Windows Defender Is Crying Wolf: The Nemucod False Positive Hitting Microsoft Teams Users Today
24 Mar 2026 Peter Bassill
Multiple Defender alerts for Trojan:JS/Nemucod are firing across Windows environments today — but the file being flagged is a legitimate Microsoft Teams update. Here is everything you need to know.
Speagle Malware Hijacks Cobra DocGuard to Exfiltrate Data via Compromised Legitimate Servers
20 Mar 2026 Peter Bassill
Symantec and Carbon Black researchers have uncovered Speagle, a novel parasitic malware that abuses the Cobra DocGuard document security platform to harvest sensitive data and exfiltrate it through the software's own compromised server infrastructure — masking malicious traffic as legitimate client-server communications. The campaign, tracked as Runningcrab, appears to specifically target organisations with Cobra DocGuard installed.
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Unauthenticated Root Access
20 Mar 2026 Peter Bassill
Interlock ransomware exploited Cisco Secure Firewall Management Center zero-day CVE-2026-20131 (CVSS 10.0) as early as January 2026 — over a month before public disclosure. We examine the full attack chain, the tooling exposed by the threat actor's own opsec failure, and the mitigations every defender should apply immediately.