T-Mobile Sets the Record Straight on Latest Data Breach Filing
T‑Mobile USA clarified that a recent data breach notification filed with the Maine Attorney General stemmed from an isolated insider incident affecting a single customer. The compromised data included personal identifiers such as name, address, SSN, driver’s license and account PIN, but financial details and call records remained untouched. The company reset the affected PIN, informed law enforcement, and emphasized that no credentials were stolen. This follows a series of larger breaches, including a 2021 incident that exposed 37 million accounts.
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Anthropic unintentionally published a JavaScript sourcemap for Claude Code v2.1.88, exposing roughly 512,000 lines of TypeScript. Within days, security firm Adversa AI uncovered a critical flaw in Claude Code’s permission system that lets deny‑rule checks be bypassed when more than 50 sub‑commands are generated....
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
In March 2026, thirty‑eight cybersecurity‑focused M&A deals were announced, marking a rapid acceleration in the sector. The month’s headline transactions include Google’s $32 billion closure of the Wiz acquisition, Zurich’s $11 billion purchase of Beazley, and a series of AI‑security buyouts such as...
CrewAI Vulnerabilities Expose Devices to Hacking
Open‑source AI orchestration framework CrewAI disclosed four interrelated vulnerabilities. The flaws—CVE‑2026‑2275, ‑2285, ‑2286, and ‑2287—stem from the Code Interpreter tool’s fallback to an insecure sandbox and improper configuration checks. Exploited together, they enable remote code execution, SSRF, and arbitrary file...
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
Rapid7 disclosed that a China‑linked state‑sponsored threat actor has embedded kernel‑level implants and passive backdoors deep within global telecom backbone infrastructure. The campaign leverages the BPFdoor Linux backdoor, CrossC2 beacons and the TinyShell framework to achieve long‑term, stealthy persistence across...
Dell and HP Roll Out Quantum-Resistant Device Security
HP and Dell announced new hardware‑level security features aimed at defending against physical attacks and emerging quantum‑computing threats. HP introduced TPM Guard, which encrypts the TPM‑CPU link, and added quantum‑resistant cryptography to its LaserJet Pro and Enterprise printer lines along...
DoE Publishes 5-Year Energy Security Plan
The U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) unveiled a three‑pronged, five‑year energy security plan covering fiscal years 2026‑2030. The plan targets world‑class security technologies, hardening of critical energy infrastructure, and streamlined response and...
Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector
Poland recorded a dramatic rise in cyber activity in 2025, logging roughly 270,000 attacks—2.5 times more than the previous year. The most serious incident was a destructive infiltration of a combined heat‑and‑power plant on Dec. 29, affecting services for about 500,000...
RSAC 2026 Conference Announcements Summary (Day 1)
The RSAC 2026 conference showcased a wave of AI‑focused security launches, from Acalvio’s 360 Deception framework to Arctic Wolf’s Aurora Superintelligence Platform and Broadcom’s Symantec CBX XDR solution. Vendors emphasized agentic capabilities—AI agent discovery, policy enforcement, and runtime governance—to counter increasingly automated threats. Several...
3.1 Million Impacted by QualDerm Data Breach
QualDerm Partners disclosed that a December 2025 cyber‑attack compromised the personal, medical, and health‑insurance records of more than 3.1 million individuals. Attackers accessed the network for two days, exfiltrating data from a limited set of systems before the breach was detected...
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn
Citrix has issued emergency patches for a critical‑severity vulnerability, CVE‑2026‑3055 (CVSS 9.3), that enables an out‑of‑bounds read and sensitive memory leak in NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider. The update also fixes CVE‑2026‑4368, a high‑severity...
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
Tycoon 2FA, a subscription‑based phishing‑as‑a‑service platform, continued operating at full capacity despite an international takedown effort. The service was responsible for 62 % of Microsoft‑blocked phishing attempts in 2025 and generated over 30 million malicious emails each month, affecting roughly half a million...
