Dragon Bytes

Dragon Bytes

Delivering weekly insights, research, and threat indicators to help security professionals track emerging threats and intelligence.

Episodes

  1. 3D AGO

    Dragon Bytes: The "Trust Nothing" Update

    This week on Dragon Bytes, we break down the operational fires you need to fight now and the emerging threats you’ll be fighting tomorrow. We cover the critical "Ni8mare" RCE in n8n automation tools, the new "ClickFix" social engineering waves hitting hospitality, and the "Zombie" D-Link routers building massive botnets. Plus, we dive into China-linked UAT-7290 targeting telcos and why Black Cat ransomware is poisoning your Google search results. Topics & References: Part 1: Emerging Threats The "Ni8mare" RCE (CVE-2026-21858): Critical unauthenticated remote code execution in n8n workflow automation tools. Read more: Horizon3.ai Analysis "ClickFix" Phishing Campaign: Fake "Blue Screen of Death" pages forcing users to run malicious PowerShell scripts. Currently targeting the European hospitality sector. Read more: Computing.co.uk Report "MongoBleed" (CVE-2025-14847): Unauthenticated memory leak in MongoDB exposing sensitive RAM data. Read more: Rapid7 Advisory "Ghost Tap" NFC Fraud: Android malware bridging the gap between cyber and physical payment terminal fraud. Read more: Inetco Research "ZombieAgent" AI Flaw: Embedding hidden text in documents to hijack AI agents via indirect prompt injection. Read more: SecurityBrief Asia GoBruteforcer Botnet: Golang-based malware targeting Linux servers to reach Web3/Crypto assets. Read more: BleepingComputer Part 2: Operational Fires D-Link "Zombie" RCE (CVE-2026-0625): Active exploitation of legacy D-Link DSL routers to build residential botnets. Read more: SC Media Report APT Alert: UAT-7290: China-linked espionage group using "Operational Relay Boxes" (ORBs) to target Telecommunications and Defense sectors. Read more: Infosecurity Magazine Black Cat Ransomware SEO Poisoning: The ransomware gang is now poisoning search results for IT tools like "WinSCP" and "Notepad++". Read more: News4Hackers Supply Chain & Breaches: Fake WinRAR Installers: Malwarebytes Ledger / Global-e Breach: Ledger Support NordVPN Breach Claim (Denied): NordVPN Blog Connect with Us: Subscribe to the Dragon News Bytes feed: Team Cymru Disclaimer: The views expressed in this podcast are those of the hosts and do not necessarily reflect the official policy or position of our employers.

    30 min
  • 1 Episode

About

Delivering weekly insights, research, and threat indicators to help security professionals track emerging threats and intelligence.

Information

  • Creator
    Dragon Bytes
  • Years Active
    2K
  • Episodes
    1
  • Rating
    Clean
  • Copyright
    © Dragon Bytes
  • Show Website
    Dragon Bytes