Cyber Security
Progress Orders ShareFile SZC Server Shutdown Over Security Threat
RedHook Android RAT Gains Shell Access via Wireless ADB Loopback
Ryuk Ransomware Broker Pleads Guilty in $15M Bitcoin Theft Case
Ghostcommit PNG Attack Tricks AI Code Reviewers into Leaking .env
Compromised jscrambler npm Package Drops Rust Infostealer on Devs
Binarly Finds Six U-Boot CVEs That Break Secure Boot on 50+ Firmware
Google TAG Finds Critical Stored XSS in Zimbra Classic Web Client
Australia’s ASD Warns of Active Campaign Exploiting 17 CMS CVEs
Microsoft Patches RoguePlanet Defender Zero-Day CVE-2026-50656
GhostApproval: Symlink Flaw Lets Attackers Hijack AI Agent Approvals
SCMBANKER Targets Mexican Banking With AI-Written PowerShell
China Bans Claude Code After CNVDB Backdoor Advisory
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
HalluSquatting Turns AI Package Hallucinations Into Botnet Traps
Chrome 150 Patches Two Critical Use-After-Free Flaws in Ozone, Views
CMU Research: Copilot’s Safety Refusals Fail 100% in Workflow Mode
Friendly Fire PoC Turns Claude Code and Codex Into Malware Launchers
DigitalMint Employee Sentenced for BlackCat Ransomware Conspiracy
Ill Bloom Flaw Drained $3.1M by Breaking Wallet Seed Randomness
Threat Actors Use Aged GitHub Accounts to Map Corporate Orgs
Microsoft Discloses GigaWiper: Disk Wiper Hidden Behind Fake Ransom
GodDamn Ransomware Uses PoisonX Driver to Kill EDR Before Encrypting
Injective Labs’ npm SDK Poisoned to Steal Crypto Wallet Credentials
Helix Group Uses Vishing and Device Code Flow to Steal SharePoint Data
Forg365 PhaaS Combines AiTM and Device Code Flow to Target M365
200 GitHub Repos Used as Dead Drop C2 Network for Windows Malware
Palo Alto Networks Patches 13 PAN-OS Flaws Including Auth Bypass
NHS Forth Valley Employee Emails Maternity Data to Personal Account
EU Parliament Falls Short of Votes to Block Chat Control Return
OpenMandriva Linux Contributor Attempted Code Sabotage After Dispute
Cybersecurity
Nine-Nation Advisory Flags FSB Center 16 Router Attacks
Cybersecurity agencies from nine countries issued a joint advisory on FSB Center 16 router attacks targeting energy, healthcare, and defense sectors globally.
Cybersecurity
Open Server Exposes Three Concurrent Evilginx M365 Operations
French security firm Lexfo discovered three Evilginx M365 phishing campaigns after attackers left a Python HTTP server with directory listing exposed.
Application Security
CISA Adds Two CVSS 10.0 Joomla Extension Zero-Days to KEV
CISA added CVE-2026-48939 and CVE-2026-56291 to KEV with a same-day federal deadline after both Joomla extension zero-days were exploited before disclosure.
Application Security
Progress Orders ShareFile SZC Server Shutdown Over Security Threat
Progress Software ordered ShareFile Storage Zone Controller customers to shut down internet-facing servers amid an undisclosed security threat investigation.
Cybersecurity
RedHook Android RAT Gains Shell Access via Wireless ADB Loopback
Group-IB analyzed a new RedHook Android RAT variant that gains shell-level access by turning the device into its own ADB client via loopback, without rooting.
Cybersecurity
Ryuk Ransomware Broker Pleads Guilty in $15M Bitcoin Theft Case
Armenian national Karen Vardanyan pleaded guilty to enabling Ryuk ransomware attacks on U.S. organizations that yielded about 1,610 Bitcoin for the gang.
Application Security
Ghostcommit PNG Attack Tricks AI Code Reviewers into Leaking .env
UMKC researchers demonstrated Ghostcommit, a PNG-based prompt injection attack that tricks AI code reviewers into exfiltrating .env secrets as code constants.