Critical Quest KACE Vulnerability Potentially Exploited in Attacks
Arctic Wolf reported active exploitation of the critical authentication‑bypass flaw CVE‑2025‑32975 in Quest KACE Systems Management Appliance (SMA) instances exposed to the internet. The vulnerability, patched by Quest in May 2025, allows unauthenticated actors to impersonate users and gain full administrative control. Exploitation...
Thousands of Magento Sites Hit in Ongoing Defacement Campaign
A coordinated defacement campaign has compromised over 7,500 Magento sites in just three weeks, leveraging an unauthenticated file‑upload flaw across Open Source, Enterprise and B2B deployments. Threat actors are posting plaintext files, often bearing the handle “Typical Idiot Security,” to...
Critical Langflow Vulnerability Exploited Hours After Public Disclosure
Langflow, a widely used open‑source AI workflow builder, disclosed a critical remote code execution flaw (CVE‑2026‑33017) with a CVSS score of 9.3. The vulnerability affects an unauthenticated POST endpoint that processes a ‘data’ parameter, allowing attackers to inject Python code...
The Collapse of Predictive Security in the Age of Machine-Speed Attacks
Rapid7’s 2026 analysis warns that the predictive security window has collapsed as attackers exploit disclosed vulnerabilities within days, outpacing patch cycles. The industrialization of cybercrime, driven by efficient internet access brokers and silent‑entry data grabs, accelerates this speed. Predictive defenses...
Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation
Seattle‑based XBOW announced a $120 million Series C round that pushes its valuation above $1 billion. The funding, led by DFJ Growth and Northzone, brings total capital to $237 million and will fuel global expansion and product development. XBOW’s AI‑powered platform autonomously discovers and...
Cloud Security Startup Native Exits Stealth With $42 Million in Funding
Native, a cloud‑security startup, emerged from stealth after raising $42 million total, including a $31 million Series A led by Ballistic Ventures. The company’s platform translates enterprise security policies into native controls for AWS, Azure, Google Cloud and Oracle Cloud, enabling consistent enforcement...
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact
The Cl0p ransomware group claims a massive Oracle E‑Business Suite breach that exploited zero‑day flaws, affecting over 100 organizations. Among the victims, Broadcom, Bechtel, Estée Lauder and Abbott have not issued any public comment despite leaks of 2 TB, 870 GB and other...
Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet
Law enforcement agencies in the United States and Europe have dismantled SocksEscort, a malicious proxy service powered by the AVrecon botnet that leveraged compromised routers and IoT devices. The operation uncovered roughly 363,000 IP addresses across 163 countries and about...
The Human IOC: Why Security Professionals Struggle with Social Vetting
Security professionals excel at rigorously vetting technical indicators but often neglect the same discipline when assessing people or organizations. This bias leads to unverified negative rumors influencing decisions, which can cause false positives, wasted resources, and damaged stakeholder trust. The...
Splunk, Zoom Patch Severe Vulnerabilities
Security vendors Splunk and Zoom released emergency patches this week to remediate multiple critical and high‑severity vulnerabilities across their product lines. Zoom fixed a critical privilege‑escalation flaw in Workplace for Windows and three high‑severity defects in its Windows client software....
Cisco Patches High-Severity IOS XR Vulnerabilities
Cisco issued its semiannual IOS XR security advisory, addressing four high‑severity vulnerabilities. Two CVEs (CVE‑2026‑20040 and CVE‑2026‑20046) each score 8.8 and enable privilege escalation to root via crafted CLI commands. A third flaw (CVE‑2026‑20074) can cause an IS‑IS process restart,...
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea
Security firm Hudson Rock has linked the 2024 Polyfill supply chain attack, which infected over 100,000 websites, to North Korean threat actors, overturning earlier attributions to China. The attack stemmed from the acquisition of Polyfill.io by Chinese CDN Funnull, which...
Cybersecurity M&A Roundup: 42 Deals Announced in February 2026
February 2026 saw a record 42 cybersecurity M&A announcements, highlighting intensified consolidation across the sector. Major deals include Arctic Wolf’s acquisition of Sevco Security, Check Point’s three AI‑driven purchases, and Palo Alto Networks’ $400 million buy of endpoint‑security firm Koi. Other...
