Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

During routine Dark Web Monitoring activities, Our Threat Intelligence Team identified a newly active ransomware operation calling itself The Green Blood Group. The group operates a dedicated Tor-based leak site and follows a double-extortion model, threatening public disclosure of victim data when negotiations fail. The screenshot shown above captures the group’s Tor portal in its current state.

CVE-2026-24858 is a critical authentication bypass vulnerability(CWE-288: Authentication Bypass Using an Alternate Path or Channel) in Fortinet products. It affects FortiOS, FortiAnalyzer, FortiManager, and potentially FortiProxy. An attacker with a FortiCloud account and registered device can log into devices registered to other accounts if FortiCloud SSO is enabled. Disclosed January 27, 2026, as actively exploited zero-day. CVSS 9.4 (some sources cite 9.8).

Let’s be honest: in 2026, the traditional “firewall” is a bit of a relic. Having spent years analyzing how threat actors operate, I can tell you they aren’t banging on your front door anymore. Why would they? It’s much easier to build a pixel-perfect replica of your front door down the street and trick your customers into handing over their keys there.

CVE-2026-23745 is a high-severity path traversal flaw in node-tar (the tar library for Node.js). Versions ≤7.5.2 fail to sanitize linkpath in hardlink and symlink entries when preservePaths is false (default secure mode). Malicious tar archives bypass extraction root restrictions, enabling arbitrary file overwrite via hardlinks and symlink poisoning via absolute targets. Discovered January 2026, patched in 7.5.3. Impacts npm ecosystems, CI/CD pipelines, and apps extracting untrusted archives.

CVE-2025-34299 is a critical vulnerability in Monsta FTP, a web-based file transfer tool, unauthenticated arbitrary file write via remote download leading to remote code execution (RCE). Affecting versions 2.11 and earlier, it enables attackers to upload malicious files via a crafted SFTP or FTP connection, compromising servers without credentials. This flaw has seen active exploitation through opportunistic scans. By January 2026, Vulnerable instances remain exposed.

CVE-2025-14847, nicknamed MongoBleed, is a high-severity (CVSS 7.5–8.7) unauthenticated information disclosure vulnerability in MongoDB Server. It allows remote attackers to leak uninitialized heap memory containing sensitive data—such as credentials, API keys, session tokens, and PII—without authentication. Exploitation occurs pre-authentication via malformed zlib-compressed network packets on port 27017.

In the quiet corners of the darknet, threat actors aren’t always looking for a way to break through your front door. Instead, they’re hunting for the “side door”—the niche cloud provider you use for analytics, the marketing firm with access to your customer data, or the logistics partner with a direct line into your ERP. As we move into 2026, Third-Party Risk Management(TPRM) has evolved from a periodic compliance exercise into a high-stakes game of digital chess.

Remote Access Trojans (RATs) continue to be one of the most actively traded malware categories across dark web forums. Their appeal lies in flexibility: a single framework can support espionage, credential theft, ransomware staging, or long-term persistence. Recently our team Identified a dark web actor advertised a tool called“noobsaiBOT”, claiming it to be a fully custom, stealth- focused RAT with source code included, priced at$20,000 and offered as a one-time exclusive sale.

The cybersecurity landscape isn’t just shifting; it’s undergoing a radical metamorphosis. As we look toward 2026, the era of the “script kiddie” is officially over. Today, we face sophisticated AI-driven syndicates and automated botnets that probe vulnerabilities at machine speed. For modern enterprises, the question has shifted from“if” an attack will happen to“how much” of your D igital footprint is already sitting on a dark web forum.

Forget the old-school spreadsheets. In the Agentic Era, a cybersecurity risk assessment is no longer a “once-a-year” event you do for the auditors. It is now a living, breathing strategy of Continuous Exposure Management (CEM). Think of it as a high-tech health check for your company’s digital life. It identifies where you’re bleeding data, who’s trying to cut you, and how to build a digital immune system that fights back.