Information security
Information security

Information security

OpenAI gives Japan's megabanks its newest model for cyber defence

Information security

MokN Raises $15 Million for "Phish-Back" Platform

CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks | TechCrunch

Glassworm botnet takedown disrupted malware and password theft targeting open-source developers and supply-chain trust.

Glassworm botnet that targeted OS devs smashed to pieces | Computer Weekly

Glassworm was disrupted by coordinated takedown of its command-and-control infrastructure, stopping malicious payload delivery and underscoring developer-targeted supply-chain risk.

3 hours ago

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

CVE-2026-0257 enables authentication bypass in PAN-OS/Prisma Access GlobalProtect, allowing unauthorized VPN connections and has been actively exploited in the wild.

fromFortune

17 hours ago

The AI arms race in cybersecurity has started. Most companies aren't ready | Fortune

AI-enabled attackers could compress timelines and reduce reliance on social engineering and rare zero-day vulnerabilities.

fromTNW | Openai

OpenAI gives Japan's megabanks its newest model for cyber defence

GPT-5.5-Cyber will be provided to Japan’s major banks via a verified-defender program to strengthen cyber defense as critical infrastructure.

MokN Raises $15 Million for "Phish-Back" Platform

MokN raised $15 million to expand its honeypot-based phish-back identity protection platform, targeting credential abuse and stolen credentials before misuse.

CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks | TechCrunch

Glassworm botnet takedown disrupted malware and password theft targeting open-source developers and supply-chain trust.

Glassworm botnet that targeted OS devs smashed to pieces | Computer Weekly

Glassworm was disrupted by coordinated takedown of its command-and-control infrastructure, stopping malicious payload delivery and underscoring developer-targeted supply-chain risk.

more#cybersecurity

#open-source-security

Why open source faces its biggest security threat in 2026

A major AI-driven cyberattack on open source infrastructure is expected, driven by faster AI, under-resourced maintainers, and credential-harvesting supply-chain tactics.

fromDevOps.com

Information security

IBM, Red Hat Launch Project Lightwell to Secure Open Source Software from Frontier Models - DevOps.com

Project Lightwell is a $5 billion IBM-Red Hat initiative to improve enterprise security for open source software using frontier AI capabilities.

Why open source faces its biggest security threat in 2026

A major AI-driven cyberattack on open source infrastructure is expected, driven by faster AI, under-resourced maintainers, and credential-harvesting supply-chain tactics.

fromDevOps.com

more#open-source-security

IBM, Red Hat Launch Project Lightwell to Secure Open Source Software from Frontier Models - DevOps.com

Project Lightwell is a $5 billion IBM-Red Hat initiative to improve enterprise security for open source software using frontier AI capabilities.

ChatGPT blindly trusts browser content, turning the page into a payload

Untrusted web content can be rendered inside ChatGPT, enabling prompt injection to deliver phishing links, fake alerts, and QR-code redirects that bypass desktop defenses.

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

ChatGPT can be manipulated through Markdown links and images in summarized web pages to trigger prompt injection, phishing, and data leakage.

fromArs Technica

Information security

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

ChatGPT blindly trusts browser content, turning the page into a payload

Untrusted web content can be rendered inside ChatGPT, enabling prompt injection to deliver phishing links, fake alerts, and QR-code redirects that bypass desktop defenses.

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

ChatGPT can be manipulated through Markdown links and images in summarized web pages to trigger prompt injection, phishing, and data leakage.

fromArs Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

Release notes were updated to include a verbatim prompt-injection payload and describe runtime output handling to avoid disrupting human readers.

more#prompt-injection

In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks

Multiple incidents exposed sensitive data, enabled remote compromise, and revealed deep targeting of government communications.

Information security

Carnival Data Breach Exposes Data of Nearly 6 Million Customers

Information security

Carnival cruise line confirmed as latest ShinyHunters victim | Computer Weekly

Information security

6M Impacted by Carnival Cruise Data Breach

In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks

Multiple incidents exposed sensitive data, enabled remote compromise, and revealed deep targeting of government communications.

Carnival Data Breach Exposes Data of Nearly 6 Million Customers

A social engineering attack compromised an employee account, enabling exfiltration of personal data from nearly 6 million Carnival customers.

