Notepad++ Vulnerabilities Could Enable Arbitrary Code Execution on Windows Systems
Two high‑severity vulnerabilities (CVE‑2026‑48778 and CVE‑2026‑48800) were found in Notepad++ that let a local attacker execute arbitrary commands by tampering with XML configuration files. The flaws affect all versions up to 8.9.6 and were patched the same day in version 8.9.6.1, which also addressed a lower‑severity crash bug. Exploitation requires write access to the user’s AppData folder, allowing malicious shortcuts or command‑interpreter paths to persist across reboots. The advisory warns that traditional endpoint tools may miss these attacks because the Notepad++ binary remains unchanged.
The Gentlemen Are Coming for Your Files, and Then Your Network
Microsoft warned that the Gentlemen ransomware now employs a self‑propagating Go‑based encryptor that moves laterally across networks via SMB and harvested credentials before encrypting files. First observed in mid‑2025, the malware transitioned to a ransomware‑as‑a‑service model in September 2025, recruiting...
Indian CERT Urges Firms to Contain Exploited Internet-Facing Flaws Within 12 Hours
India’s cybersecurity agency CERT‑In issued a 38‑page blueprint urging firms to patch, mitigate, or isolate exploited internet‑facing "crown jewel" systems within 12 hours where feasible. The framework sets one‑day remediation for critical external flaws, three days for critical internal vulnerabilities, and...
Employees Are Unknowingly Inviting Tech Support Impersonators Into Firms, Says FBI
The FBI’s latest Flash report warns that the Silent Ransom Group (also known as Luna Moth, Chatty Spider, UNC3753) has begun sending impostor IT support personnel into U.S. law firms. The attackers gain physical access, plug malicious USB devices into...
The NSA, ‘Mythos’ and the Quiet Emergence of AI Cyber Doctrine
The U.S. government and leading tech firms are rapidly integrating frontier AI models, such as Anthropic's Claude Mythos, into offensive cyber operations, shifting the threat landscape from tool‑centric to autonomous agent‑centric. Mythos demonstrated autonomous discovery and exploitation of thousands of...
Microsoft Previews Automatic Device Isolation in Defender for Endpoint
Microsoft is previewing an automatic device isolation feature in Defender for Endpoint’s auto attack disruption tool, allowing the platform to sever a compromised device’s network connections while keeping it linked to security services. The capability aims to halt lateral movement,...
TrapDoor Malware Campaign Puts Developer Workstations in CISO Spotlight
Researchers at Socket have identified a coordinated malware campaign, dubbed TrapDoor, that has published more than 34 malicious packages across npm, PyPI and Crates.io, affecting over 384 versions. The packages are engineered to harvest a wide range of developer secrets—including...
Stop Treating AI Governance as a Review Layer. Make It Release Infrastructure
The article argues that AI governance must move from a post‑deployment review layer to an integral part of the release pipeline. Traditional compliance models, which audit static software after it ships, fail because AI models and their data sources evolve...
Security Experts Caution MFA Alone Can No Longer Stop Threat Actors
Security experts warn that multifactor authentication (MFA) alone can no longer stop phishing campaigns that steal Microsoft 365 OAuth tokens. New services such as EvilTokens and the FBI‑alerted Kali365 provide ready‑made, AI‑generated phishing kits that capture device‑code tokens, allowing attackers...
AI Security Needs a Shift From Models to Systems, Researchers Argue
Researchers from Google, UC San Diego, and UW‑Madison argue that enterprises must stop treating AI agents as trusted software and instead secure them as untrusted systems. Their new paper shows that model‑level defenses like prompt guardrails fail when agents access...
As AI Speeds Coding, CVE Lite CLI Keeps Security Deliberately AI-Free
The OWASP‑backed CVE Lite CLI offers a local‑first vulnerability scanner for JavaScript and TypeScript projects, analyzing npm, pnpm and Yarn lockfiles directly on a developer’s machine. By surfacing dependency risks at the moment code is written, it aims to replace...
To Pay, or Not to Pay: 58% of CISOs Say They Would Pay the Ransom for Their Data
A survey of 750 CISOs in the US and UK shows 58% would pay a ransomware ransom to recover data. Law‑enforcement agencies in both countries warn against payment, citing no guarantee of data return and the encouragement of attackers. IDC...
Google Leaks Details for Chromium Bug that Can Turn Browsers Into Bots
A long‑standing vulnerability in Chromium’s Service Worker and Background Fetch APIs allows malicious sites to keep a service worker alive indefinitely and run JavaScript across browser restarts. Reported three years ago by researcher Lyra Rebane, the flaw lets attackers hide background...
Why Your AI Strategy Stops Where the PLC Starts: Hard Lessons From the OT Frontlines
C‑level executives are racing to embed AI in operational‑technology security, but the effort stalls because critical telemetry never reaches the models. Legacy devices—often an unpatched Windows 7 laptop that alone talks to protection relays—create a massive visibility gap. AI trained on...
Identity as the Primary Attack Surface: What Modern Breaches Are Really Exploiting
Modern breaches increasingly exploit identity rather than network perimeters. As enterprises migrate to cloud, SaaS, and hybrid work, authentication becomes the gatekeeper for financial systems, data, and admin controls. Attackers now rely on credential stuffing, OAuth consent phishing, and adversary‑in‑the‑middle...