Security & IT News

CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn…

Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it. [...]

This practitioner-focused review covers Acalvio ShadowPlex, a deception-first platform designed to stop attacker progress across IT, cloud, OT,…

Conntour uses AI models to let security teams query camera feeds using natural language to find any object, person, or situation.

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients

Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule is active, so it’s expected to catch something. But very

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the user wrote them," Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. "No clicks, no

The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. [...]

Executive overview The strategic positioning of covert access within the world’s telecommunication networks A months-long investigation by Rapid7 Labs has uncovered evidence of an advanced China-nexus threat actor, Red Menshen, placing some of the stealthiest digital sleeper cells the team has ever seen in telecommunications networks. The goal of these campaigns is to carry out high-level espionage, including against government networks. Telecommunications networks are the central nervous system of the digital world. They carry government communications, coordinate critical industries, and underpin the digital identities of billions of people. When these networks are compromised, the consequences extend far beyond a single provider or region. That level of access is, and should be, a national concern as it compromises not just one company or organization, but the communications of entire populations. Over the past decade, telecom intrusions have been reported across multiple countries. In several cases, state-backed actors accessed call detail records, monitored sensitive communications, and exploited trusted interconnections between operators. While these incidents often appear isolated, a broader pattern is emerging. Why telecom networks are strategic espionage targets Telecommunications infrastructure provides a uniquely valuable strategic positioning. Modern telecom networks are layered ecosystems composed of routing systems, subscriber management platforms, authentication services, billing systems, roaming databases, and lawful intercept capabilities. These systems rely on specialized signaling protocols such as SS7, Diameter, and SCTP to coordinate identity, mobility, and connectivity across national and international boundaries. Persistent access within these environments enables far more than a conventional data breach. An adversary positioned inside the telecom core may gain visibility into subscriber identifiers, signaling flows, authentication exchanges, mobility events, and communications metadata. In the most concerning scenarios, this level of access could support long-term intelligence collection, large-scale subscriber tracking, and monitoring of sensitive communications involving high-value geopolitical targets. Telecommunications networks sit at the intersection of identity, mobility, and global connectivity. Compromise at this layer carries national and international implications. A structured campaign, not isolated incidents What looks like discrete breaches increasingly resembles a repeatable campaign model designed to establish persistent access inside telecommunications infrastructure. Our investigation uncovered a long-term and ongoing operation attributed to a China-nexus threat actor. Rather than conducting short-term intrusion activity, the operators appear focused on long-term positioning by embedding stealthy access mechanisms deep inside telecom and critical environments and maintaining them for extended periods. In

Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. [...]

OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-085-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device. /strong /p p The following versions of WAGO GmbH amp; Co. KG Industrial Managed Switches are affected: /p ul li WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1812 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1813 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.3.S0 WAGO_Hardware_852-1813/000-001 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1816 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.8.S0 WAGO_Hardware_852-303 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.0.S0 WAGO_Hardware_852-1305 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.0.S0 WAGO_Hardware_852-1305/000-001 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.0.S0 WAGO_Hardware_852-1505/000-001 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.1.9.S0 WAGO_Hardware_852-1505 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.0.6.S0 WAGO_Hardware_852-602 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.0.6.S0 WAGO_Hardware_852-603 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.5.S0 WAGO_Hardware_852-1605 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1812/010-000 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1813/010-000 (CVE-2026-3587) /li li WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1816/010-000 (CVE-2026-3587) /li li WAGO Firmware version V1.0.6.S0 WAGO_Hardware_852-602 (CVE-2026-3587) /li li WAGO Firmware version V1.0.6.S0 WAGO_Hardware_852-603 (CVE-2026-3587) /li li WAGO Firmware version V1.1.9.S0 WAGO_Hardware_852-1505 (CVE-2026-3587) /li li WAGO Firmware version V1.2.0.S0 WAGO_Hardware_852-1305 (CVE-2026-3587) /li li WAGO Firmware version V1.2.0.S0 WAGO_Hardware_852-1305/000-001 (CVE-2026-3587) /li li WAGO Firmware version V1.2.0.S0 WAGO_Hardware_852-1505/000-001 (CVE-2026-3587) /li li WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1812 (CVE-2026-3587) /li li WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1813 (CVE-2026-3587) /li li WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1816 (CVE-2026-3587) /li li WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1812/010-000 (CVE-2026-3587) /li li WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1813/010-000 (CVE-2026-3587) /li li WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1816/010-000 (CVE-2026-3587) /li li WAGO Firmware version V1.2.3.S0 WAGO_Hardware_852-1813/000-001 (CVE-2026-3587) /li li WAGO Firmware version V1.2.5.S0 WAGO_Hardware_852-1605 (CVE-2026-3587) /li li WAGO Firmware version V1.2.8.S0 WAGO_Hardware_852-303 (CVE-2026-3587)

