Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.
DHS confirms breach of classified information-sharing network
Hackers compromised the Homeland Security Information Network, a platform used by federal, state, and private partners to share sensitive intelligence.
CIA director calls AI capabilities digital nuclear weapons
John Ratcliffe frames artificial intelligence as a strategic threat on par with atomic arsenals, signaling major operational shifts at Langley.
Nissan employee data exposed in Oracle zero-day breach
Automaker warns current and former staff after attackers exploited PeopleSoft flaw previously linked to ShinyHunters extortion group.
KDDI breach exposes 14.2 million email credentials across six Japanese ISPs
Threat actors compromised shared email infrastructure serving multiple internet providers, affecting millions of subscribers in coordinated attack on telecommunications operator.
Sanctioned Kinahan Cartel Lieutenant Surfaces at Dubai Padel Club
Open-source investigation locates senior organized crime figure at recreational facility despite international financial sanctions and Interpol notices.
CISA orders federal agencies to patch exploited Cisco flaw by Sunday
Active exploitation of a Cisco Unified Communications Manager vulnerability prompts emergency directive with three-day compliance window for civilian agencies.
Columbia-Class Submarines Depend on China-Refined Rare Earths
The Navy's next-generation ballistic missile fleet relies on rare earth elements refined almost exclusively in China, creating a critical supply chain vulnerability.
Cisco SD-WAN Zero-Day Exploited Two Months Before Disclosure
Mandiant reports unknown threat actor gained root access via CVE-2026-20245, exploiting the flaw as a zero-day before Cisco's public advisory.
LastPass breached via stolen OAuth tokens in Klue supply chain attack
Hackers accessed customer data from LastPass's Salesforce environment after compromising OAuth credentials through third-party vendor Klue earlier this month.
U.S. Extended Deterrence Model Faces Structural Breakdown
Foreign Affairs analysis warns that America's nuclear umbrella over allies is losing credibility as geopolitical and technological realities shift.
Trump Ambiguity on Taiwan Invites Chinese Coercion Short of War
Foreign Affairs warns that presidential equivocation undermines deterrence, opening pathways for Beijing to claim Taiwan through economic and political pressure.
North Korea compromised 140 npm packages in Mastra AI attack
Microsoft attributes supply chain breach to Sapphire Sleet, marking escalation in state-sponsored targeting of developer infrastructure.
Texas vendor breach exposes 3 million driver's licenses
Texas Parks and Wildlife Department reports third-party licensing system compromise affecting personal data of over three million individuals.
ShapedPlugin supply chain breach delivers malware via trusted updates
Attackers compromised the WordPress vendor's distribution infrastructure, pushing infected plugin versions to paying customers through official channels.
India Faces Espionage Risk From Decade of Chinese Camera Deployment
The Ghaziabad CCTV case exposes how unregulated Chinese surveillance hardware has penetrated India's most sensitive sites over ten years.
Cisco Patches Exploited SD-WAN Zero-Day Under Active Attack
CVE-2026-20262 allows arbitrary file write on Catalyst SD-WAN Manager. Cisco confirms active exploitation in the wild.
FBI shuts down Chinese phishing platform serving one million URLs
Outsider Enterprise, an AI-powered phishing-as-a-service operation, was dismantled in a coordinated takedown involving FBI, Google, and Black Lotus Labs.
Splunk Enterprise flaw permits unauthenticated remote code execution
Critical vulnerability in widely deployed enterprise logging platform allows attackers to execute code without credentials. Patches available for affected versions.
South Korea fines Coupang $409 million for data breach
The penalty against the e-commerce platform is the largest ever issued by Seoul's privacy commission, nearly five times the previous record.
ShinyHunters Exploited Oracle Zero-Day Before Patch Disclosure
Extortion group breached universities via unpatched PeopleSoft flaw, stealing data for ransom during two-week window before Oracle's advisory.
Ivanti Sentry flaw under active exploit with root access
Attackers are exploiting a maximum-severity vulnerability in Ivanti Sentry gateways, gaining root-level code execution on Internet-facing systems.
Microsoft Defender Zero-Day Grants Attackers SYSTEM-Level Access
Public exploit code for RoguePlanet vulnerability enables privilege escalation on fully patched Windows systems via race condition in Defender.
Check Point VPN Zero-Day Exploited for Month Before Disclosure
Critical vulnerability in Check Point VPN gateways has been under active exploitation since early May, with Qilin ransomware affiliate linked to attacks.
Meta AI support system exploited to hijack 20,000 Instagram accounts
Attackers weaponized Meta's automated customer service AI to reset passwords and seize control of user accounts in a novel social engineering attack.
Miasma Worm Compromises 73 Microsoft GitHub Repositories
Self-replicating supply chain attack hits Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations; GitHub disables affected repositories.
Pentagon's AI advantage erodes as adversaries copy public models
Rivals can replicate U.S. military AI capabilities by distilling logic from openly released frontier models that underpin Defense systems.
Cisco warns of active zero-day in SD-WAN Manager
Unpatched vulnerability allows attackers to escalate to root privileges on Catalyst SD-WAN Manager; no fix yet available.
US agencies warn hackers targeting fuel tank monitoring systems
CISA and interagency partners alert that internet-exposed automatic tank gauges across critical infrastructure are under active cyberattack.
Threat actor deploys AI-built ransomware toolkit with automated evasion
New attack framework automates Active Directory reconnaissance and endpoint detection bypass, lowering technical barriers for ransomware operators.
