Stay Ahead of
the Threat Landscape

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

I appreciate you sharing this article, but the provided text appears to be corrupted or incomplete—it only contains CSS font declarations and no actual article content about the OpenAI security incident. To provide you with the two to three actionable sen

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical vulnerability in Marimo that allows attackers to execute code without authentication is currently being exploited in the wild to steal credentials. If your organization uses Marimo, you should immediately patch to the latest version and monitor

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Attackers compromised the download servers for CPUID's popular CPU-Z and HWMonitor tools and distributed them bundled with STX RAT malware, which gives attackers remote access and control over infected systems. You should immediately verify that any CPU-Z

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe has released a patch for CVE-2026-34621, a vulnerability in Acrobat Reader that is currently being actively exploited by attackers in the wild. You should prioritize updating Acrobat Reader to the latest patched version immediately across your organ

Over 20,000 crypto fraud victims identified in international crackdown

An international law enforcement operation has identified over 20,000 victims of cryptocurrency fraud across North America and the United Kingdom, demonstrating that crypto scams remain a widespread and persistent threat to your organization and employees

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

Law enforcement agencies have exploited advertising data collection through a platform called Webloc to track approximately 500 million devices without apparent transparency or oversight, according to research from Citizen Lab. Organizations should audit

ChatGPT rolls out new $100 Pro subscription to challenge Claude

OpenAI has launched a $100 monthly Pro subscription tier to compete directly with Claude's pricing structure, signaling an escalation in the AI platform market that will likely drive up costs for enterprises adopting these tools at scale. Business leaders

Hims Breach Exposes the Most Sensitive Kinds of PHI

Hackers breached Hims and gained access to highly sensitive personal health information including details about patients' conditions like hair loss, weight management, and erectile dysfunction. You should assume this data could be used for blackmail, targ

Your Next Breach Will Look Like Business as Usual

Attackers are increasingly using stolen or compromised credentials to access systems while making their activity appear as normal business operations, making these attacks extremely difficult to detect with traditional security tools. Your organization sh

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

Iranian-linked hackers have exposed nearly 4,000 internet-connected industrial control devices manufactured by Rockwell Automation that manage critical US infrastructure operations. Your organization should immediately audit whether you have any internet-

FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats

Orange Business Reimagines Enterprise Voice Communications With Trust and AI

Analysis of one billion CISA KEV remediation records exposes limits of human-scale security

Most critical vulnerabilities tracked by CISA are being actively exploited by attackers before organizations have time to patch them, revealing that traditional manual patching processes cannot keep pace with modern threat timelines. Organizations need to

Industrial Controllers Still Vulnerable As Conflicts Move to Cyber

Industrial control systems remain dangerously exposed to cyberattacks, with US government warnings confirming that programmable logic controllers are actively being targeted and researchers discovering 179 vulnerable operational technology devices in the

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Attackers are using a malware campaign called GlassWorm that deploys a Zig-based dropper to compromise developer integrated development environments (IDEs), potentially giving them access to source code and development infrastructure. Development teams sh

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

I appreciate your request, but the article text provided appears to be corrupted or incomplete—it contains only CSS font formatting code and no actual article content beyond the title. Without the substantive details about browser extensions, AI consumpti

Contemporary Controls BASC 20T

I appreciate your request, but the article text provided appears to be corrupted or incomplete—it contains only JSON configuration code and metadata from a CISA webpage rather than actual article content about the Contemporary Controls BASC 20T vulnerabil

GPL Odorizers GPL750

I cannot provide the requested analysis because the article text provided does not contain substantive information about a GPL Odorizers GPL750 vulnerability or threat. The text appears to be only website configuration code and metadata from a CISA page,

Russia Hacked Routers to Steal Microsoft Office Tokens

Russian state-sponsored actors compromised network routers to intercept and steal authentication tokens for Microsoft Office 365, giving them persistent access to corporate email and cloud services without needing passwords. You should immediately audit y

Mitsubishi Electric GENESIS64 and ICONICS Suite products

I'm unable to complete this task because the article text provided is incomplete and corrupted. The content appears to be only website metadata and configuration code without the actual vulnerability details or threat information needed to write the reque

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

Iranian-affiliated cyber actors are actively targeting programmable logic controllers (PLCs) and other operational technology systems across U.S. critical infrastructure sectors, presenting a serious risk to essential services like power grids, water syst

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

Summary for Leaders An Iran-linked threat group is conducting large-scale password-spraying attacks against over 300 Israeli organizations using Microsoft 365, attempting to guess weak or common passwords at scale to gain account access. If your organi

Microsoft removes Support and Recovery Assistant from Windows

Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. [...]

Microsoft links Medusa ransomware affiliate to zero-day attacks

Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]

Drift $280M crypto theft linked to 6-month in-person operation

The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain

CISA orders feds to patch exploited Fortinet EMS flaw by Friday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]

Automated Credential Harvesting Campaign Exploits React2Shell Flaw

An emerging threat cluster tracked as UAT-10608 is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to exfiltrate credentials, secrets, and other system data.

Shadow AI in Healthcare Is Here to Stay

Medical professionals are not going to stop using AI tools to manage growing workloads. Organizations should prioritize bolstering security protocols to limit their blast radius.

Why Simple Breach Monitoring is No Longer Enough

Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]

OWASP GenAI Security Project Gets Update, New Tools Matrix

In recognition of 21 generative AI risks, the standards groups recommends that companies take separate but linked approaches to defending GenAI and agentic AI systems.

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, takin

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider th

CISA Adds One Known Exploited Vulnerability to Catalog

<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploit

How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers

The&nbsp;most active piece of enterprise infrastructure in the company is the developer workstation. That&nbsp;laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI&nbsp;agents. In

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Threat actors associated&nbsp;with Qilin&nbsp;and Warlock ransomware operations&nbsp;have been&nbsp;observed using the bring your own vulnerable driver&nbsp;(BYOVD) technique to silence security tools running on compromised hosts, according to findings fr

Germany Doxes &#8220;UNKN,&#8221; Head of RU Ransomware Gangs REvil, GandCrab

Key Takeaway German authorities have publicly identified "UNKN," the alleged operator behind REvil and GandCrab—two of the most prolific ransomware gangs responsible for billions in damages globally. Watch for retaliatory attacks or operational shifts

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough.

Apple Breaks Precedent, Patches DarkSword for iOS 18

Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe mobile OS-cracking tool.

Hitachi Energy Ellipse

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product

Yokogawa CENTUM VP

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to login as the PRO

Siemens SICAM 8 Products

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to den