Security
What happens when hackers steal AI? US lawmakers push new reporting rules
A Texas lawmaker on Thursday has proposed new AI incident reporting rules that would require AI companies such as Anthropic and OpenAI to report critical security incidents – as well as dangerous model behaviour – to Washington within seven days.
Read more about What happens when hackers steal AI? US lawmakers push new reporting rules
Ubiquiti UniFi OS devices targeted: CISA orders the patching of critical bugs
Having network access is all it takes for an attacker to access files, run arbitrary commands, and completely compromise a wide range of unpatched UniFi OS systems, including routers, firewalls, gateways, network video recorders, corporate software, and others. CISA warns that attackers are already exploiting critical bugs.
Read more about Ubiquiti UniFi OS devices targeted: CISA orders the patching of critical bugs
UK Scouts launch AI badges while US Girl Scouts use Google-backed programmes
While national governments and tech giants search for ways to regulate teen activity online, some groups are taking matters into their own hands. For example, Scouts are now introducing new badges on artificial intelligence, digital communication, and online safety.
Read more about UK Scouts launch AI badges while US Girl Scouts use Google-backed programmes
Microsoft: 2 ransomware groups hit SharePoint in parallel attacks
A Microsoft investigation into a ransomware case found that 2 different attackers operated simultaneously, demonstrating that modern attacks are not always isolated events and require different responses. The activity was linked to on-premises SharePoint servers that were targeted through known vulnerabilities.
Read more about Microsoft: 2 ransomware groups hit SharePoint in parallel attacks
Snyk slashes jobs and races to reinvent itself to keep up with AI
Cybersecurity unicorn Snyk has announced a 4th round of layoffs, shedding 90 employees in Israel and worldwide. The company is reorganizing to “move faster” with AI, at a time when Claude Code might be nibbling at its lunch.
Read more about Snyk slashes jobs and races to reinvent itself to keep up with AI
27 million passwords seized as Microsoft and EU authorities knock down malware infrastructure
Authorities have knocked out 3 of the cybercrime world's favorite malware tools used to launch ransomware attacks, seizing 27 million stolen passwords in the process.
Read more about 27 million passwords seized as Microsoft and EU authorities knock down malware infrastructure
OpenAI expands Daybreak – but experts warn it may find bugs faster than defenders can fix them
OpenAI on Tuesday announced the expansion of its AI-powered cybersecurity initiative, Daybreak – but experts are now warning Cybernews that fixing software flaws before hackers can exploit them may become the industry's biggest challenge.
Read more about OpenAI expands Daybreak – but experts warn it may find bugs faster than defenders can fix them
Hacker employs Claude to breach booking firms, leaves millions of records publicly accessible
A Russian hacker utilized HexStrike AI, combined with Anthropic's Claude, to steal data from numerous companies in the accommodation sector, our research team has found.
Read more about Hacker employs Claude to breach booking firms, leaves millions of records publicly accessible
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
Open a sketchy video file in VLC, stream it using Jellyfin or Kodi, or don’t even open it at all – simply storing it can get you compromised when the Linux file manager generates a thumbnail. A critical bug in FFmpeg, a massively popular open-source video processing engine, allows attackers to crash systems with ease and, in the worst cases, run malicious code.
Read more about Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
After sharing his story on TikTok, the man didn’t receive much sympathy from other users. But why not?
Read more about Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Belgian State Security hit by data breach, employee data potentially exposed
Between May 2025 and Spring 2026, the Belgian State Security was the victim of a cyberattack in which employee data may have been stolen.
Read more about Belgian State Security hit by data breach, employee data potentially exposed
North Korean hackers infiltrated software used to build AI apps, Microsoft says
The recent supply chain attack on Mastra npm packages has been attributed to a financially motivated North Korean hacking group called Sapphire Sleet.
Read more about North Korean hackers infiltrated software used to build AI apps, Microsoft says
Hackers dump 200,000 alleged secret Apple, Tesla files after Tata Electronics breach
Tata Electronics has confirmed a “cybersecurity incident” after the World Leaks ransomware group published more than 200,000 files allegedly tied to Apple and Tesla, including manufacturing records, technical drawings, and employee passport scans.
Read more about Hackers dump 200,000 alleged secret Apple, Tesla files after Tata Electronics breach
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
If you received an email with a link to register for an extra day off, would you click it? For a brief moment, exhausted healthcare workers thought their employer was finally rewarding them, only for the promised holiday to turn out to be a phishing test to see if they fell for it.
Read more about Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Major GNU software repository Savannah fixes 2-year flaw that left the platform exposed
GNU Savannah, a major platform for developing and distributing free software, said it had patched exploitable flaws that left it vulnerable for roughly 2 years.
Read more about Major GNU software repository Savannah fixes 2-year flaw that left the platform exposed
Massive security flaw discovered in popular SSH library libssh2
Two critical vulnerabilities affect libssh2, a widely used SSH library that may be embedded in millions of systems worldwide. Hackers can target exposed vulnerable instances remotely without any privileges or user interaction.
Read more about Massive security flaw discovered in popular SSH library libssh2
Texas vendor breach exposes personal data of more than 3 million people
A data breach involving a vendor used by the Texas Parks and Wildlife Department (TPWD) has exposed the personal information of more than 3 million people, according to state officials. The compromised data may include names, addresses, and government-issued ID details such as driver’s license numbers.
Read more about Texas vendor breach exposes personal data of more than 3 million people
Critical unfixable vulnerability allows hackers to take over iPhone XS, XR, 11, and older iPad devices
iPhone XS, XR, and 11, some older iPads, and other Apple devices are vulnerable to an unpatchable low-level hardware bug in the USB controller that allows physical hackers to completely take over devices, warns a report by Paradigm Shift.
Read more about Critical unfixable vulnerability allows hackers to take over iPhone XS, XR, 11, and older iPad devices
5.5 million records tied to Canada Life are allegedly for sale
A threat actor claims to be selling a massive Canada Life database containing more than 5.5 million records on a cybercrime forum, allegedly putting customers of the biggest Canadian insurance company at risk.
Read more about 5.5 million records tied to Canada Life are allegedly for sale
Hackers are selling what appears to be ENI France customer data
An alleged customer database linked to the French branch of ENI, an Italian multinational energy company, has surfaced on a cybercrime forum. Hackers claim that the breach exposes business account information of government agencies, universities, hotels, and private companies across France.
Read more about Hackers are selling what appears to be ENI France customer data
