Cyber Security
China Bans Claude Code After CNVDB Backdoor Advisory
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
HalluSquatting Turns AI Package Hallucinations Into Botnet Traps
Chrome 150 Patches Two Critical Use-After-Free Flaws in Ozone, Views
CMU Research: Copilot’s Safety Refusals Fail 100% in Workflow Mode
Friendly Fire PoC Turns Claude Code and Codex Into Malware Launchers
DigitalMint Employee Sentenced for BlackCat Ransomware Conspiracy
Ill Bloom Flaw Drained $3.1M by Breaking Wallet Seed Randomness
Threat Actors Use Aged GitHub Accounts to Map Corporate Orgs
Microsoft Discloses GigaWiper: Disk Wiper Hidden Behind Fake Ransom
GodDamn Ransomware Uses PoisonX Driver to Kill EDR Before Encrypting
Injective Labs’ npm SDK Poisoned to Steal Crypto Wallet Credentials
Helix Group Uses Vishing and Device Code Flow to Steal SharePoint Data
Forg365 PhaaS Combines AiTM and Device Code Flow to Target M365
200 GitHub Repos Used as Dead Drop C2 Network for Windows Malware
Palo Alto Networks Patches 13 PAN-OS Flaws Including Auth Bypass
NHS Forth Valley Employee Emails Maternity Data to Personal Account
EU Parliament Falls Short of Votes to Block Chat Control Return
OpenMandriva Linux Contributor Attempted Code Sabotage After Dispute
Seven FatFs Flaws Threaten Cameras, Drones, and Crypto Wallets
Microsoft Warns AI Tools Will Accelerate Windows Patch Volumes
IPNetwork Monitor Adds Native PostgreSQL Monitoring and One-Click Zabbix Import to Its Self-Hosted Platform
CISA Adds ColdFusion, Langflow, Two Joomla CVEs to KEV
Ubiquiti Patches Seven Critical UniFi OS Flaws, 100K at Risk
Accenture Confirms Breach After Hacker Lists 35 GB for Sale
Cisco Talos Exposes UAT-7810 LONGLEASH Backdoor on Ruckus Routers
UK NCSC Publishes Cyber Shield Blueprint for AI Defense
BonkDAO Loses $20M After Attacker Buys Quorum with ~$4M
Eight Predatorgate Victims Sue Intellexa for €8 Million
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
CVE Vulnerability Alerts
Microsoft Patches RoguePlanet Defender Zero-Day CVE-2026-50656
Microsoft silently patched CVE-2026-50656 RoguePlanet via a Defender engine update, ending over three weeks of confirmed active SYSTEM privilege exploitation.
Application Security
GhostApproval: Symlink Flaw Lets Attackers Hijack AI Agent Approvals
Wiz Research's GhostApproval attack uses symlinks in cloned repositories to trick six AI coding agents into writing attacker SSH keys behind a fake approval dialog.
Cybersecurity
SCMBANKER Targets Mexican Banking With AI-Written PowerShell
Elastic Security Labs found REF6045 deploying SCMBANKER, an AI-written PowerShell toolkit that lets operators control Mexican banking sessions live and hijack transfers.
Cybersecurity
China Bans Claude Code After CNVDB Backdoor Advisory
China's CNVDB directed developers to uninstall three months of Claude Code versions, citing unauthorized data collection. Alibaba banned the tool for all employees.
Application Security
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
Socket found 17 malicious npm and PyPI packages impersonating Paysafe, Skrill, and Neteller SDKs that stole AWS keys and payment credentials while returning fake success ...
Application Security
HalluSquatting Turns AI Package Hallucinations Into Botnet Traps
Tel Aviv University and Intuit documented HalluSquatting: AI coding tools hallucinate package names up to 100% of the time, which attackers preregister with malicious payloads.
Application Security
Chrome 150 Patches Two Critical Use-After-Free Flaws in Ozone, Views
Google released Chrome 150.0.7871.114/.115 patching 27 vulnerabilities including two critical use-after-free bugs in Ozone and Views.
