1. Citrix NetScaler ADC and Gateway are under active reconnaissance for CVE-2026-3055, a critical memory overread vulnerability with a CVSS score of 9.3 (The Hacker News).
2. CISA added CVE-2025-53521, a critical remote code execution flaw in F5 BIG-IP Access Policy Manager, to its Known Exploited Vulnerabilities catalog (The Hacker News).
3. Russian state-sponsored group TA446 is deploying the DarkSword iOS exploit kit in targeted spear-phishing campaigns (The Hacker News).
4. Threat actor TeamPCP compromised the Telnyx package on PyPI, distributing credential-stealing malware hidden within WAV files (Bleeping Computer).
5. The European Commission is investigating a security breach involving unauthorized access to its Amazon cloud environment (Bleeping Computer).
6. Developers are being targeted on GitHub via fake Visual Studio Code security alerts that lead to malware downloads (Bleeping Computer).
7. Apple is issuing lock screen alerts to users of outdated iPhones to warn them about active web-based exploits (The Hacker News).
8. A vulnerability in the Open VSX registry allowed malicious Visual Studio Code extensions to bypass security vetting processes (The Hacker News).
9. Adversary-in-the-middle phishing campaigns are targeting TikTok for Business accounts by evading Cloudflare Turnstile protections (The Hacker News).
10. The FBI confirmed that Iran-linked hackers breached the personal email account of the FBI director (The Record).
11. A Dutch court has threatened xAI with daily fines if it fails to address the generation of nonconsensual nude images by its Grok AI (The Record).
12. Hackers planted a malicious plugin in a top Google search result for Claude plugins to facilitate attacks (Reddit).
13. Corporate environments are seeing an increased frequency of clickfix attacks (Reddit).
Be First to Comment