Agentic AI Accelerates Software Builds and Mobile App Attacks
Digital.ai’s 2026 Application Security Threat Report reveals that 87% of customer‑facing mobile apps were attacked in 2026, up from 55% in 2022. The surge mirrors the rapid adoption of agentic AI, which lets low‑skill threat actors automate code inspection, exploit generation and malware adaptation in hours instead of weeks. Financial services, automotive and medical‑device apps are the most targeted, with attack rates above 90%. The gap between Android and iOS attacks has narrowed, with 89% of Android and 86% of iOS apps hit, often within hours of release.
Gremlin Stealer Evolves Into Modular Threat with Advanced Evasion Capabilities
Palo Alto Networks’ Unit 42 reports that the Gremlin stealer has transformed from a simple credential harvester into a modular toolkit within a year. The latest build hides its malicious payload in the .NET resource section and applies XOR encoding to...
Most Organizations Now Use AI Agents for Sensitive Security Tasks
A new Semperis study finds that 93% of global enterprises already use or plan to deploy AI agents for sensitive security functions such as password resets and VPN access. At the same time, 92% have these agents installed on machines...
ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks
The UK Information Commissioner’s Office (ICO) has issued a five‑step guide to counter the surge in AI‑driven cyber attacks, urging organisations to adopt multi‑layered defenses and align with the National Cyber Security Centre’s updated Cyber Assessment Framework. The guidance highlights...
Avada Builder Flaws Expose One Million WordPress Sites
Two critical vulnerabilities in the Avada Builder WordPress plugin have put roughly one million sites at risk. The first, CVE‑2026‑4782, is an arbitrary file‑read flaw that lets subscriber‑level users access sensitive files like wp‑config.php. The second, CVE‑2026‑4798, is an unauthenticated...
Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers
A new Absolute Security survey of 750 CISOs reveals that 58% would consider paying a ransomware ransom to restore encrypted systems, with U.S. leaders more inclined (63%) than their U.K. peers (47%). While 83% express confidence in rapid recovery, actual...
Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Cybercriminals have merged the ClickFix social‑engineering technique with PySoxy, a decade‑old open‑source SOCKS5 proxy, to create a modular post‑exploitation chain that persists without traditional malware. After the initial ClickFix compromise, attackers conduct reconnaissance before deploying PySoxy, which establishes a covert...
South Staffordshire Water Fined £1m After Data Breach
South Staffordshire Water and its parent company were fined £1 million (about $1.4 million) by the UK Information Commissioner’s Office after a two‑year‑long cyber intrusion exposed personal data of more than 633,000 current and former customers and employees. The breach began with...
Fake Claude Code Page Pushes PowerShell Stealer at Devs
Ontinue’s Cyber Defense Center uncovered a new information‑stealer distributed through counterfeit Claude Code installation pages. The malicious PowerShell loader, delivered via a disguised /install.ps1 script, injects a tiny native helper into Chromium‑based browsers to extract App‑Bound Encryption keys, cookies, passwords and...
US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates
The U.S. Federal Communications Commission has pushed back the deadline for security updates on banned foreign‑made consumer routers to at least January 1, 2029, extending the original March 2027 cutoff by two years. The original ban, enacted in March 2026, prohibited import and sale...
PCPJack Campaign Boots TeamPCP Off Compromised Machines
Security researchers have uncovered PCPJack, a new credential‑theft framework that first wipes traces of the notorious TeamPCP group before worming through exposed cloud environments. The worm targets Docker, Kubernetes, Redis, MongoDB, RayML and vulnerable web applications, stealing credentials for later...
Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds
A Forrester study commissioned by Capital One Software finds that while 72% of security leaders consider data protection more critical than ever, legacy network and perimeter tools are hampering effective safeguards. Over half of respondents lack full visibility into vulnerabilities,...
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
A critical vulnerability in Cline’s Kanban module (CVSS 9.7) lets any website a developer visits connect to three unauthenticated WebSocket endpoints on the local server, harvest workspace data, and inject commands into the AI coding agent’s terminal. The flaw stems from...
OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
Cybersecurity firm Dragos reported that attackers leveraged Anthropic's Claude and OpenAI's GPT models to orchestrate a breach of a municipal water and drainage utility in Monterrey, Mexico. The AI tools generated malicious scripts, assisted in intrusion planning, and even produced...
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
A counterfeit Claude‑Pro website (claude‑pro.com) is serving a 505 MB ZIP that installs a malicious MSI. The MSI drops a signed G DATA antivirus updater renamed NOVupdate.exe, an encrypted data file, and a malicious avk.dll which is sideloaded by the updater. The...
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
Cofense reports a surge in phishing campaigns that leverage Vercel’s v0.dev generative AI platform. Low‑skill threat actors can create fully functional malicious sites with simple text prompts, paying as little as $20 a month for the pro tier and using...