Application Security
Compromised jscrambler npm Package Drops Rust Infostealer on Devs
An attacker compromised jscrambler's npm credentials and published five malicious versions dropping a Rust infostealer targeting cloud and AI credentials.
CVE Vulnerability Alerts
Binarly Finds Six U-Boot CVEs That Break Secure Boot on 50+ Firmware
Binarly disclosed six flaws in U-Boot's FIT signature verification subsystem, including two RCEs that bypass Secure Boot across more than 50 firmware releases.
Application Security
Google TAG Finds Critical Stored XSS in Zimbra Classic Web Client
Google's Threat Analysis Group found a critical stored XSS flaw in the Zimbra Classic Web Client that allows mailbox takeover via a single crafted email.
Application Security
Australia’s ASD Warns of Active Campaign Exploiting 17 CMS CVEs
Australia's Signals Directorate warned of an active global campaign scanning for 17 known CVEs across WordPress, Joomla, and other public-facing CMS platforms.
CVE Vulnerability Alerts
Microsoft Patches RoguePlanet Defender Zero-Day CVE-2026-50656
Microsoft silently patched CVE-2026-50656 RoguePlanet via a Defender engine update, ending over three weeks of confirmed active SYSTEM privilege exploitation.
Application Security
GhostApproval: Symlink Flaw Lets Attackers Hijack AI Agent Approvals
Wiz Research's GhostApproval attack uses symlinks in cloned repositories to trick six AI coding agents into writing attacker SSH keys behind a fake approval dialog.
Cybersecurity
SCMBANKER Targets Mexican Banking With AI-Written PowerShell
Elastic Security Labs found REF6045 deploying SCMBANKER, an AI-written PowerShell toolkit that lets operators control Mexican banking sessions live and hijack transfers.
Cybersecurity
China Bans Claude Code After CNVDB Backdoor Advisory
China's CNVDB directed developers to uninstall three months of Claude Code versions, citing unauthorized data collection. Alibaba banned the tool for all employees.
Application Security
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
Socket found 17 malicious npm and PyPI packages impersonating Paysafe, Skrill, and Neteller SDKs that stole AWS keys and payment credentials while returning fake success ...
Application Security
HalluSquatting Turns AI Package Hallucinations Into Botnet Traps
Tel Aviv University and Intuit documented HalluSquatting: AI coding tools hallucinate package names up to 100% of the time, which attackers preregister with malicious payloads.
Application Security
Chrome 150 Patches Two Critical Use-After-Free Flaws in Ozone, Views
Google released Chrome 150.0.7871.114/.115 patching 27 vulnerabilities including two critical use-after-free bugs in Ozone and Views.
Application Security
CMU Research: Copilot’s Safety Refusals Fail 100% in Workflow Mode
Carnegie Mellon researchers found GitHub Copilot refuses harmful prompts 99% of the time in chat but produced harmful code in all 816 workflow-mode tests across ...
Application Security
Friendly Fire PoC Turns Claude Code and Codex Into Malware Launchers
AI Now Institute's Friendly Fire PoC shows Claude Code and Codex in security-audit mode will execute disguised malware when seeded with strings from a legitimate ...
Cybersecurity
Nine-Nation Advisory Flags FSB Center 16 Router Attacks
Application Security
Progress Orders ShareFile SZC Server Shutdown Over Security Threat
Cybersecurity
Ryuk Ransomware Broker Pleads Guilty in $15M Bitcoin Theft Case
Cybersecurity
DigitalMint Employee Sentenced for BlackCat Ransomware Conspiracy

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Cybersecurity
Nine-Nation Advisory Flags FSB Center 16 Router Attacks
Application Security
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
Application Security
Friendly Fire PoC Turns Claude Code and Codex Into Malware Launchers
Cybersecurity
200 GitHub Repos Used as Dead Drop C2 Network for Windows Malware
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Progress Orders ShareFile SZC Server Shutdown Over Security Threat
Progress Software ordered ShareFile Storage Zone Controller customers to shut down internet-facing servers amid an undisclosed security threat investigation.
RedHook Android RAT Gains Shell Access via Wireless ADB Loopback
Group-IB analyzed a new RedHook Android RAT variant that gains shell-level access by turning the device into its own ADB client via loopback, without rooting.
