Latest stories — Page 18

AI Security

White House Puts OpenAI and Anthropic Models on a Short Leash Pending Cybersecurity Review

The Trump administration is vetting frontier AI releases before they reach the public — and both major labs are complying.

2 min
Threat Intelligence

Microsoft Pulls 119 Edge Extensions Tied to 'StegoAd' Steganography Campaign

The add-ons concealed payloads in image and font files and activated days after install. Microsoft attributes the activity to a single actor operating since 2021.

2 min
Vulnerabilities

libssh2 Clients Get a Nasty Surprise: PoC Lands for CVE-2026-55200

A malicious SSH server can corrupt memory on any client built against libssh2 1.11.1 or earlier. No creds required.

2 min
Threat Intelligence

Supply-Chain Attackers Hide Python Stealer in npm and Go Packages, Sidestep Lifecycle Scripts

JFrog flags two hijacked npm packages and a Go cluster that abuse VS Code tasks to drop a cross-platform infostealer — bypassing the script hooks defenders typically watch.

3 min
Threat Intelligence

SSU, FBI Detail Russian Phishing Op Targeting Signal and Telegram Accounts

Ukrainian counterintelligence says GRU and FSB-linked operators ran fake tech-support flows against officials' messengers across Ukraine, Europe, and the U.S.

2 min
AI Security

OpenAI Hands GPT-5.6 to a Closed Circle, Citing Cyber and National Security Hooks

Three variants — Sol, Terra, and Luna — ship to a small slate of enterprise partners and U.S. government workstreams under a limited preview.

2 min
Vulnerabilities

Active Exploitation Hits PTC Windchill as Attackers Drop Web Shells on PLM Systems

A critical deserialization flaw in software used by Boeing, Lockheed Martin, and BMW is drawing threat actors toward some of the most sensitive intellectual property in global manufacturing.

2 min
Threat Intelligence

Russia's Signal Phishing Now Targets the Backup Recovery Key — and the Key Doesn't Expire

An FBI/CISA update says GRU-linked operators are coaxing victims into surrendering their Signal Backup Recovery Key, which yields full message history and durable account access.

2 min
Threat Intelligence

SharkLoader Drops Cobalt Strike on Asian Government Targets in 'StrikeShark' Campaign

A previously undocumented loader is being used against a diplomatic office in Indonesia and government bodies in Taiwan, with operators staging Cobalt Strike Beacon as the final payload.

2 min
Threat Intelligence

TinyRCT Backdoor Surfaces in CL-STA-1062 Intrusions Across Southeast Asia

Palo Alto Networks ties the previously undocumented implant to a Chinese-speaking cluster targeting state-owned energy and government entities.

2 min
Threat Intelligence

North Korean Malware Tells AI Analyzers to Look Away

A macOS sample attributed to Pyongyang-linked actors contains prompts designed to make LLM-assisted security tools abandon their analysis. Defenders are starting to notice the pattern.

2 min
Threat Intelligence

ASIO Found State Hackers Pre-Positioned for Sabotage Inside Australian Critical Infrastructure

Australia's domestic intelligence agency says a foreign state actor had stolen valid credentials from IT staff at a critical infrastructure operator — and was staging for disruption, not just espionage.

2 min
Threat Intelligence

Week in Brief: Russia's Cellebrite Use, Five Eyes AI Warning, macOS Backdoor, Scattered Spider Pleas

Four stories that deserved more attention: state-backed mobile forensics against activists, an intelligence alliance's AI threat advisory, a new Mac implant, and a high-profile cybercrime case moving toward resolution.

2 min
Vulnerabilities

Amazon Patches CVE-2026-12957 in Q Developer: Malicious Repo Could Drain AWS Credentials via MCP

A workspace-trust prompt was all that stood between a developer and credential theft. Amazon has shipped a fix for the high-severity flaw in its AI coding assistant.

2 min
Identity & Access

Robinhood Rebuilt Its Access-Approval Pipeline — Here's What Actually Changed

The fintech firm's engineering-security team overhauled how developers request and receive system access. The goal: speed without sacrificing control.

2 min
Vulnerabilities

Linux act_pedit OOB Write Poisons Page Cache, Hands Local Users Root

CVE-2026-46331 weaponizes a traffic-control bug to overwrite cached binaries. Working PoC dropped a day after disclosure.

2 min
Vulnerabilities

PTC Windchill RCE Lands on CISA's KEV After Web Shells Show Up in the Wild

A pre-auth code execution bug in PTC's PLM stack is being actively exploited. If you run Windchill or FlexPLM, the patch clock started a while ago.

2 min
Vulnerabilities

DirtyClone: New DirtyFrag-Family Kernel Bug Hands Local Users Root

CVE-2026-43503 (CVSS 8.8) corrupts file-backed memory through a cloned skb. A working PoC is now public.

3 min
Identity & Access

Guardian Agents and the Identity Layer That Doesn't Exist Yet

Autonomous agents are inheriting human permissions at machine speed. The IAM stack wasn't built for this, and the governance gap is widening.

3 min
Threat Intelligence

Mini Shai-Hulud Worm Jumps to Go, Hits LeoPlatform and RStreams npm Packages

The self-propagating supply chain campaign tied to Miasma and Hades has spread again — abusing GitHub Actions workflows and now reaching Go modules.

2 min
Policy & Regulation

Zero Trust in OT: A Pragmatic 90-Day Action Plan

Aligning zero trust architecture with operational technology environments through a strategic, actionable 90-day plan.

2 min
© 2026 Threat Vectr