Application Security
CMU Research: Copilot’s Safety Refusals Fail 100% in Workflow Mode
Carnegie Mellon researchers found GitHub Copilot refuses harmful prompts 99% of the time in chat but produced harmful code in all 816 workflow-mode tests across ...
Application Security
Friendly Fire PoC Turns Claude Code and Codex Into Malware Launchers
AI Now Institute's Friendly Fire PoC shows Claude Code and Codex in security-audit mode will execute disguised malware when seeded with strings from a legitimate ...
Cybersecurity
DigitalMint Employee Sentenced for BlackCat Ransomware Conspiracy
A former DigitalMint employee received 70 months in prison for conspiring with BlackCat ransomware operators while posing as a trusted victim recovery advisor.
Application Security
Ill Bloom Flaw Drained $3.1M by Breaking Wallet Seed Randomness
Coinspect disclosed Ill Bloom, a weak entropy flaw in cryptocurrency wallet seed phrase generation that let attackers drain $3.1 million from affected wallets.
Cybersecurity
Threat Actors Use Aged GitHub Accounts to Map Corporate Orgs
Datadog Security Labs found threat actors using aged GitHub accounts to map corporate organization members and repositories before launching targeted attacks.
Cybersecurity
Microsoft Discloses GigaWiper: Disk Wiper Hidden Behind Fake Ransom
Microsoft disclosed GigaWiper, a Windows backdoor combining a real disk wiper, fake ransomware encryption, and multi-pass file overwriting in a single payload.
Cybersecurity
GodDamn Ransomware Uses PoisonX Driver to Kill EDR Before Encrypting
Symantec identified GodDamn ransomware using a kernel driver named PoisonX via the BYOVD technique to kill security software before file encryption begins.
Application Security
Injective Labs’ npm SDK Poisoned to Steal Crypto Wallet Credentials
Attackers compromised Injective Labs' repository and injected credential-stealing code into the authentic npm SDK packages used by DeFi blockchain developers.
Cybersecurity
Helix Group Uses Vishing and Device Code Flow to Steal SharePoint Data
New threat group Helix chains vishing with Microsoft's OAuth Device Code Flow to harvest M365 tokens and exfiltrate SharePoint data for corporate extortion.
Cybersecurity
Forg365 PhaaS Combines AiTM and Device Code Flow to Target M365
Forg365 is a new phishing-as-a-service platform combining AiTM session hijacking and Device Code Flow abuse with AI-generated lures for mass targeting.
Cybersecurity
200 GitHub Repos Used as Dead Drop C2 Network for Windows Malware
Researchers exposed a network of 200 GitHub repositories serving as C2 dead drops for Windows malware, delivered via a malicious Go module and PowerShell chain.
CVE Vulnerability Alerts
Palo Alto Networks Patches 13 PAN-OS Flaws Including Auth Bypass
Palo Alto Networks patched 13 PAN-OS vulnerabilities including buffer overflow, command injection, SSRF, and authentication bypass in its firewall platform.
Cybersecurity
NHS Forth Valley Employee Emails Maternity Data to Personal Account
NHS Forth Valley disclosed a breach after a staff member emailed maternity patient data, including NHS numbers and pregnancy records, to a personal account.
CVE Vulnerability Alerts
Microsoft Patches RoguePlanet Defender Zero-Day CVE-2026-50656
Application Security
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
China Bans Claude Code After CNVDB Backdoor Advisory
China's CNVDB directed developers to uninstall three months of Claude Code versions, citing unauthorized data collection. Alibaba banned the tool for all employees.
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
Socket found 17 malicious npm and PyPI packages impersonating Paysafe, Skrill, and Neteller SDKs that stole AWS keys and payment credentials while returning fake success ...
