicious JavaScript that redirected visitors to NetSupport RAT payloads delivered through fake browser update pages. A cluster of compromised U.S. law firm websites suggests a potential supply chain compromise involving a shared IT provider.
Source: Recorded Future