A lone threat actor successfully published 14 malicious npm packages designed to impersonate legitimate OpenSearch and Elasticsearch libraries. These typosquatting packages contained credential-harvesting code that targeted developers’ authentication tokens and environment variables. The malicious l
U.S. Immigration and Customs Enforcement (ICE) has awarded a $25 million contract for advanced biometric iris scanning technology to expand surveillance capabilities across detention facilities and border operations. This deployment raises significant cybersecurity concerns around biometric data pro
Law enforcement agencies have successfully dismantled one of the largest botnets in history, comprising over 17 million compromised devices worldwide. This massive network of infected computers, IoT devices, and servers was capable of launching devastating distributed denial-of-service (DDoS) attack
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Palo Alto Networks vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. The flaw affects PAN-OS software and requires immediate attention from organizations runn
Threat actors are exploiting ChatGPT’s legitimate conversation-sharing feature to host convincing fake service outage pages that distribute malware. By leveraging OpenAI’s trusted domain reputation, attackers bypass security filters and trick users into downloading malicious payloads disguised as sy
A Tennessee man has been arrested in connection with the 764 network, a notorious online extremist group involved in child exploitation and violent content distribution. The arrest follows a multi-year investigation dating back to 2022, highlighting the persistent threat posed by organized online cr
Security researchers have disclosed ChatGPhish, a novel attack technique that exploits ChatGPT’s web browsing and content summarization features to conduct sophisticated phishing campaigns. By manipulating webpage content that ChatGPT accesses and summarizes, attackers can inject malicious instructi
A robotics startup is offering free professional home cleaning services in exchange for permission to record every moment of the cleaning process—including video, audio, and sensor data—to train AI models. This arrangement raises serious privacy concerns, creates potential data breach vectors, and e
Palo Alto Networks’ GlobalProtect VPN is being actively exploited through CVE-2026-0257, a critical authentication bypass vulnerability with a CVSS score of 9.3. Rapid7 has confirmed in-the-wild exploitation targeting vulnerable PAN-OS firewalls. Attackers can gain unauthorized network access withou
Microsoft has been recognized as a Leader in the 2026 Gartner Magic Quadrant for Endpoint Protection Platforms, reinforcing its position in the enterprise security market. The recognition highlights Microsoft Defender for Endpoint’s comprehensive threat protection capabilities, integration ecosystem