THREAT FEED

Zero-day vulnerability in Zoom client versions prior to 6.1.2 allows unauthenticated attackers to join private meetings without a passcode. Exploit bypasses the waiting room feature and has been observed in targeted attacks against corporate meetings.

Critical vulnerability discovered in Xfinity xFi gateway routers allowing unauthenticated remote code execution. Firmware versions prior to 3.2.1 are affected. Attackers can gain full control of the router and intercept all network traffic.

Attackers exploiting misconfigured Slack incoming webhooks to exfiltrate sensitive data from private channels. Organizations with default webhook permissions are particularly vulnerable. Data is sent to attacker-controlled servers via outbound webhook posts.

New attack vector exploiting Google Workspace OAuth consent flow to steal long-lived access tokens. Malicious third-party apps request broad permissions and exfiltrate email, Drive, and Calendar data. Particularly targeting organizations using Slack-Gmail integrations.

Compromised npm packages discovered containing backdoors that exfiltrate environment variables and SSH keys. Over 45,000 downloads before removal. Developers using VS Code and Slack desktop apps with Node.js backends may be affected.

Critical vulnerability in Microsoft Outlook allows remote code execution via specially crafted calendar invitations. No user interaction required. Affects Outlook desktop clients on Windows. Patch available in March 2026 security update.

Man-in-the-middle attacks detected on NYC subway Wi-Fi networks. Attackers intercepting unencrypted traffic and injecting malicious content into HTTP connections. Email credentials sent over non-HTTPS connections are at risk.