ThreatsDay: C2 in the Middle East, AKS Priv‑Esc, Kali365 MFA bypass and supply‑chain attacks

Colleagues, please note: the latest ThreatsDay roundup highlights several critical incidents.
- Hunt.io found over 1,350 C2 servers in the region; botnets and offensive frameworks dominate.
- A Priv‑Esc in Azure Backup for AKS (CVSS 9.9) has been patched; it allowed cluster‑admin takeover.
- Attackers trojanized DAEMON Tools by signing malicious binaries; CISA added the incident to KEV.
- Kali365 and device‑code phishing have emerged to bypass MFA; vaultjacking shows the risk of decrypting Google Vault if PINs are compromised.
Why it matters: these attacks exploit trust and weak processes — patch, tighten audit, and harden supply‑chain verification.
How do you plan to respond in your organization?
#cybersecurity #incidents #MFA #supplychain


Latest comments
No comments yet.