Cybersecurity News
Yesterday
The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life
Former National Cyber Director Chris Inglis warns that cyber attacks threaten hospitals, utilities and essential services.
Blame AI: Patch Tuesday Hits Record 206 CVEs
Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
"Ghost-Sender" uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spoofing.
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
The attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month.
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
Monday
AI Slop Will Kill Cybersecurity Storytelling If We Let It
AI-generated content threatens credibility in cybersecurity. This "Ask the Expert" column explores why human oversight matters and how to maintain authentic narratives.
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks
The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.
Check Point VPN Flaw Exploited Since Early May
A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.
Iran Signed a Ceasefire — Its Hackers Didn't
An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict.
'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud
The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.
Friday
Exposed Fuel Tank Gauges Under Attack in the US
Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say.
Trump AI Order Seeks Voluntary Frontier Model Testing
The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security.
Thursday
Rust-Written IronWorm Hits NPM Supply Chain
Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.
China's TA4922 Expands Cybercrime Attacks Globally
One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.
4 Critical Threats Where Attackers Have the Advantage
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs
Organizations are growing serious about what nation’s rules apply to their data. Experts point to geopolitical tensions as a main contributing factor.
Pakistan Spies on Afghan Finance Ministry With Xeno RAT
Despite broadly connected digital infrastructure, standard fare TTPs are enough to cause trouble for Afghanistan's porous cybersecurity.