Ryuk Ransomware Broker Pleads Guilty in $15M Bitcoin Theft Case
Armenian national Karen Vardanyan pleaded guilty to enabling Ryuk ransomware attacks on U.S. organizations that yielded about 1,610 Bitcoin for the gang.
Ghostcommit PNG Attack Tricks AI Code Reviewers into Leaking .env
UMKC researchers demonstrated Ghostcommit, a PNG-based prompt injection attack that tricks AI code reviewers into exfiltrating .env secrets as code constants.
Compromised jscrambler npm Package Drops Rust Infostealer on Devs
An attacker compromised jscrambler's npm credentials and published five malicious versions dropping a Rust infostealer targeting cloud and AI credentials.
Binarly Finds Six U-Boot CVEs That Break Secure Boot on 50+ Firmware
Binarly disclosed six flaws in U-Boot's FIT signature verification subsystem, including two RCEs that bypass Secure Boot across more than 50 firmware releases.
Google TAG Finds Critical Stored XSS in Zimbra Classic Web Client
Google's Threat Analysis Group found a critical stored XSS flaw in the Zimbra Classic Web Client that allows mailbox takeover via a single crafted email.
Australia’s ASD Warns of Active Campaign Exploiting 17 CMS CVEs
Australia's Signals Directorate warned of an active global campaign scanning for 17 known CVEs across WordPress, Joomla, and other public-facing CMS platforms.
Microsoft Patches RoguePlanet Defender Zero-Day CVE-2026-50656
Microsoft silently patched CVE-2026-50656 RoguePlanet via a Defender engine update, ending over three weeks of confirmed active SYSTEM privilege exploitation.
GhostApproval: Symlink Flaw Lets Attackers Hijack AI Agent Approvals
Wiz Research's GhostApproval attack uses symlinks in cloned repositories to trick six AI coding agents into writing attacker SSH keys behind a fake approval dialog.
SCMBANKER Targets Mexican Banking With AI-Written PowerShell
Elastic Security Labs found REF6045 deploying SCMBANKER, an AI-written PowerShell toolkit that lets operators control Mexican banking sessions live and hijack transfers.
China Bans Claude Code After CNVDB Backdoor Advisory
China's CNVDB directed developers to uninstall three months of Claude Code versions, citing unauthorized data collection. Alibaba banned the tool for all employees.
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
Socket found 17 malicious npm and PyPI packages impersonating Paysafe, Skrill, and Neteller SDKs that stole AWS keys and payment credentials while returning fake success ...
HalluSquatting Turns AI Package Hallucinations Into Botnet Traps
Tel Aviv University and Intuit documented HalluSquatting: AI coding tools hallucinate package names up to 100% of the time, which attackers preregister with malicious payloads.
Chrome 150 Patches Two Critical Use-After-Free Flaws in Ozone, Views
Google released Chrome 150.0.7871.114/.115 patching 27 vulnerabilities including two critical use-after-free bugs in Ozone and Views.
CMU Research: Copilot’s Safety Refusals Fail 100% in Workflow Mode
Carnegie Mellon researchers found GitHub Copilot refuses harmful prompts 99% of the time in chat but produced harmful code in all 816 workflow-mode tests across ...
Friendly Fire PoC Turns Claude Code and Codex Into Malware Launchers
AI Now Institute's Friendly Fire PoC shows Claude Code and Codex in security-audit mode will execute disguised malware when seeded with strings from a legitimate ...
DigitalMint Employee Sentenced for BlackCat Ransomware Conspiracy
A former DigitalMint employee received 70 months in prison for conspiring with BlackCat ransomware operators while posing as a trusted victim recovery advisor.
Ill Bloom Flaw Drained $3.1M by Breaking Wallet Seed Randomness
Coinspect disclosed Ill Bloom, a weak entropy flaw in cryptocurrency wallet seed phrase generation that let attackers drain $3.1 million from affected wallets.
Threat Actors Use Aged GitHub Accounts to Map Corporate Orgs
Datadog Security Labs found threat actors using aged GitHub accounts to map corporate organization members and repositories before launching targeted attacks.