A new Gafgyt variant dubbed C0XMO is compromising DD-WRT router firmware and laterally moving across multiple CPU architectures while terminating competing malware. The rival-elimination tactic signals an increasingly competitive IoT botnet ecosystem where operators protect infection pools as business assets.
Reps. Rob Wittman and Pat Ryan's House Defense Modernization Caucus has driven acquisition and procurement reforms through two consecutive NDAAs since its 2024 founding.
Microsoft is imposing a mandatory two-hour hold on automatic VS Code extension updates to create a detection window for malicious supply chain pushes. The move acknowledges that IDE extension ecosystems are now a primary software supply chain attack surface targeting developer pipelines.
Google Mandiant attributes a January–May 2026 data theft extortion campaign targeting dozens of U.S. professional, legal, and financial firms to financially motivated UNC3753. The use of physical intrusions alongside vishing marks a tactical escalation beyond purely remote social engineering.
Attackers exploited Meta's AI-powered support system to trigger password resets, stealing over 20,000 Instagram accounts. The incident demonstrates that AI-assisted customer support pipelines introduce novel account-takeover vectors that scale social engineering without human interaction.
Unauthenticated attackers are exploiting an unpatched SolarWinds Serv-U vulnerability in the wild using crafted POST requests that crash the service. Active exploitation before widespread patching extends the exposure window across enterprise file-transfer deployments still scarred by the 2020 SolarWinds compromise.