Internet Infrastructure TLD .arpa Abused in Phishing Attacks
A threat actor is exploiting the .arpa top‑level domain, which is intended solely for reverse DNS, to host phishing sites. By creating A records for IPv6 reverse‑DNS zones through providers such as Cloudflare and Hurricane Electric, the attacker serves malicious...
Over 100 GitHub Repositories Distributing BoryptGrab Stealer
Trend Micro uncovered a coordinated campaign distributing the BoryttGrab information stealer through more than 100 GitHub repositories. The malware harvests browser credentials, cryptocurrency‑wallet data, Telegram files, Discord tokens, and system information, then exfiltrates it via a C&C server. Some variants...
Tycoon 2FA Phishing Platform Dismantled in Global Takedown
A coordinated operation by Europol, Microsoft and dozens of security firms dismantled the Tycoon 2FA phishing‑as‑a‑service platform. The service, responsible for roughly 62% of Microsoft‑blocked phishing attempts, sent tens of millions of phishing emails to 500,000 organizations each month and...
How Pirated Software Turns Helpful Employees Into Malware Delivery Agents
Employees seeking free, cracked software inadvertently introduce malware into corporate networks, according to Barracuda’s recent findings. The illicit installers often disable antivirus and embed payloads such as infostealers, cryptominers, and ransomware, leading to complex remediation that may require full system...
Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability
Security researcher Gjoko Krstic disclosed a high‑risk flaw in Honeywell's IQ4 building‑management controller, claiming the web‑based HMI is unauthenticated by default and can be exploited to create admin accounts. He identified roughly 7,500 internet‑exposed devices, with about 20% lacking authentication,...
Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking
Security agency CISA disclosed that Gardyn smart indoor hydroponic gardens suffered two critical and two high‑severity vulnerabilities, affecting an estimated 138,000 devices. The critical flaws include a command‑injection bug (CVE‑2025‑29631) and hard‑coded admin credentials (CVE‑2025‑1242) that enable remote, unauthenticated control...
Trend Micro Patches Critical Apex One Vulnerabilities
TrendAI, the enterprise arm of Trend Micro, released patches for eight vulnerabilities in its Apex One endpoint security suite. Two critical CVEs (2025‑71210 and 2025‑71211) could let remote attackers upload malicious code and execute commands via the management console, while six high‑severity...
Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
Wynn Resorts confirmed that hackers exfiltrated more than 800,000 employee records, including Social Security numbers, after the data appeared on the ShinyHunters leak site on February 20. The casino operator said the stolen data has been deleted and that no guest...
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Security firm Orca disclosed a critical vulnerability in GitHub Codespaces that lets attackers exfiltrate the automatically generated GITHUB_TOKEN and seize full control of a repository. The exploit, dubbed RoguePilot, leverages malicious content hidden in a GitHub issue, symbolic links, and...
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs
TeamT5, a Taiwan‑based cybersecurity firm, confirmed that CVE‑2024‑7694 – a privilege‑escalation flaw allowing malicious file uploads and arbitrary command execution – was likely weaponized by Chinese advanced persistent threat groups Slime57 and Slime62. The vulnerability, patched in August 2024, was exploited...
US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
Healthcare diagnostics firm Vikor Scientific, now operating as Vanta Diagnostics, disclosed a data breach affecting nearly 140,000 individuals. The breach was traced to Catalyst RCM, a revenue-cycle‑management vendor, whose compromised credentials allowed the Everest ransomware group to exfiltrate roughly 12 GB...
NIST’s Quantum Breakthrough: Single Photons Produced on a Chip
NIST announced a chip that reliably generates a single photon on demand using quantum‑dot technology. The device achieves near‑perfect efficiency and, when paired with superconducting nanowire single‑photon detectors, can transmit photons up to 600 miles. Mass‑production of the chip is...