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-085-03.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. /strong /p p The following versions of PTC Windchill Product Lifecycle Management are affected: /p ul li Windchill PDMLink 11.0_M030 (CVE-2026-4681) /li li Windchill PDMLink 11.1_M020 (CVE-2026-4681) /li li Windchill PDMLink 11.2.1.0 (CVE-2026-4681) /li li Windchill PDMLink 12.0.2.0 (CVE-2026-4681) /li li Windchill PDMLink 12.1.2.0 (CVE-2026-4681) /li li Windchill PDMLink 13.0.2.0 (CVE-2026-4681) /li li Windchill PDMLink 13.1.0.0 (CVE-2026-4681) /li li Windchill PDMLink 13.1.1.0 (CVE-2026-4681) /li li Windchill PDMLink 13.1.2.0 (CVE-2026-4681) /li li Windchill PDMLink 13.1.3.0 (CVE-2026-4681) /li li FlexPLM 11.0_M030 (CVE-2026-4681) /li li FlexPLM 11.1_M020 (CVE-2026-4681) /li li FlexPLM 11.2.1.0 (CVE-2026-4681) /li li FlexPLM 12.0.0.0 (CVE-2026-4681) /li li FlexPLM 12.0.2.0 (CVE-2026-4681) /li li FlexPLM 12.0.3.0 (CVE-2026-4681) /li li FlexPLM 12.1.2.0 (CVE-2026-4681) /li li FlexPLM 12.1.3.0 (CVE-2026-4681) /li li FlexPLM 13.0.2.0 (CVE-2026-4681) /li li FlexPLM 13.0.3.0 (CVE-2026-4681) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 10 /td td PTC /td td PTC Windchill Product Lifecycle Management /td td Improper Control of Generation of Code ('Code Injection') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-4681 /a /h3 div class= csaf-accordion-content p A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-4681 View CVE Details /a /p hr h4 Affected Products /h4 h5 PTC Windchill Product Lifecycle Management /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br PTC /div div class= ics-version strong Product Version: /strong br PTC Windchill PDMLink: 1

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-085-02.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter. /strong /p p The following versions of OpenCode Systems OC Messaging and USSD Gateway are affected: /p ul li OC Messaging 6.32.2 (CVE-2025-70614) /li li USSD Gateway 6.32.2 (CVE-2025-70614) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 8.1 /td td OpenCode Systems /td td OpenCode Systems OC Messaging and USSD Gateway /td td Improper Access Control /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Communications /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Bulgaria /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-70614 /a /h3 div class= csaf-accordion-content p OpenCode Systems Custom Messaging Gateway 6.32.2 contains a web access vulnerability allowing one authenticated user to gain access to another authenticated user's messages via a crafted identifier parameter. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-70614 View CVE Details /a /p hr h4 Affected Products /h4 h5 OpenCode Systems OC Messaging and USSD Gateway /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br OpenCode Systems /div div class= ics-version strong Product Version: /strong br OpenCode Systems OC Messaging: 6.32.2, OpenCode Systems USSD Gateway: 6.32.2 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br The vulnerability was identified by OpenCode Systems on January 5, 2026 and remediated on January 6, 2026 with the release of version 6.33.11. /p p strong Mitigation /strong br For more information, contact OpenCode: https://opencode.com/about/contact-us br a href= https://opencode.com/about/contact-us https://opencode.com/about/contact-us /a /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/284.html CWE-284 Improper Access Control /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS Version /th th role= columnhead

p CISA has added one new vulnerability to its a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog" Known Exploited Vulnerabilities (KEV) Catalog /a , based on evidence of active exploitation. /p ul li a href="https://www.cve.org/CVERecord?id=CVE-2026-33634" target="_blank" CVE-2026-33634 /a Aqua Security Trivy Embedded Malicious Code Vulnerability /li /ul p This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. /p p a href="https://www.cisa.gov/binding-operational-directive-22-01" Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities /a established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf" BOD 22-01 Fact Sheet /a for more information. /p p Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog" KEV Catalog vulnerabilities /a as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities" specified criteria /a . nbsp; /p

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso, Matisse, and Renoir to unsuspecting collectors and renowned museums. Over the next several decades,

Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk?

An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. [...]

Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn t even be touching. There s a little bit of everything in this one, too. Weird delivery tricks, old problems coming back in slightly worse forms, shady infrastructure doing

In December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequences on their deployment of AI, while undermining the efforts of consumers, advocates, and industry associations concerned about AI’s harms who have spent years pushing for state regulation. Trump’s actions have clarified the ideological alignments around AI within America’s electoral factions. They set down lines on a new playing field for the midterm elections, prompting members of his party, the opposition, and all of us to consider where we stand in the debate over how and where to let AI transform our lives. In a May 2025 survey of likely voters nationwide, more than 70% favored state and federal regulators having a hand in AI policy. A December 2025 poll by Navigator Research found similar results, with a massive net +48% favorability for more AI regulation. Yet despite the overwhelming preference of both voters and his party’s elected leaders—Congress was essentially unanimous in defeating a previous state AI regulation moratorium—Trump has delivered on a key priority of the industry. The order explicitly challenges the will of voters across blue and red states, from California to South Dakota, scrambling political positions around the technology and setting up a new ideological battleground in the upcoming race for Congress. There are a number of ways that candidates and parties may try to capitalize on this emerging wedge issue before the midterms. In 2025, much of the popular debate around AI was cast in terms of humans versus machines. Advances in AI and the companies it is associated with, it is said, come at the expense of humans. A new model release with greater capabilities for writing, teaching, or coding means more people in those disciplines losing their jobs. This is a humanist debate. Making us talk to an AI customer-support agent is an affront to our dignity . Using AI to help generate media sacrifices authenticity . AI chatbots that persuade and manipulate assault our liberty . There is philosophical merit to these arguments, and yet they seem to have limited political salience. Populism versus institutionalism is a better way to frame this debate in the context of US politics. The MAGA movement is widely understood to be a realignment of American party politics to ally the Republican party with populism, and the Democratic party with defenders of traditional institutions of American government and their democratic norms. This frame is shattered by Trump’s AI order, which unabashedly serves economic elites at the expense of populist consumer protections. It is part of an ongoing courting process between MAGA and big tech, where the Trump political project sacrifices the interests of consu