Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.
CISA Warns of Data Theft Bug in NSA-Built OT Networking Tool
A critical vulnerability, CVE-2026-6807, has been discovered in an NSA-built networking tool that could allow hackers to steal sensitive information by exploiting an XML parsing weakness. If left unpatched, this flaw could lead to devastating data breaches.
Malware Targets SAP npm Packages in Supply Chain Attack
A new supply-chain attack campaign, dubbed mini Shai-Hulud, is targeting SAP-related npm packages, delivering credential-stealing malware that threatens JavaScript and cloud applications. This sneaky attack puts sensitive data at risk, and experts are warning of a potentially massive impact.
cPanel Rushes Emergency Update to Fix Auth Bypass Bug
A critical security vulnerability in cPanel software has been discovered, allowing unauthorized access to the control panel, prompting immediate action from providers like Namecheap to protect customers. cPanel has since rushed out an emergency update to fix the authentication bypass bug affecting all currently supported versions.
North Korea Targets Developers with AI-Generated npm Malware
Security researchers have uncovered a sneaky malware campaign targeting developers, involving a malicious npm package called @validate-sdk/v2 that's designed to steal sensitive secrets, including crypto-wallet credentials. This tainted package, linked to a North Korean threat actor, was cleverly disguised as a utility SDK for legitimate tasks like hashing and validation.
Cursor Flaw Exposes Developer API Keys to Unrestricted Access
A single design flaw in the AI-powered development tool Cursor has been found to expose developer API keys to unrestricted access, earning a high-severity CVSS score of 8.2. This vulnerability stems from Cursor's weak storage design, which stores sensitive authentication data in a locally accessible SQLite database without proper protection.
Ransomware Drives 90% of Manufacturing Cyber Losses
Ransomware is wreaking havoc on the manufacturing sector, responsible for a staggering 90% of total cyber losses - despite accounting for just a small fraction of claims. When ransomware strikes, the financial blow is severe, highlighting the urgent need for robust security measures.
Police Disrupt €50 Million Crypto Investment Fraud Ring
A massive €50 million crypto investment fraud ring has been dismantled thanks to a joint investigation by Austrian and Albanian authorities, supported by Europol and Eurojust, resulting in the arrest of 10 suspects and the seizure of cash and electronic devices. The alleged scammers, operating from call centres in Albania, left a trail of financial devastation across Italy, Germany, Greece, Spain, Canada, and the UK.
AI-Assisted Code Targets Crypto Wallets via Malicious npm Dependency
Researchers have uncovered a sneaky malicious npm campaign, dubbed PromptMink, linked to North Korean hackers Famous Chollima, which targets crypto developers with fake utility packages that secretly steal sensitive info and funds. The campaign's clever tactics even involve an AI-assisted code commit to fly under the radar.
OAuth Breach Risks Expose AI-Driven Enterprise Vulnerability
A single misstep with a trial AI tool led to a major breach: a Vercel employee's casual OAuth grant to Context.ai created a lasting vulnerability that attackers exploited when Context.ai was compromised. This incident highlights the alarming ease with which AI-driven tools can become enterprise security weak spots.
Cybercriminals Exploit 2.9 Billion Compromised Credentials
Imagine 2.9 billion personal login details floating around in the dark corners of the internet, vulnerable to exploitation by cybercriminals - that's the staggering reality revealed by a recent threat intelligence analysis. This massive cache of compromised credentials, tracked globally in 2025, is a goldmine for hackers leveraging stolen logins, malware, and AI to wreak havoc.
AI-Assisted Bug Hunt Exposes High-Severity GitHub Flaw
In a thrilling example of AI-powered detective work, a team of researchers uncovered a high-severity flaw in GitHub's infrastructure, dubbed CVE-2026-3854, which could have allowed hackers to access private repositories with just one command. The researchers cracked the code in under 48 hours, and GitHub swiftly patched the issue within six hours of disclosure.
