Cisco Firewalls Breached by 'Firestarter' Malware; Critical RCE Flaw Hits Hugging Face AI

Critical Unpatched RCE Flaw in Hugging Face's LeRobot AI Platform Puts Robotics Systems at Risk

A critical, unpatched remote code execution (RCE) vulnerability, tracked as CVE-2026-25874 with a CVSS score of 9.3, has been discovered in Hugging Face's popular open-source robotics platform, LeRobot. The flaw stems from an insecure data deserialization prac...

Singapore Plans Major Cybersecurity Overhaul, Mandating PQC and Expanding CII Oversight

Singapore is set to significantly strengthen its national cybersecurity posture with a series of regulatory updates announced by the government. The changes, to be rolled out over the next two years, will expand cybersecurity obligations to systems connected t...

AI-Driven Attacks Fueling MSP Supply Chain Risk, Guardz Report Finds

A new report from cybersecurity firm Guardz reveals a grim reality for SMBs, with nine out of ten having compromised users, largely due to AI-accelerated attacks. The 2026 State of MSP Threat Report highlights a massive surge in losses from Business Email Comp...

Checkmarx Details Supply Chain Attack Stemming from Trivy Scanner Vulnerability

Application security firm Checkmarx has provided a detailed timeline of a supply chain attack that began with the exploitation of a vulnerability in the Trivy scanner. The attack, which started on March 23, 2026, led to unauthorized access to Checkmarx's GitHu...

Wisconsin Hospital Mile Bluff Medical Center Hit by Ransomware, Enters Downtime Procedures

Mile Bluff Medical Center in Mauston, Wisconsin, has confirmed it is recovering from a ransomware attack that occurred in April 2026. The attack encrypted files on the medical center's network, causing temporary disruptions to computer and phone systems. Clini...

Foxit PDF Reader Flaw (CVE-2026-5942) Could Lead to Information Disclosure

A use-after-free vulnerability, tracked as CVE-2026-5942, has been disclosed in affected versions of Foxit PDF Reader. The flaw, which requires a user to open a malicious file, can be exploited to disclose sensitive information from the system's memory. While...

APT28 Unleashes New 'PRISMEX' Malware on Ukraine and NATO Allies

Update:Microsoft has confirmed active exploitation of CVE-2026-32202, a Windows Shell spoofing vulnerability, patched in April 2026. This flaw is an incomplete fix for CVE-2026-21510, which was previously weaponized by APT28 (Forest Blizzard/Fancy Bear). Crucially, C...

Iran-Affiliated Hackers Weaponize PLCs, Disrupting US Water and Energy Sectors

Update:The OT-ISAC advisory reveals that the threat to critical infrastructure, exemplified by the Iran-affiliated PLC exploitation, is now spreading to a wider range of distributed energy resources (DER), remote sites, and OT-adjacent systems. This expansion of the...

Anthropic's 'Mythos' AI Model Signals New Era of Autonomous Cyber Threats

Update:The UK government and its communications regulator, Ofcom, have issued a coordinated alert to businesses, specifically communications and technology providers, warning of the escalating cybersecurity threats posed by frontier AI models. The alert highlights An...

CISA Discovers 'FIRESTARTER' Backdoor on Federal Cisco Firewall; Malware Survives Patches

Update:A joint report by CISA and NCSC provides further insights into the Firestarter malware. New information indicates initial access was achieved through compromised credentials and dormant user accounts, leading to unauthorized VPN sessions, rather than solely th...

UK's NCSC Unveils 'SilentGlass' Hardware to Block Cyberattacks via HDMI and DisplayPort

Update:The new article provides additional context on the NCSC's SilentGlass device, including a quote from Stephen Kines, co-founder of Goldilock Labs, emphasizing its role as a 'physical kill switch' for display connections. It also highlights the partnership with...