Kimsuky deployed HTTPSpy and HelloDoor malware against South Korean military and corporate targets in March–April 2026, using spoofed Webex pages and fake security software installs. The VS Code tunnel abuse marks a deliberate expansion into developer-trusted infrastructure to evade detection.
The Moscow summit revealed Beijing setting agenda terms while Moscow accepts junior-partner status, despite shared anti-Western rhetoric. China's economic leverage over a war-depleted Russia is widening the gap between the partnership's optics and its actual power distribution.
Russia-linked threat cluster GreyVibe is deploying AI-generated phishing lures alongside custom malware toolsets against Ukrainian entities. Using commercial LLMs for lure production lowers adversary cost and raises detection difficulty, setting a replicable template for AI-assisted state-adjacent operations.
GCHQ Director Anne Keast-Butler confirmed Russia conducts daily hybrid attacks on UK infrastructure including subsea cables, energy pipelines, and assassination attempts. The public attribution signals London is prepared to name and counter Russian operations across every domain simultaneously.
The May 2025 Putin-Xi summit produced a joint statement explicitly framing the Ukraine war within a broader rejection of Western-led global order. The document signals Beijing's strategic alignment with Moscow has hardened into coordinated ideological posture, not merely tactical neutrality.
Despite no large Taiwan-specific exercise post-Trump-Xi meeting, China's navy has intensified activity across broader Indo-Pacific sea lanes. Beijing is diversifying coercive pressure geographically, avoiding a single flashpoint while sustaining operational tempo.
CISA is responding to the "Megalodon" supply chain campaign and a separate compromise via a malicious Nx Console VS Code extension, both targeting enterprise CI/CD pipelines.
US-Iran negotiations are advancing toward an agreement potentially ending the conflict begun February 28, even as the seven-week truce sees sporadic Gulf and maritime skirmishes. A hollow deal risks locking in Iranian equities while leaving enforcement mechanisms unresolved.
Nvidia CEO Jensen Huang repeatedly deflected questions about whether selling compute to strategic adversaries who train offensive AI—demonstrated by Anthropic's Mythos Preview—creates seller liability. The exchange exposes a policy vacuum at the intersection of export controls and AI capability proliferation.
Strategists and lawmakers arguing the US faces a theater-range nuclear deterrence gap with Russia and China are overstating the shortfall, according to critical analysts. The debate directly shapes whether Washington pursues new low-yield warhead programs and lowers its own nuclear threshold.
Rose Gottemoeller, former NATO deputy secretary general, argues the West needs a structured framework for engaging Russia after Ukraine hostilities end, covering nuclear diplomacy and security cooperation.
Overland rail corridors from Iran to China carry too little volume and too high cost to offset Western sanctions blocking Iran's maritime oil exports. Tehran's energy revenue remains structurally exposed as long as sea lane access is denied.
Microsoft Threat Intelligence identified The Gentlemen, a Go-based ransomware used by Storm-2697 affiliates, combining per-file ephemeral key encryption with simultaneous multi-vector lateral movement for full-network self-propagation.
Unnamed threat actors are actively exploiting a critical patched vulnerability in Fortinet's FortiClient EMS to push credential-stealing malware disguised as legitimate Fortinet endpoint software across managed networks.
A hardcoded-credential vulnerability in Jinan USR IOT's USR-W610 RS232/485-to-Wi-Fi converter version 7.03T.07 scores CVSS 9.8, enabling unauthenticated admin takeover. The device's role bridging serial OT equipment to IP networks makes exploitation a direct path into industrial environments.
An unverified password change vulnerability in KMW KM-IP521 and KM-IP421 cameras scores CVSS 9.1, granting full unauthorized access to video feeds and device settings.
Threat actors are actively exploiting authentication bypass CVE-2026-35616 in Fortinet's FortiClient Enterprise Management Server to install the previously undocumented credential stealer EKZ.
Unpatched vulnerabilities in ABB EIBPORT V3 KNX building-automation hardware allow attackers to read sensitive device data and alter configurations; a firmware update is now available. Exploitation in building-management systems risks cascading physical infrastructure impact in commercial and industrial facilities.
A CVSS 6.8 vulnerability in all versions of ABB Busch-Welcome 2 Wire Door Opener Actuator enables attackers to gain unauthorized physical entry to secured buildings. The flaw affects an entire product line with no version exclusions, broadening the attack surface across any facility using the hardware.
A CVSS 8.8 vulnerability in Fourth Frontier Frontier X Android and iOS apps and Frontier X2 hardware allows arbitrary handle read/write, enabling falsification of cardiac data and potential patient harm. All Frontier X2 hardware versions are affected with no patched firmware currently listed.