This daily cybersecurity publication covers significant updates and new threats impacting various sectors. The Armored Likho APT group has evolved its tactics, now employing AI-generated loaders and malicious LNK files to deploy the BusySnake Stealer, which targets cryptocurrency wallets and Telegram sessions. Microsoft has patched a high-severity Defender zero-day, CVE-2026-50656, following the public release of a proof-of-concept exploit, with detection methods and ASR rules recommended for remediation. A supply chain attack on the Injective Labs SDK via npm involved a malicious version that exfiltrated private keys and seed phrases by encoding them in HTTP headers, active for a brief but impactful period.
CISA has added two actively exploited Joomla plugin flaws, iCagenda (CVE-2026-48939) and Balbooa Forms (CVE-2026-56291), to its Known Exploited Vulnerabilities catalog, both critical zero-days allowing unauthenticated remote code execution. The NSA, alongside international partners, warns of Russian FSB targeting vulnerable routers in critical infrastructure, exploiting misconfigurations and known vulnerabilities. In legal news, a Ryuk ransomware operator has pleaded guilty to charges related to a $15 million extortion scheme targeting U.S. companies and educational institutions.
New incidents include a data breach at Dutch telecom provider Odido, affecting six million customers due to a phishing attack, and a breach at Centers Laboratory exposing health information for over 540,000 individuals, claimed by 'WorldLeaks'. First National Holdings LLC disclosed a breach impacting over 34,500 people, exposing sensitive financial and personal data. Finally, APT-C-60 is targeting Japan with 'SpyGlace' malware, abusing trusted cloud services for delivery, and a new RedHook Android malware variant abuses Wireless ADB for persistent shell access on newer Android versions.
Help others stay informed about cybersecurity threats
Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.
Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.
Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.