The BeyondTrust Blog

In cybersecurity, “zero day” is frequently diluted and used as a catch-all for any unpatched vulnerability. This article breaks down the three mandatory elements of a true zero day, illustrating why the distinction between a zero day and a known, but unpatched, flaw is critical for effective defense.

This blog explores how computer use agents can be used to build an agentic command-and-control framework. By combining LLM reasoning with desktop interaction tools, attackers could automate endpoint control while blending into normal system behavior. Here, we break down the architecture, abuse scenarios, and detection opportunities.

Phantom Labs discovered that AWS Bedrock AgentCore Code Interpreter’s sandbox mode allows DNS queries, enabling bypass of network isolation through DNS-based command-and-control. This research details the discovery, proof-of-concept exploit, disclosure timeline, and defensive guidance for organizations using Code Interpreter workloads.

Comprehensive visibility and privileged control provide the necessary foundation for securing agentic AI workloads against emerging identity threats.

On 28 February 2026, the United States and Israel launched Operation Epic Fury. Iran's cyber proxy ecosystem is assessed to be activating in response. This advisory unpacks the primary, near-term risk to technology vendors, PAM providers, and their customers.

As Iranian-aligned cyber activity escalates, identity systems and privileged access pathways are emerging as primary targets. Security leaders must prepare for both immediate disruption and longer-term identity-centric attacks. In this 90-day threat outlook, we examine how nation-state and proxy actors target identity providers, cloud control planes, and privileged access management platforms. Learn which tactics to expect and the defensive steps organizations should take now to reduce risk.