Misuse, alignment, deepfakes, and the hard problems of building AI that doesn't break things.
The North Korean state-sponsored threat actor Kimsuky is actively targeting South Korean military and corporate entities using advanced social engineering and novel tools like HTTPSpy, HelloDoor, and VS Code Tunnels.
Cybersecurity researchers discovered a malicious NuGet package masquerading as a C# SDK used by Sicoob, successfully exfiltrating sensitive client IDs and PFX certificates.
The concept of 'Shadow AI' has evolved from simple data exposure to employees building and deploying full applications with AI, often bypassing necessary security and IT oversight. This shift presents significant new limits to existing security stacks.
Investigations into the deadly Ebola outbreak in the DRC revealed the presence of the Bundibugyo virus, complicating control efforts.
A previously undocumented threat actor, GREYVIBE, is attributed to ongoing, persistent, and AI-powered cyberattacks targeting Ukraine and related entities since at least August 2025, suggesting alignment with Kremlin state interests.
Cybersecurity researchers have identified a cross-platform malware named RemotePE, utilized by the North Korea-linked Lazarus Group to target financial and cryptocurrency organizations through a multi-stage attack chain.
The rapid development of AI exploits is driving an accelerated shift in how security researchers search for and address software vulnerabilities.
Threat actors are exploiting a critical SQL injection flaw in Ghost CMS (CVE-2026-26980) to inject malicious code and launch ClickFix attacks against over 700 websites.
A weekly recap detailing emerging cybersecurity threats, including vulnerabilities in development tools, dormant bugs resurfacing, and increasingly sophisticated phishing attacks.
Anthropic disclosed that its defensive project, Glasswing, has identified over 10,000 high- or critical-severity vulnerabilities in systemically important software worldwide.
The industry is actively managing AI security challenges in real time, exemplified by major players like Google, as the field moves through a critical transition period.
Cybersecurity researchers have identified a supply chain attack targeting several Laravel-Lang PHP packages to deliver a framework capable of stealing user credentials.
CISA has added the recently patched SQL injection vulnerability (CVE-2026-9082) in Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation.
A maximum-severity vulnerability (CVE-2026-48172, CVSS 10.0) in the LiteSpeed User-End cPanel Plugin is being actively exploited to allow attackers to run arbitrary scripts with elevated privileges, potentially leading to a complete system compromise.
Researchers used artificial intelligence to reconstruct the voices of deceased pilots from cockpit recordings, leading the NTSB to temporarily restrict access to its docket system.