Carnival cruise line confirmed as latest ShinyHunters victim | Computer Weekly

Carnival confirmed a major data breach affecting nearly six million people after a supply-chain phishing compromise led to theft of personal and identity data.

6M Impacted by Carnival Cruise Data Breach

A social engineering attack enabled unauthorized access to Carnival’s internal IT systems, impacting about six million customers and creating long-term identity and fraud risk.

Certik Unveils Anti-Virus for AI Agents' as Skill Marketplaces Face Hidden Threats

CertiK launched an AI-agent security platform that scans third-party AI skills, scoring execution risks to protect agent ecosystems and marketplaces.

From the Hammer to the Scalpel: The Evolution of Account Takeover

Account takeover attacks have shifted from brute-force credential stuffing to sophisticated social engineering and authorized fraud, requiring AI-driven behavioral analytics and defense-in-depth.

How to protect Windows 10 and 11 PCs from ransomware

Controlled Folder Access in Windows 10 and 11 restricts file access to vetted apps to reduce ransomware damage.

The Gentlemen emerging as key ransomware player | Computer Weekly

The Gentlemen ransomware gang is rapidly evolving into a RaaS operation using advanced encryption and affiliate proxy malware to scale extortion attacks across platforms.

fromComputerworld

How to protect Windows 10 and 11 PCs from ransomware

Controlled Folder Access in Windows 10 and 11 restricts file access to vetted apps to reduce ransomware damage.

The Gentlemen emerging as key ransomware player | Computer Weekly

The Gentlemen ransomware gang is rapidly evolving into a RaaS operation using advanced encryption and affiliate proxy malware to scale extortion attacks across platforms.

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An LLM-driven agent used a Marimo RCE vulnerability to steal cloud credentials, retrieve an SSH private key, and exfiltrate an internal PostgreSQL database via SSH.

12 hours ago

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

A single npm user published 14 malicious packages impersonating OpenSearch/Elasticsearch libraries to steal AWS, Vault, and CI/CD secrets.

fromnews.bitcoin.com

#zero-day-vulnerabilities

Quantus Warns Quantum Computers Could Threaten $2T in Bitcoin and Crypto Assets

Quantum computing timelines for breaking public-key cryptography have compressed, making blockchain migration planning urgent before 2030.

Information security

Microsoft hits out over irresponsible vulnerability disclosure | Computer Weekly

Six zero-day vulnerabilities were published as proof-of-concept hacks without prior coordination, prompting Microsoft to say customers faced unnecessary risk.

fromNextgov.com

AI is compressing attack timelines. Here's how agencies can respond.

AI-assisted vulnerability discovery is accelerating exploitation timelines, widening the public-sector gap between attacker speed and defender remediation capacity.

Microsoft hits out over irresponsible vulnerability disclosure | Computer Weekly

Six zero-day vulnerabilities were published as proof-of-concept hacks without prior coordination, prompting Microsoft to say customers faced unnecessary risk.

fromNextgov.com

more#zero-day-vulnerabilities

AI is compressing attack timelines. Here's how agencies can respond.

AI-assisted vulnerability discovery is accelerating exploitation timelines, widening the public-sector gap between attacker speed and defender remediation capacity.

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Malicious NuGet package impersonates Sicoob SDK to exfiltrate client IDs and PFX certificates, enabling impersonation of Sicoob banking integrations and theft of payment data.

17 hours ago

Microsoft under fire for threatening security researcher with criminal investigation | TechCrunch

Microsoft threatens legal action and law enforcement involvement over publicly disclosed, unpatched vulnerabilities and exploit code in Microsoft products.

Chrome 148 Update Patches 151 Vulnerabilities

Chrome 148 patches 151 vulnerabilities, including 22 critical flaws, mostly use-after-free bugs that can enable remote code execution and sandbox escape.

fromnews.bitcoin.com

Stake DAO Freezes Arbitrum vsdCRV Markets After Attacker Mints 5.4T Synthetic Tokens

An Arbitrum exploit enabled unauthorized infinite minting of synthetic vsdCRV tokens, inflating supply and draining about $91,000 before containment and sunsetting affected markets.

Gogs Zero-Day Exposes Servers to Remote Code Execution

Authenticated attackers can exploit an argument injection flaw in Gogs pull-request rebasing to achieve remote code execution as the Gogs server user.