GitHub swiftly patches flaw exposing millions of private repos
GitHub quickly squashed a massive security flaw, CVE-2026-3854, that could have let hackers access millions of private repositories with just one sneaky git push. The vulnerability allowed attackers to inject malicious code by exploiting how GitHub handled user-supplied options during git push operations.
EU Backs Open-Source Age Verification Tool to Protect Minors Online
The European Commission is taking a major step to safeguard minors online, recommending that EU member states adopt an open-source age verification tool that's easy for online platforms to implement. This move aims to shield kids from harmful content, building on the Digital Markets Act and Digital Services Act to hold big tech accountable.
Exposure Management Platforms Face Validation Test
Are you tired of filling dashboards with green and closing hundreds of tickets, only to wonder if your organization is truly safer? The harsh reality is that most exposure management platforms fall short in connecting remediation to real risk reduction.
cPanel Discloses Authentication Flaw, Urges Immediate Server Updates
cPanel has uncovered a critical authentication flaw that could let hackers gain unauthorized access to your control panel, and is urging immediate server updates to protect against this threat. Check if your version is vulnerable and update to a patched build right away.
Vect Ransomware Exposes Flaw, Turns into Data-Destroying Wiper
Researchers uncovered a critical flaw in Vect Ransomware that unexpectedly turns it into a data-destroying wiper, permanently destroying files over 128KB instead of encrypting them. This shocking misfire stems from a faulty ChaCha20‑IETF implementation that strips away crucial security protections.
GoDaddy Domain Transfer Exposes Non-Profit to Security Risks
A shocking security breach occurred when a 27-year-old domain was transferred from a GoDaddy account to another customer without any authentication checks, putting a non-profit at risk. The alarming transfer was completed in just four minutes, raising serious concerns about GoDaddy's domain transfer process.
CISA Orders Federal Agencies to Patch Exploited Windows Flaw
Federal agencies are on high alert: a critical Windows vulnerability, CVE-2026-32202, must be patched by May 12 to prevent zero-click credential theft via malicious LNK files. CISA has ordered all Federal Civilian Executive Branch agencies to secure their Windows endpoints and servers within two weeks.
Healthcare Sector Grapples with Rising Medical Device Cyberattacks
A staggering one in four healthcare organizations have fallen victim to cyberattacks that compromised their medical devices in the past year, posing a significant threat to patient care. This alarming trend highlights a pressing need for robust medical device cybersecurity measures to prevent delayed treatments and critical care interruptions.
CISA Flags Actively Exploited ConnectWise, Windows Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged two major vulnerabilities, including a critical flaw in ConnectWise ScreenConnect and a Microsoft Windows Shell bug, as actively exploited by hackers. These flaws could allow attackers to execute remote code, access confidential data, and compromise critical systems.
Microsoft Teams Free Disrupted by Backend Change
A recent backend change has caused issues for new users of Microsoft Teams Free, skipping crucial onboarding and privacy consent steps and leaving their profiles incomplete. As a result, these users appear as 'Unknown users', can't be found in searches, and struggle to connect with others in chat.
ClawHub Skills Co-opt AI Agents in Secret Crypto Mining Operation
Meet ClawSwarm, a mysterious crypto mining operation that masquerades as a collection of harmless OpenClaw skills, with 9,800 downloads and counting. Researchers uncovered thirty suspicious skills published by a single user, "imaflytok", on ClawHub, a registry and marketplace for OpenClaw skills.
LiteLLM SQL Flaw Exploited 36 Hours After Disclosure
A critical SQL injection flaw, CVE-2026-42208, was exploited just 36 hours after its disclosure, putting vulnerable LiteLLM versions at risk of unauthorized database access. The bug, with a CVSS score of 9.3, allows unauthenticated callers to reach a vulnerable database query through the proxy's error-handling path.
Marines Overhaul Land Warfare Doctrine for Drone-Driven Battles
The Marine Corps is revolutionizing its land warfare strategy with a bold new doctrine, Ground Combat Element 2040, designed to tackle the challenges of drone-driven battles and great-power competition. This game-changing update is part of a broader effort to modernize the Corps and stay ahead of emerging threats.