Key TakeawaysEspionage Allegations: A 60-year-old civilian employee of Poland's Ministry of National Defense has been detained on suspicion of spying for a foreign intelligence agency.Foreign…

Key TakeawaysRecord Exposure: The ShinyHunters hacking group claims to have compromised more than 2.2 million records from Harvard University and the University of Pennsylvania.Sensitive Data…

Key TakeawaysRapid Escalation: Sysdig observed a threat actor escalate from initial access to administrative privileges in an AWS environment in under 10 minutes.AI-Driven Tactics: The…

Key TakeawaysContextual Manipulation: The DockerDash flaw enables the weaponization of image metadata, turning AI context into executable instructions for Docker's Ask Gordon AI.Dual Attack Vectors:…

Key TakeawaysEspionage Campaign: A suspected Chinese state-sponsored group selectively poisoned Notepad++ updates for six months in 2025.Malware Deployment: Attackers deployed a novel backdoor via a…

Key TakeawaysReputation Whitewashing: Civil society groups accuse NSO Group of using the Pall Mall Process to rehabilitate its image.Diplomatic Rejection: Officials clarified that NSO Group…

John Landry – SyncraSys John Landry has joined SyncraSys as chief operating officer, taking responsibility for operational readiness and organizational scale. In the role, he…

Key TakeawaysGovernment Target: A Ministerio de Ciencia, Innovación y Universidades breach was claimed on a hacking forum.Flaw Exploitation: The actor claims to have exploited an…

Key TakeawaysTargeted Lure: Weaponized Excel files disguised as lists of protesters killed during the Dey 1404 protests target investigators documenting human rights abuses in Iran.AI-Accelerated…

Key TakeawaysRegistry Infiltration: Threat actors successfully compromised a developer account on the Open VSX registry to publish malicious updates.Malware Deployment: Four widely used extensions delivered…

Key TakeawaysSocial Engineering: Threat actors are leveraging vishing and victim-branded credential harvesting sites to compromise SSO credentials and MFA codes.Targeted Escalation: They exfiltrate sensitive data…

This week’s news shows cyber risk entering a more dangerous phase. In France, the Waltio breach demonstrated how leaked crypto data can place individuals at…

Key TakeawaysIPVanish Threat Protection Pro: New beta feature blocks malware, phishing, trackers, harmful downloads even without VPNWindows beta availability: Feature included with IPVanish Advanced plan…

Key TakeawaysSignificant Degradation: Google's Threat Intelligence Group reduced the IPIDEA network's available devices by millions, used by over 550 distinct threat groups.Two Guilty Pleas: The…

Key TakeawaysZero-Day Discovery: Security researchers have identified two critical RCE flaws in Ivanti Endpoint Manager Mobile (EPMM) that are currently being exploited in the wild.Active…

Key TakeawaysOperational Impact: A significant network disruption has taken specific New Britain City Hall systems offline, though police and fire services remain fully operational.Incident Response:…

Key TakeawaysVendor Compromise: Fintech firm Marquis attributes its recent data breach to a compromised SonicWall-managed firewall configuration.Ransomware Impact: The attack enabled threat actors to bypass…

Key TakeawaysThree groups: Activity linked to LABYRINTH CHOLLIMA now maps to three distinct adversaries.Focus: Two groups prioritize cryptocurrency revenue, while core operations remain focused on…

Key TakeawaysChatGPT uploads: Acting CISA director Madhu Gottumukkala uploaded contracting documents on ChatGPT, triggering security alerts.AI access exception: Gottumukkala received temporary permission to use ChatGPT,…

Key TakeawaysCyberGhost server misuse: BiuBiu VPN Chrome extension hijacked free servers; 20 million users affected; no data breached.Security discovery: Researchers found hidden traffic routing during…