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

A critical unauthenticated-by-privilege RCE flaw in Gogs affects default installs and lacks an official patch, enabling full server compromise and credential theft.

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Authenticated users can trigger remote code execution in Gogs by creating a pull request with a malicious branch name that injects --exec into git rebase.

21 hours ago

Gogs Zero-Day Exposes Servers to Remote Code Execution

Authenticated attackers can exploit an argument injection flaw in Gogs pull-request rebasing to achieve remote code execution as the Gogs server user.

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

A critical unauthenticated-by-privilege RCE flaw in Gogs affects default installs and lacks an official patch, enabling full server compromise and credential theft.

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Authenticated users can trigger remote code execution in Gogs by creating a pull request with a malicious branch name that injects --exec into git rebase.

more#gogs

Russia-linked threat group put ChatGPT to work from lure to payload

Researchers at WithSecure say a previously undocumented threat group, tracked as "GREYVIBE," has been using OpenAI's ChatGPT, Google's Gemini, and Ideogram AI across almost every stage of its operations targeting Ukraine. The campaign has hit military, government, civilian, and business organizations since at least August 2025.

Information security

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to intelligence gathering efforts aimed at Ukraine in the context of the ongoing Russo-Ukrainian war.

Information security

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

Kimsuky used spoofed security installation and Webex pages to deliver HTTPSpy malware targeting South Korean military and corporate entities in March–April 2026.

fromB&T

Meta Ramps Up Efforts To Combat FIFA World Cup Scams

Scams tied to the FIFA World Cup 2026 are rising across Meta platforms, using fake merchandise, malicious ads, and impersonation to steal personal and passport details.

DNS-AID will make AI agents easier to discover, says Linux Foundation

Domain owners can create a well-known _index._agents.{domain} address to enable scalable, secure, protocol-compatible agent discovery via DNS-AID.

fromNew York Post

AI drones are changing warfare - but they're easy to sabotage, and a Brooklyn engineer wants to change that

AI-powered drones can be jammed or spoofed, and a vision-based Visual Positioning System enables real-time navigation and guidance using onboard cameras and edge computing.

fromZDNET

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Bumblebee is an open-source, read-only scanner that checks developer machines for risky packages, extensions, and AI tool configurations during supply-chain incidents.

Supply chain battles intensify as takedowns meet AI-driven noise

Coordinated takedowns can sever malware control and raise attacker costs, but rapid reconstitution and automated false positives make impacts temporary.

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Supply-chain compromise and trojanized, signed binaries enable attackers to bypass trust and quickly escalate minor footholds into full account compromise.

Raising the Cybersecurity Stakes: Ante up for the Agentic Era

Enterprises adopting AI must include a cybersecurity strategy, because agentic attacks outpace manual remediation and expand risk across assets, identity, and decision context.

from24/7 Wall St.

Palo Alto Is Positioning for the Next Security Supercycle as AI Threats Go Vertical

Powerful agentic AI models can strengthen defenses by helping firms find and fix vulnerabilities before AI-armed attackers emerge.

Raising the Cybersecurity Stakes: Ante up for the Agentic Era

Enterprises adopting AI must include a cybersecurity strategy, because agentic attacks outpace manual remediation and expand risk across assets, identity, and decision context.

from24/7 Wall St.

Palo Alto Is Positioning for the Next Security Supercycle as AI Threats Go Vertical

Powerful agentic AI models can strengthen defenses by helping firms find and fix vulnerabilities before AI-armed attackers emerge.

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors exploited a patched FortiClient EMS flaw to push credential-stealing malware through trusted management, using PowerShell and configuration changes to target managed endpoints.

Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks

CVE-2026-35616 in FortiClient EMS enables unauthenticated remote code execution, and attackers are exploiting it to deploy EKZ Infostealer via managed VPN scripting workflows.

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors exploited a patched FortiClient EMS flaw to push credential-stealing malware through trusted management, using PowerShell and configuration changes to target managed endpoints.

#software-supply-chain-attacks

Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks

CVE-2026-35616 in FortiClient EMS enables unauthenticated remote code execution, and attackers are exploiting it to deploy EKZ Infostealer via managed VPN scripting workflows.

Russia-Linked 'GreyVibe' Attackers Use AI to Supercharge Cyberattacks

Attackers use AI to scale and improve operations, and GreyVibe shows intensive AI use with malware design flaws suggesting mixed capabilities.