API Threats Grow in Scale as AI Expands the Blast Radius
API vulnerabilities accounted for 17% of the 60,000+ flaws disclosed in 2025, and 43% of exploited weaknesses were API‑related, underscoring a growing attack surface. Wallarm’s report highlights a dramatic 270% rise in Model Context Protocol (MCP) flaws between Q2 and...
3 Threat Groups Started Targeting ICS/OT in 2025: Dragos
Dragos’ 2026 Year in Review OT/ICS report adds three new adversaries—Sylvanite, Azurite and Pyroxene—targeting industrial control systems in 2025. Sylvanite acts as a rapid‑exploitation broker, weaponising n‑day flaws within 48 hours and handing access to the Voltzite group across power, oil,...
Dutch Carrier Odido Discloses Data Breach Impacting 6 Million
Dutch mobile carrier Odido announced a data breach that exposed personal information of more than 6 million customers, including names, addresses, phone numbers, email, dates of birth, bank account and passport or driver‑license details. The intrusion occurred on February 7‑8 and targeted...
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial control system vendors Siemens, Schneider Electric, Aveva, and Phoenix Contact released a flurry of Patch Tuesday advisories on February 11, 2026, addressing high‑severity flaws across dozens of OT products. Siemens issued eight advisories covering Desigo CC, Sentron Powermanager, Simcenter Femap, NX, and...
EU Unconditionally Approves Google’s $32B Acquisition of Wiz
The European Commission has given unconditional approval to Google’s $32 billion acquisition of cloud‑security firm Wiz, allowing the deal to close without any remedial conditions. The EU antitrust review concluded that the transaction poses no significant competition risk in the European...
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India
A newly released Aryaka report details a Pakistan‑attributed APT36 campaign that has launched a three‑pronged cyber assault on Indian government and defense entities. The operation employs three distinct Remote Access Trojans—GETA (a .NET Windows RAT), ARES (a Python‑based Linux RAT),...
New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices
ZeroDayRAT, a commercial mobile spyware kit, provides full remote control of iOS and Android devices. Available through Telegram, the toolkit includes live camera streaming, keylogging, GPS tracking, and modules for bank credential harvesting and clipboard‑based crypto theft. Researchers at iVerify...
New ‘SSHStalker’ Linux Botnet Uses Old Techniques
Security firm Flare has uncovered a new Linux botnet named SSHStalker that relies on a suite of decade‑old exploits and IRC‑based control mechanisms. The malware chain deploys multiple C‑based and Perl IRC bots, leverages 19 Linux kernel vulnerabilities from 2009,...
Outtake Raises $40 Million to Bolster Digital Trust Against AI-Driven Threats
Outtake, a cybersecurity startup, announced a $40 million Series B round to accelerate its unified digital‑trust platform amid a surge in AI‑driven phishing and impersonation attacks. The round, led by ICONIQ and featuring investors such as Satya Nadella and Nikesh Arora, brings total capital...
Cybersecurity M&A Roundup: 34 Deals Announced in January 2026
January 2026 saw 34 cybersecurity M&A announcements, underscoring rapid consolidation in the sector. CrowdStrike led the pack, agreeing to acquire SGNL for $740 million and Seraphic Security for about $420 million, bolstering its identity and browser‑runtime defenses. Other notable deals include Delinea’s...
‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks
Cisco’s Talos researchers have identified a China‑linked adversary‑in‑the‑middle framework called DKnife, operating since at least 2019. The platform comprises seven Linux‑based implants that perform deep packet inspection, traffic manipulation, and delivery of backdoors such as ShadowPad and DarkNimbus. DKnife targets...
5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel
The House Energy Subcommittee advanced five bipartisan bills aimed at strengthening both physical and cyber defenses of the United States electric grid and broader energy infrastructure. The legislation updates Department of Energy programs, extends cybersecurity support for rural utilities through...
Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign
Security researcher Sygnia uncovered a coordinated network of more than 150 cloned law‑firm websites used in an AI‑powered fraud scheme. The domains are spread across multiple registrars, each with its own SSL certificate and often hidden behind Cloudflare to evade...