Latest stories — Page 18

White House Puts OpenAI and Anthropic Models on a Short Leash Pending Cybersecurity Review
The Trump administration is vetting frontier AI releases before they reach the public — and both major labs are complying.

Microsoft Pulls 119 Edge Extensions Tied to 'StegoAd' Steganography Campaign
The add-ons concealed payloads in image and font files and activated days after install. Microsoft attributes the activity to a single actor operating since 2021.

libssh2 Clients Get a Nasty Surprise: PoC Lands for CVE-2026-55200
A malicious SSH server can corrupt memory on any client built against libssh2 1.11.1 or earlier. No creds required.

Supply-Chain Attackers Hide Python Stealer in npm and Go Packages, Sidestep Lifecycle Scripts
JFrog flags two hijacked npm packages and a Go cluster that abuse VS Code tasks to drop a cross-platform infostealer — bypassing the script hooks defenders typically watch.

SSU, FBI Detail Russian Phishing Op Targeting Signal and Telegram Accounts
Ukrainian counterintelligence says GRU and FSB-linked operators ran fake tech-support flows against officials' messengers across Ukraine, Europe, and the U.S.

OpenAI Hands GPT-5.6 to a Closed Circle, Citing Cyber and National Security Hooks
Three variants — Sol, Terra, and Luna — ship to a small slate of enterprise partners and U.S. government workstreams under a limited preview.

Active Exploitation Hits PTC Windchill as Attackers Drop Web Shells on PLM Systems
A critical deserialization flaw in software used by Boeing, Lockheed Martin, and BMW is drawing threat actors toward some of the most sensitive intellectual property in global manufacturing.

Russia's Signal Phishing Now Targets the Backup Recovery Key — and the Key Doesn't Expire
An FBI/CISA update says GRU-linked operators are coaxing victims into surrendering their Signal Backup Recovery Key, which yields full message history and durable account access.

SharkLoader Drops Cobalt Strike on Asian Government Targets in 'StrikeShark' Campaign
A previously undocumented loader is being used against a diplomatic office in Indonesia and government bodies in Taiwan, with operators staging Cobalt Strike Beacon as the final payload.

TinyRCT Backdoor Surfaces in CL-STA-1062 Intrusions Across Southeast Asia
Palo Alto Networks ties the previously undocumented implant to a Chinese-speaking cluster targeting state-owned energy and government entities.

North Korean Malware Tells AI Analyzers to Look Away
A macOS sample attributed to Pyongyang-linked actors contains prompts designed to make LLM-assisted security tools abandon their analysis. Defenders are starting to notice the pattern.

ASIO Found State Hackers Pre-Positioned for Sabotage Inside Australian Critical Infrastructure
Australia's domestic intelligence agency says a foreign state actor had stolen valid credentials from IT staff at a critical infrastructure operator — and was staging for disruption, not just espionage.

Week in Brief: Russia's Cellebrite Use, Five Eyes AI Warning, macOS Backdoor, Scattered Spider Pleas
Four stories that deserved more attention: state-backed mobile forensics against activists, an intelligence alliance's AI threat advisory, a new Mac implant, and a high-profile cybercrime case moving toward resolution.

Amazon Patches CVE-2026-12957 in Q Developer: Malicious Repo Could Drain AWS Credentials via MCP
A workspace-trust prompt was all that stood between a developer and credential theft. Amazon has shipped a fix for the high-severity flaw in its AI coding assistant.

Robinhood Rebuilt Its Access-Approval Pipeline — Here's What Actually Changed
The fintech firm's engineering-security team overhauled how developers request and receive system access. The goal: speed without sacrificing control.

Linux act_pedit OOB Write Poisons Page Cache, Hands Local Users Root
CVE-2026-46331 weaponizes a traffic-control bug to overwrite cached binaries. Working PoC dropped a day after disclosure.

PTC Windchill RCE Lands on CISA's KEV After Web Shells Show Up in the Wild
A pre-auth code execution bug in PTC's PLM stack is being actively exploited. If you run Windchill or FlexPLM, the patch clock started a while ago.

DirtyClone: New DirtyFrag-Family Kernel Bug Hands Local Users Root
CVE-2026-43503 (CVSS 8.8) corrupts file-backed memory through a cloned skb. A working PoC is now public.

Guardian Agents and the Identity Layer That Doesn't Exist Yet
Autonomous agents are inheriting human permissions at machine speed. The IAM stack wasn't built for this, and the governance gap is widening.

Mini Shai-Hulud Worm Jumps to Go, Hits LeoPlatform and RStreams npm Packages
The self-propagating supply chain campaign tied to Miasma and Hades has spread again — abusing GitHub Actions workflows and now reaching Go modules.

Zero Trust in OT: A Pragmatic 90-Day Action Plan
Aligning zero trust architecture with operational technology environments through a strategic, actionable 90-day plan.