CrowdStrike takes down Glassworm botnet

Glassworm used compromised developer accounts and malicious extensions and packages to infiltrate CI/CD pipelines, enabling credential theft, data theft, and remote control at scale.

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm targets software developers via trojanized extensions and packages, then steals credentials and data; CrowdStrike, Google, and Shadowserver disrupted its C2 channels.

CrowdStrike takes down Glassworm botnet

Glassworm used compromised developer accounts and malicious extensions and packages to infiltrate CI/CD pipelines, enabling credential theft, data theft, and remote control at scale.

more#software-supply-chain-attacks

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm targets software developers via trojanized extensions and packages, then steals credentials and data; CrowdStrike, Google, and Shadowserver disrupted its C2 channels.

Hackers are trying to steal Signal users' backups in new wave of phishing attacks | TechCrunch

Hackers use Signal phishing messages to trick users into sharing recovery keys, risking permanent loss of backups and potential account takeover.

Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks

Google AI Threat Defense is an always-on autonomous platform that uses AI to detect AI-powered threats, predict attack paths, and deploy verified patches faster than attackers exploit vulnerabilities.

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

A financially motivated actor uses recruitment-themed social engineering and custom macOS malware to compromise cryptocurrency organizations and steal digital assets via CI/CD infrastructure.

AI Agent Conducted a Cyberattack on Its Own - It Took Less Than One Hour

An AI-driven LLM agent executed a full intrusion chain in under an hour, exploiting a notebook, stealing AWS credentials, pivoting via SSH, and exfiltrating PostgreSQL data.

Gitea Vulnerability Exposed 30,000 Deployments to Attacks

CVE-2026-27771 let unauthenticated users pull private container images from affected Gitea instances via anonymous registry requests.

Gitea Vulnerability Exposes Private Container Images without Authentication

Unauthenticated attackers can pull private container images from vulnerable Gitea instances without credentials; update to 1.26.2 or use a signin-required workaround.

Gitea Vulnerability Exposed 30,000 Deployments to Attacks

CVE-2026-27771 let unauthenticated users pull private container images from affected Gitea instances via anonymous registry requests.

Gitea Vulnerability Exposes Private Container Images without Authentication

Unauthenticated attackers can pull private container images from vulnerable Gitea instances without credentials; update to 1.26.2 or use a signin-required workaround.

more#gitea

National cyber shield could be ready in five years | Computer Weekly

GCHQ plans a national AI-driven cyber shield using agentic AI to detect and repair threats to critical infrastructure at machine speed within five years.

Microsoft lets Defender automatically isolate infected PCs

Defender for Endpoint can automatically isolate suspicious workstations from corporate networks while keeping secure cloud connectivity for remote investigation and response.

AI agents get their own phone directory built atop DNS

AI agents can discover and connect to each other via DNS using DNS-AID, avoiding fragile configurations and new registries.

#phishing

fromWIRED

Information security

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Windows Users Targeted in New Phishing Campaign

A phishing campaign uses purchase-order emails to deliver encrypted JavaScript that decrypts PowerShell, performs process hollowing, and downloads adaptive modules via remote C2.

FBI Warns: 'Kali365' Phishing Service Targets Microsoft 365 Accounts

Kali365 phishing-as-a-service hijacks Microsoft 365 accounts by abusing device code authentication to capture OAuth tokens without passwords or additional MFA.

fromWIRED

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Criminals use real reservation details to run credential-phishing scams that trick hotel staff and guests into fake verification or payment flows.

Windows Users Targeted in New Phishing Campaign

A phishing campaign uses purchase-order emails to deliver encrypted JavaScript that decrypts PowerShell, performs process hollowing, and downloads adaptive modules via remote C2.

FBI Warns: 'Kali365' Phishing Service Targets Microsoft 365 Accounts

Kali365 phishing-as-a-service hijacks Microsoft 365 accounts by abusing device code authentication to capture OAuth tokens without passwords or additional MFA.

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft urges coordinated vulnerability disclosure so vendors can assess impact and issue protections before public release.

Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops

Microsoft says six Windows zero-days were not reported through official channels before public release, and three are being exploited after public proof-of-concept code appeared.