One in Eight Workers Has Sold Their Corporate Logins
According to Cifas’ Workplace Fraud Trends report, 13 % of UK employees either sold their corporate logins or knew a colleague who did in the past year. Acceptance of the practice spikes among senior staff, with 81 % of business owners deeming...
AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber Risk
AI tools are now ubiquitous in enterprises, with 90% of digital‑trust professionals confirming employee use. Yet only 38% of organizations have a formal, comprehensive AI safety policy and a further 30% operate with limited guidance, leaving a quarter without any...
Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says
The U.S. defense industrial base’s small and mid‑size contractors, which make up about 80% of the sector, are severely lacking network telemetry to monitor edge infrastructure. Nation‑state actors such as China’s Volt, Russia’s Fancy Bear and Iran’s UNC1549 are exploiting zero‑day...
OpenAI To Extend Cyber Program to Government Agencies
OpenAI released a roadmap titled "Cybersecurity in the Intelligence Age" outlining plans to broaden its Trusted Access for Cyber (TAC) program to federal, state and local government agencies, as well as key industry players. The expansion coincides with the launch...
UK: Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat Levels
The UK’s public education sector saw a sharp rise in cyber breaches in 2025/2026, even as national threat levels remained stable. Primary schools reported a 4% increase, secondary schools jumped from 60% to 73% breach incidence, further‑education colleges rose to...
Cursor Extension Flaw Exposes Developer API Keys
A critical vulnerability in the AI‑driven IDE Cursor lets any installed extension read the tool’s local SQLite store, exposing API keys and session tokens without user interaction. LayerX’s research gave the flaw an 8.2 CVSS rating, highlighting the risk of...
Researchers Track 2.9 Billion Compromised Credentials
KELA’s 2026 State of Cybercrime report reveals nearly 2.9 billion compromised credentials worldwide in 2025, driven by a dramatic rise in macOS infostealer infections. Ransomware victims increased 45% to 7,549 incidents, while DDoS attacks jumped 400% to 3,500. The firm also...
A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks
RunSafe Security’s 2026 Medical Device Cybersecurity Index found that 24% of healthcare organizations experienced cyber‑attacks on medical devices in the past year. In 80% of those incidents, the impact on patients was moderate or significant, ranging from delayed imaging to...
Ransomware Turf War as 0APT and KryBit Groups Trade Blows
Two ransomware gangs, 0APT and KryBit, have entered a retaliatory cycle after each leaked the other’s operational data. 0APT first exposed KryBit’s admin panel, revealing affiliates, victim files and ransom demands ranging from $40,000 to $100,000. KryBit responded by hacking...
Widely Used Browser Extensions Selling User Data
A LayerX Security study identified more than 80 widely used browser extensions that explicitly disclose they sell user data. The extensions span streaming, ad‑blocking and productivity categories and together have millions of installations. While 71% of Chrome Web Store extensions...
AI Rush Is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns
Enterprises are racing to embed AI, but many are abandoning fundamental security hygiene, warns Jurgen Kutscher, VP of Mandiant Consulting at Google Cloud. Red‑team exercises reveal attackers exploiting AI‑enabled workflows to reclassify data, bypass DLP, and leverage unencrypted communication streams....
Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI
At Google Cloud Next 26, COO Francis DeSouza announced that Google will not launch a dedicated cybersecurity frontier model, opting instead to leverage its general‑purpose Gemini models for security workloads. He argued that Gemini now performs well across domains, including code...
Cyber-Attacks Surge 63% Annually in Education Sector
A new Quorum Cyber report shows cyber‑attacks on schools and universities jumped 63% year‑over‑year, with recorded incidents climbing from 260 to 425 between November 2023‑October 2025. Data breaches rose 73% and hacktivist activity 75% across 67 countries, while ransomware grew 21%, led...
Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents
Security researchers at Forcepoint uncovered ten new indirect prompt injection (IPI) payloads that can hijack AI agents when they crawl or summarize web content. The payloads use common triggers such as “ignore previous instructions” to force agents to execute malicious...
NCSC Backs Passkeys, Hailing a New Era of Sign-In
The UK National Cyber Security Centre (NCSC) has officially endorsed passkeys as the primary login method for consumers, moving away from passwords except where passkeys are unavailable. The endorsement follows a year of collaboration with the FIDO Alliance and successful...
MacOS Native Tools Enable Stealthy Enterprise Attacks
Cisco Talos research reveals that attackers are repurposing native macOS utilities—such as Remote Application Scripting, AppleScript, and Spotlight metadata—to execute code, move laterally, and hide payloads. The study notes that more than 45% of enterprises now run macOS, making the...
NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors From Cyber-Attacks
The UK National Cyber Security Centre (NCSC) launched SilentGlass, a plug‑and‑play device that filters HDMI and DisplayPort signals to block malicious traffic. Unveiled at CYBERUK 26, the hardware is now manufactured by Goldilock Labs with Sony UK and sold globally after...
UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
The UK government announced a £90 m ($120 m) injection to strengthen national cyber resilience, focusing on small and medium‑sized enterprises (SMEs). The funding will support wider adoption of the Cyber Essentials standard, which saw a 20% uptake increase last year and...
Surge in Silent Subject Phishing Attacks Targets VIP Users
Cyberproof reported a sharp rise in silent‑subject phishing campaigns that omit email subject lines to slip past traditional filters. The attacks, which increased 13.9% in January‑February and another 7% in March 2026, target high‑value executives and use malicious links, QR...
Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
Infrawatch researchers identified a Belarus‑originated software platform, ProxySmart, operating 87 control panels across 17 countries and supporting 94 SIM farms in 19 U.S. states. The platform offers a turnkey “SIM Farm as a Service” solution, handling device management, automated IP...
Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms
A joint Cloud Security Alliance and Token Security study finds two‑thirds of enterprises have suffered cybersecurity incidents linked to unchecked AI agents. While 68% claim high visibility of such agents, 82% discovered unknown agents in the past year, exposing gaps...
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
WatchGuard researchers identified two new Formbook phishing campaigns that continue to target organizations worldwide. One campaign uses DLL sideloading, embedding malicious DLLs in a RAR archive to trick legitimate Windows processes, while the other hides obfuscated JavaScript in PDFs and...
NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience
The UK National Cyber Security Centre (NCSC) unveiled a coordinated plan to strengthen cyber resilience across the NHS, built on 18 months of government‑industry collaboration. The strategy pivots on five pillars, including the Active Cyber Defence 2.0 pilot, software‑supply‑chain hardening,...
Commercial AI Models Show Rapid Gains in Vulnerability Research
Forescout’s Verde Labs reports that commercial AI models have closed the gap in vulnerability research, with all tested models now completing full research tasks and half generating working exploits autonomously. The most capable models, Claude Opus 4.6 and Kimi K2.5, can discover...
DDoS-For-Hire Services Disrupted by International Police Action in ‘Operation PowerOff’
Operation PowerOff, a coordinated law‑enforcement effort across 21 nations, dismantled the infrastructure behind DDoS‑for‑hire services. Authorities seized 53 domains, removed over 100 URLs, and confiscated databases containing more than three million criminal user accounts. The operation led to four arrests...
APK Malformation Found in Thousands of Android Malware Samples
Researchers at Cleafy have identified a surge in Android Package (APK) malformation, an evasion technique now present in more than 3,000 malware samples across families such as Teabot, TrickMo, Godfather and SpyNote. By deliberately corrupting APK structures—creating mismatched headers, unsupported...
Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack
Cookeville Regional Medical Center disclosed that a July 2025 ransomware attack exposed the personal and medical records of 337,917 patients. The Russian‑linked Rhysida gang claimed responsibility, demanding 10 Bitcoin—about $1.15 million—though it is unclear if the ransom was paid. The hospital began mailing...
Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads
Security researchers at Ox Security disclosed a critical, systemic flaw in Anthropic's Model Context Protocol (MCP) that enables arbitrary command execution. The vulnerability stems from the protocol’s STDIO interface, which runs commands even when server startup fails, exposing over 200...
Automotive Ransomware Attacks Double in a Year
Ransomware has become the fastest‑growing cyber threat to the automotive industry, accounting for 44% of all attacks on carmakers in 2025. Halcyon’s report shows attack frequency more than doubled last year, driven by connected vehicle platforms, OTA updates and cloud‑based...
European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program
ENISA, the EU’s cybersecurity agency, is pursuing top‑level root CVE Numbering Authority (TL‑Root CNA) status, aiming for approval by 2026 or early 2027. The move follows ENISA’s recent elevation to a root CNA in 2025 and would place it alongside...
Signed Adware Operation Disables Antivirus Across 23,000 Hosts
A signed software operation linked to Dragon Boss Solutions has been silently disabling antivirus products on more than 23,000 endpoints worldwide. The campaign uses a legitimate code‑signing certificate and an Advanced Installer‑based update mechanism to deliver a PowerShell payload, ClockRemoval.ps1,...
AI Companies to Play Bigger Role in CVE Program, Says CISA
CISA’s Vulnerability Response & Coordination chief Lindsey Cerkovnik urged AI firms such as OpenAI and Anthropic to gain stronger representation in the Common Vulnerabilities and Exposures (CVE) program. The call follows the debut of Anthropic’s Claude Mythos Preview and OpenAI’s...
AI Security Institute Advocates Security Best Practices After Mythos Test
The AI Security Institute (AISI) evaluated Anthropic’s Claude Mythos Preview, finding it could autonomously execute multi‑stage attacks and complete 22 of 32 steps in a simulated corporate network. The model succeeded in three out of ten attempts, highlighting both its...
Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat
Security researchers have uncovered a sharp increase in the abuse of Microsoft 365 mailbox rules, with Proofpoint reporting that roughly 10% of compromised accounts in Q4 2025 contained malicious rules created within seconds of initial access. These rules, often given trivial names,...