1. The Axios npm package was compromised via a stolen maintainer account to distribute a malicious dependency and a cross platform remote access trojan. (thehackernews.com)
2. CISA issued an emergency directive for federal agencies to patch an actively exploited vulnerability in Citrix NetScaler appliances. (bleepingcomputer.com)
3. Iranian state affiliated hackers breached the personal email account of the FBI director and leaked personal documents and photos online. (bitdefender.com)
4. OpenAI patched a critical vulnerability in ChatGPT that allowed for the exfiltration of sensitive user data through a hidden outbound channel. (thehackernews.com)
5. A critical unauthenticated remote code execution vulnerability identified as CVE 2026 33017 remains unpatched in Langflow. (reddit.com)
6. The Dutch Ministry of Finance took treasury banking systems offline following a cyberattack detected two weeks ago. (bleepingcomputer.com)
7. A Maryland man was charged with stealing 53 million dollars from the Uranium Finance crypto exchange after hacking the platform twice. (bleepingcomputer.com)
8. Researchers identified a new malware loader called DeepLoad that utilizes ClickFix social engineering and WMI persistence to steal browser credentials. (thehackernews.com)
9. Apple introduced a new macOS terminal warning feature designed to thwart ClickFix social engineering attacks. (reddit.com)
10. A vulnerability in OpenAI Codex allowed attackers to steal GitHub tokens by manipulating branch names. (reddit.com)
11. The European Commission confirmed a data breach following a successful cyberattack against the Europa.eu domain. (reddit.com)
12. Threat actors are actively exploiting a critical vulnerability in F5 BIG IP appliances and organizations are urged to apply patches immediately. (reddit.com)
Be First to Comment