Tehran shifts to protracted conflict doctrine
Iran's leadership has adopted a long-term attrition strategy, signaling sustained regional confrontation rather than near-term escalation or diplomacy.
Dutch Police Dismantle Botnet Controlling 17 Million Devices
Takedown targeted command infrastructure in the Netherlands that coordinated attacks from infected computers, phones, tablets, and IoT hardware worldwide.
Palo Alto VPN flaw now under active exploitation
Authentication bypass vulnerability in GlobalProtect allows attackers to penetrate corporate networks without credentials, company confirms.
Microsoft condemns researcher's public zero-day releases with exploit code
A security researcher published multiple Microsoft zero-days with working proof-of-concept code on GitHub, prompting the company to call the practice unjustifiable.
GCHQ reports daily Russian attacks across UK infrastructure and cyberspace
Britain's signals intelligence chief says Russia is targeting subsea cables, energy pipelines, and conducting sabotage operations, prompting expanded defensive measures.
Extortion Gang Poses as Clients to Breach Law Firms
FBI warns Silent Ransom Group is conducting in-person social engineering to gain physical access to law firm servers and client databases.
Russian cluster munitions documented in Mali after airstrikes
Bellingcat and Jeune Afrique confirm banned submunitions in northern Mali village, despite country's treaty obligations prohibiting cluster weapons.
Japanese LMS Zero-Day Delivered Godzilla Shell, Cobalt Strike
KnowledgeDeliver learning platform exploited via hard-coded cryptographic keys before vendor patched critical flaw affecting Japanese enterprise customers.
Ghost CMS SQL flaw exploited in ClickFix malware campaign
Critical vulnerability in popular publishing platform allows attackers to inject malicious JavaScript, triggering social engineering attacks at scale.
Laravel Lang packages compromised in GitHub tag abuse attack
Attackers hijacked popular PHP localization libraries via malicious Composer releases, deploying credential-stealing malware to developer environments worldwide.
Dutch authorities seize 800 servers enabling cyberattacks and disinformation
Financial crime investigators arrested two suspects and dismantled infrastructure used for offensive cyber operations and influence campaigns across multiple jurisdictions.
Microsoft disrupts Fox Tempest malware-signing service targeting hospitals
Cybercrime platform sold code-signing credentials to ransomware operators, enabling attacks on healthcare and critical infrastructure organizations.
GitHub repositories breached via poisoned VS Code extension
Supply chain attack on developer tooling compromised employee device, granting access to internal GitHub repositories through malicious Nx Console extension.
Huawei zero-day caused Luxembourg's nationwide telecom collapse
A previously undisclosed vulnerability in Huawei equipment brought down an entire country's network. The flaw remains unpatched and unacknowledged.
GitHub Actions workflow compromised to steal CI/CD credentials
Attackers rewrote repository tags in actions-cool/issues-helper to redirect users to malicious commits harvesting secrets from automated pipelines.
Windows zero-day grants SYSTEM access on patched machines
Researcher releases working exploit for privilege escalation flaw affecting current Windows versions; Microsoft has not yet issued a patch.
WordPress Plugin Flaw Exploited to Skim WooCommerce Checkout Data
Attackers are actively exploiting a critical vulnerability in Funnel Builder to inject payment-stealing JavaScript into WordPress e-commerce sites.
Microsoft Exchange zero-day exploited in active attacks
High-severity vulnerability enables arbitrary code execution through cross-site scripting targeting Outlook on the web users. Mitigations released Thursday.
Cisco SD-WAN flaw exploited as zero-day, grants admin access
Critical authentication bypass in Catalyst SD-WAN Controller allowed attackers to seize administrative control before patch release, Cisco confirms.
BitLocker bypass and privilege escalation exploits now public
Proof-of-concept code for two unpatched Windows vulnerabilities—YellowKey and GreenPlasma—enables attackers to access encrypted drives and escalate privileges.
West Pharmaceutical discloses ransomware breach, operations disrupted
Medical device supplier filed SEC notice after May 4 intrusion that encrypted systems and exfiltrated data, affecting pharmaceutical supply chains.
Four Landslides Kill Hundreds at Congo Coltan Mines Under M23 Control
Bellingcat verifies deadly mining accidents in DRC's Rubaya region, now held by Rwandan-backed armed group, raising supply chain questions for tech firms.
Multi-Year Phishing Campaign Compromises Over 500 Organizations
A sustained phishing operation has breached more than 500 entities across aviation, energy, logistics, and critical infrastructure over several years.
JDownloader site compromised to distribute Python RAT malware
Popular download manager's official website served malicious Windows and Linux installers this week, deploying remote access trojan to unsuspecting users.
Linux zero-day grants root access across major distributions
Dirty Frag exploit enables local privilege escalation with a single command, affecting most enterprise Linux deployments currently in production.
Iranian intelligence operatives disguise espionage as ransomware attack
MuddyWater APT group deployed Chaos ransomware to mask intrusion tied to Iran's Ministry of Intelligence and Security, incident responders report.
DAEMON Tools trojanized in supply chain breach, patched version released
Disc Soft confirms malware was inserted into its popular disc imaging software; users urged to update immediately to clean build.
Palo Alto Networks Confirms Zero-Day Exploit in Firewall Software
CVE-2026-0300 targets the Captive Portal service in PAN-OS, affecting PA and VM series firewalls currently deployed in enterprise networks.