North Korea's Lazarus Group is deploying a fileless RAT called RemotePE via a two-stage loader chain—DPAPILoader and RemotePELoader—against financial and cryptocurrency targets.
Attackers poisoned Laravel-Lang packages within a 15-minute publication window, introducing backdoors designed to exfiltrate CI/CD pipeline secrets. The compressed attack timeline suggests automation and targets developer credentials with broad downstream access across dependent projects.
Dutch authorities arrested co-owners of two hosting firms that operated infrastructure for Russian cyberattacks, influence ops, and disinformation inside the EU, linked to sanctioned provider Stark Industries Solutions.
China's 2010 rare-earth embargo against Japan exposed how industrial capacity underpins geopolitical leverage, a vulnerability the U.S. now mirrors. Washington cannot credibly wield economic statecraft while dependent on adversary supply chains for critical goods.
The Trump administration cut $1.2 billion from NOAA, USGS, and DoD climate programs—equal to the cost of repairing flood damage at Offutt AFB in 2019 alone.
A Marine officer's firsthand account from al-Qa'im, Iraq illustrates how the absence of a codified military ethics doctrine produces inconsistent life-and-death decisions at the tactical level.
Extortion group ShinyHunters exfiltrated personal data on 183,000-plus individuals after breaching 7-Eleven's systems in April, confirmed via Have I Been Pwned. ShinyHunters continues targeting high-volume consumer brands to monetize bulk PII, sustaining a criminal data-broker pipeline that feeds downstream fraud.
The Oncology Institute disclosed a data breach originating from an unnamed third-party vendor, with TriZetto identified as a possible candidate. Healthcare supply-chain breaches continue to expose sensitive oncology patient records through vendor access points outside direct institutional control.
Threat actors exfiltrated files containing names and protected health information from Radiology Associates of Richmond, affecting 266,000 individuals. The breach adds to a sustained pattern of ransomware and data-theft operations targeting mid-size regional healthcare providers with limited security resources.
Hackers accessed names, addresses, Social Security numbers, financial records, and medical data from DocketWise third-party partner repositories, impacting 143,000 people. Third-party repository exposure remains a critical gap, giving attackers high-value PII without breaching the primary target's core infrastructure.
Attackers exploited CVE-2026-5426 (CVSS 7.5) in Digital Knowledge's KnowledgeDeliver LMS—widely used in Japan—as a zero-day to plant the Godzilla web shell and stage Cobalt Strike Beacon. Hard-coded ASP.NET machine keys as the root cause signals a systemic secure-development failure in enterprise education software.
A week of overlapping incidents—supply chain-poisoned dev tools, revived legacy CVEs, router botnets, and Defender zero-days—compressed multiple attack surfaces into one reporting cycle. The convergence illustrates how defenders triaging one crisis routinely miss simultaneous exploitation of forgotten infrastructure.
Attackers exploited a Ghost CMS flaw to backdoor over 700 websites, including Harvard, Oxford, and DuckDuckGo. Compromise of high-trust institutional domains creates ready infrastructure for credential phishing and disinformation distribution at scale.
Attackers are using AI to compress vulnerability discovery and weaponization timelines, narrowing the patch window defenders depend on. The asymmetry favors offense—finding one exploitable flaw beats defending every surface simultaneously.
Unidentified threat actors are exploiting CVE-2026-26980 (CVSS 9.4), an unauthenticated SQL injection flaw in Ghost CMS Content API, to inject malicious JavaScript across 700+ compromised sites. Scale of infection signals an automated campaign weaponizing a freshly disclosed critical flaw before defenders can patch.