Microsoft tests the 15-character limit of Windows Server admins' patience

When the hostname is 15 characters long, DCLocator calls (for example, using nltest /dsgetdc:<domain> /pdc) will return ERROR_INVALID_PARAMETER, preventing applications and administrative tools from locating a domain controller.

Information security

GPU mining malware spreads via SEO poisoning, AI chatbots

Threat actors use SEO poisoning and AI chatbot recommendations to deliver malicious utility downloads that install ScreenConnect and additional malware for persistent cryptojacking access.

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

AI chatbot queries can be used to deliver cryptojacking payloads by steering users to attacker-controlled download sites that impersonate legitimate utilities.

fromBleepingComputer

GPU mining malware spreads via SEO poisoning, AI chatbots

Threat actors use SEO poisoning and AI chatbot recommendations to deliver malicious utility downloads that install ScreenConnect and additional malware for persistent cryptojacking access.

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

AI chatbot queries can be used to deliver cryptojacking payloads by steering users to attacker-controlled download sites that impersonate legitimate utilities.

India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat

Patch, mitigate, or remove exposure to known exploited internet-facing or crown-jewel vulnerabilities within 12 hours where feasible, while other cases allow 24 hours.

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

Employees use many AI tools without IT review, creating a shadow AI gap that bypasses security visibility and requires a safe, approved adoption program.

JFrog Report Surfaces Need for Rapid DevSecOps Change in AI Era - DevOps.com

Cybercriminals increasingly target AI tools and platforms used in application development, while organizations struggle to secure AI-generated code and workflows.

fromSilicon Canals

A Google Cloud developer woke up to a $17,000 bill from API calls he never made, and the part that actually matters is what it reveals about how cloud platforms define their own security standards - Silicon Canals

Security and governance must be built into AI and data platforms from the start, not added afterward, as real incidents show ongoing API key and billing risks.

Bosses blinded by confidence about shadow AI use by workers

More than half of organizations reported AI-related security incidents or near misses, driven by unapproved employee AI tools and shadow AI usage.

Information security

Anthropic Releases New Claude Sandbox, Security Guidance Plugin

fromDevOps.com

JFrog Report Surfaces Need for Rapid DevSecOps Change in AI Era - DevOps.com

Cybercriminals increasingly target AI tools and platforms used in application development, while organizations struggle to secure AI-generated code and workflows.

fromSilicon Canals

A Google Cloud developer woke up to a $17,000 bill from API calls he never made, and the part that actually matters is what it reveals about how cloud platforms define their own security standards - Silicon Canals

Security and governance must be built into AI and data platforms from the start, not added afterward, as real incidents show ongoing API key and billing risks.

Bosses blinded by confidence about shadow AI use by workers

More than half of organizations reported AI-related security incidents or near misses, driven by unapproved employee AI tools and shadow AI usage.

Anthropic Releases New Claude Sandbox, Security Guidance Plugin

Claude AI adds a self-hosted sandbox for managed agents and a security guidance plugin that scans code edits and commits for vulnerabilities.

'SymJack' Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems

SymJack hijacks a symlink in AI coding workflows to plant a malicious MCP server, causing attacker code to run unsandboxed and potentially compromise CI pipelines.

Vulnerability in open-source component puts AI platforms at risk

CVE-2026-48710 in Starlette enables HTTP Host header manipulation to bypass access controls, risking internal server exposure and credential access for AI agents.

Information security

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Vulnerability in open-source component puts AI platforms at risk

CVE-2026-48710 in Starlette enables HTTP Host header manipulation to bypass access controls, risking internal server exposure and credential access for AI agents.

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

A malformed Host header can bypass Starlette host-validation, letting unauthenticated attackers evade access controls across LLM gateways, MCP servers, and agent infrastructure.

Microsoft previews automatic device isolation in Defender for Endpoint

Automatic device isolation in Defender for Endpoint can rapidly cut off attacks, but must be carefully tuned to prevent attackers from disabling accounts.

CrowdStrike, Google shatter Glassworm botnet

Glassworm botnet was disrupted by severing command-and-control channels, stopping credential theft and malicious payload delivery targeting developers via poisoned packages.

fromFast Company

The FBI just dropped its 2025 internet crime report. Here are 6 big takeaways

Internet crime complaints exceeded 1 million in 2025, with losses over $20 billion, driven by rapidly growing AI-enabled scams and persistent phishing and spoofing.

FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data

Silent Ransom Group impersonates IT support to gain remote access, exfiltrate data, and extort victims after phishing and social engineering attacks.

CrowdStrike, Google shatter Glassworm botnet

Glassworm botnet was disrupted by severing command-and-control channels, stopping credential theft and malicious payload delivery targeting developers via poisoned packages.

fromFast Company

The FBI just dropped its 2025 internet crime report. Here are 6 big takeaways

Internet crime complaints exceeded 1 million in 2025, with losses over $20 billion, driven by rapidly growing AI-enabled scams and persistent phishing and spoofing.

FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data

Silent Ransom Group impersonates IT support to gain remote access, exfiltrate data, and extort victims after phishing and social engineering attacks.

more#cybercrime

fromApp Developer Magazine

Anthropic investigation opened after Mythos accessed by Discord group

AI-driven analysis compresses vulnerability timelines, making defenders prioritize and remediate what matters fast enough to prevent real-world exploitation.

3 SOC Steps that Shut Down Incident Risks Early

Modern SOCs reduce business uncertainty by shrinking time from change to understanding, using updated threat visibility, immediate context, and frictionless investigation outputs.

Microsoft is tightening restrictions on the use of unsafe code in C#

Unsafe in C# will become an explicit, propagating contract requiring unsafe operations to be contained in unsafe blocks and declared at method boundaries.

GlassWorm Botnet Disrupted

GlassWorm’s four command-and-control channels were simultaneously taken down, cutting off access to infected machines and stopping fresh payload delivery.

How to guarantee a speaker gig: Hack the system. Literally

Stored XSS in pretalx lets attackers inject HTML/JavaScript via searchable fields, enabling takeover of organizer sessions through CSRF token access.

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate

Pretalx vulnerability allows attackers to silently execute malicious code in organizers' browsers, compromising multiple conferences simultaneously.

How to guarantee a speaker gig: Hack the system. Literally

Stored XSS in pretalx lets attackers inject HTML/JavaScript via searchable fields, enabling takeover of organizer sessions through CSRF token access.

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate

Pretalx vulnerability allows attackers to silently execute malicious code in organizers' browsers, compromising multiple conferences simultaneously.

Malware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token

An npm package targeting Claude users stole GitHub data, leaked its own token, and affected all versions, requiring immediate token revocation and file checks.

The Credential Crisis: How Stolen Credentials Defeat Modern Security

Preventing credential compromise and operating securely after credentials are compromised is difficult and not improving.

fromBitcoin Magazine

Casa Launches Four Security Features To Combat Rising Social Engineering Attacks On Bitcoin Holders

Casa released four opt-in security features to counter social engineering by adding verification steps, address whitelisting delays, and transaction holds.

fromComputerworld

Another IT governance headache: AI-enabled sanction evasion

AI models enable North Korea and Iran to evade sanctions and detection through fraud, phishing, and automated financial laundering tactics.

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

A malicious npm package steals local files from /mnt/user-data and uploads them to an attacker-controlled GitHub repository during postinstall.

When your biggest security risk has never signed a contract | Computer Weekly

Identity governance must shift from human lifecycle permissions to real-time, zero-trust monitoring for autonomous agents and non-human identities.

fromForbes

Why Delaying Zero Trust Can Be Financially Irresponsible

Security controls often lag behind evolving networks, letting small weaknesses enable initial access and lateral movement that compounds risk into major financial losses.

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Two banking trojan campaigns target Latin America and Europe, using Grandoreiro on Windows via DLL side-loading and BTMOB on Android to steal credentials.

fromFortune

The U.K.'s top spy says the window to stay ahead of China and Russia is narrowing and cybersecurity needs to become '10 times more urgent' | Fortune

Russia and China are intensifying espionage and hybrid operations against Western nations, while AI-enabled warfare and a limited response window heighten urgency for allies.

fromZDNET

Rust will save Linux from AI, says Greg Kroah-Hartman

Rust can reduce Linux kernel security bugs by preventing common C error-handling and resource-management failures.

fromTNW | Data-Security

NATO signs cyber partnerships with Microsoft, Palo Alto, ESET

NATO formalised non-commercial cybersecurity partnerships with Microsoft, Palo Alto Networks, and ESET to share threat intelligence, best practices, and coordinate cyber defence activities.

fromwww.bbc.com