HalluSquatting Turns AI Package Hallucinations Into Botnet Traps
Tel Aviv University and Intuit documented HalluSquatting: AI coding tools hallucinate package names up to 100% of the time, which attackers preregister with malicious payloads.
Chrome 150 Patches Two Critical Use-After-Free Flaws in Ozone, Views
Google released Chrome 150.0.7871.114/.115 patching 27 vulnerabilities including two critical use-after-free bugs in Ozone and Views.
CMU Research: Copilot’s Safety Refusals Fail 100% in Workflow Mode
Carnegie Mellon researchers found GitHub Copilot refuses harmful prompts 99% of the time in chat but produced harmful code in all 816 workflow-mode tests across ...
Friendly Fire PoC Turns Claude Code and Codex Into Malware Launchers
AI Now Institute's Friendly Fire PoC shows Claude Code and Codex in security-audit mode will execute disguised malware when seeded with strings from a legitimate ...
DigitalMint Employee Sentenced for BlackCat Ransomware Conspiracy
A former DigitalMint employee received 70 months in prison for conspiring with BlackCat ransomware operators while posing as a trusted victim recovery advisor.
Ill Bloom Flaw Drained $3.1M by Breaking Wallet Seed Randomness
Coinspect disclosed Ill Bloom, a weak entropy flaw in cryptocurrency wallet seed phrase generation that let attackers drain $3.1 million from affected wallets.
Threat Actors Use Aged GitHub Accounts to Map Corporate Orgs
Datadog Security Labs found threat actors using aged GitHub accounts to map corporate organization members and repositories before launching targeted attacks.
Microsoft Discloses GigaWiper: Disk Wiper Hidden Behind Fake Ransom
Microsoft disclosed GigaWiper, a Windows backdoor combining a real disk wiper, fake ransomware encryption, and multi-pass file overwriting in a single payload.
GodDamn Ransomware Uses PoisonX Driver to Kill EDR Before Encrypting
Symantec identified GodDamn ransomware using a kernel driver named PoisonX via the BYOVD technique to kill security software before file encryption begins.
Injective Labs’ npm SDK Poisoned to Steal Crypto Wallet Credentials
Attackers compromised Injective Labs' repository and injected credential-stealing code into the authentic npm SDK packages used by DeFi blockchain developers.
Helix Group Uses Vishing and Device Code Flow to Steal SharePoint Data
New threat group Helix chains vishing with Microsoft's OAuth Device Code Flow to harvest M365 tokens and exfiltrate SharePoint data for corporate extortion.
Forg365 PhaaS Combines AiTM and Device Code Flow to Target M365
Forg365 is a new phishing-as-a-service platform combining AiTM session hijacking and Device Code Flow abuse with AI-generated lures for mass targeting.
200 GitHub Repos Used as Dead Drop C2 Network for Windows Malware
Researchers exposed a network of 200 GitHub repositories serving as C2 dead drops for Windows malware, delivered via a malicious Go module and PowerShell chain.
Palo Alto Networks Patches 13 PAN-OS Flaws Including Auth Bypass
Palo Alto Networks patched 13 PAN-OS vulnerabilities including buffer overflow, command injection, SSRF, and authentication bypass in its firewall platform.
NHS Forth Valley Employee Emails Maternity Data to Personal Account
NHS Forth Valley disclosed a breach after a staff member emailed maternity patient data, including NHS numbers and pregnancy records, to a personal account.
EU Parliament Falls Short of Votes to Block Chat Control Return
European Parliament voted 314-276 against EU Chat Control but fell short of the 360-seat absolute majority needed to block the message scanning law's return.
OpenMandriva Linux Contributor Attempted Code Sabotage After Dispute
OpenMandriva Linux caught a contributor sabotage attempt before production, disclosing the insider supply chain attack after an internal community dispute.
Seven FatFs Flaws Threaten Cameras, Drones, and Crypto Wallets
runZero disclosed seven unpatched vulnerabilities in the FatFs filesystem library affecting hundreds of millions of IoT devices, drones, and hardware wallets.