Threat actors hijacked AsyncAPI npm packages and weaponized CI/CD pipelines to execute malware at import time, per Microsoft Threat Intelligence. The attack demonstrates that trusted open-source maintainer workflows are now a reliable malware distribution vector requiring supply chain controls.
Microsoft Threat Intelligence
· 7h ago
· Read full article →
Foreign Policy argues Gulf AI infrastructure can withstand Iranian attack threats by replicating Ukraine's distributed, resilient wartime architecture. The framing signals that Gulf states are now treating Iranian strike capability as a persistent planning constraint, not a hypothetical.
Foreign Policy
· 5h ago
· Read full article →
Moscow is escalating maritime pressure on Ukraine's Black Sea deepwater ports and commercial shipping lanes to degrade wartime economic throughput. Strangling export revenue directly attacks Ukraine's capacity to self-finance a protracted conflict.
Foreign Policy
· 12h ago
· Read full article →
Ukrainian attacks on Russian territory have produced visible internal disruption and public anxiety but no credible threat to Putin's political control. The pattern confirms the regime's insulation from battlefield costs, complicating Western assumptions about escalation deterrence.
Foreign Policy
· 21h ago
· Read full article →
A cyberattack on KFC Japan's logistics partner knocked out online ordering systems and threatens physical store closures. Attacks on food-supply chain vendors are emerging as a reliable lever against consumer infrastructure with outsized operational impact.
The Register Security
· 7h ago
· Read full article →
Beijing's military has barred leading Chinese cybersecurity vendors from defense procurement, not over technical failures but compliance or political grounds. The move signals internal distrust within China's own security-industrial base at a strategically sensitive moment.
SecurityWeek
· just now
· Read full article →
The Gold Eagle program will deploy AI to help government, industry, and critical infrastructure operators rapidly detect, prioritize, and patch cyber vulnerabilities. Centralizing this function under federal AI tooling reshapes how the U.S. coordinates defensive response at scale.
The Record
· 13h ago
· Read full article →
House and Senate FY2027 NDAA drafts embed legislative checks on Pentagon authority amid disputes over the Iran War and politically motivated military firings. Defense innovation remains a rare bipartisan bright spot inside an otherwise fractious civil-military oversight fight.
War on the Rocks
· 1h ago
· Read full article →
Senators pressed intelligence director nominee Jay Clayton on his 2020 election stance and past voter fraud claims, crowding out substantive intelligence oversight questions. The exchange signals that domestic political disputes will shadow U.S. intelligence leadership confirmation battles.
The Record
· 15h ago
· Read full article →
The Potomac Institute argues academia must systematically produce economic statecraft professionals to counter Chinese competition over chips, supply chains, and sanctions. Without a dedicated talent pipeline, U.S. strategy outpaces the human capital required to execute it.
War on the Rocks
· 2h ago
· Read full article →
A 42-state AG coalition secured an $18 million settlement from 23andMe over cybersecurity failures that exposed sensitive genetic data for millions of users. The multistate enforcement action sets a precedent for collective state-level accountability against consumer biodata custodians.
The Record
· 15h ago
· Read full article →
Beijing's new law mandates accelerated assimilation of ethnic minorities, codifying Xi's nationalism agenda over pluralist governance. Analysts assess the policy will intensify rather than resolve long-standing ethnic tensions in Xinjiang, Tibet, and beyond.
Foreign Policy
· 13h ago
· Read full article →
Analysts argue a durable U.S.-Iran Hormuz arrangement will likely require institutionalized transit fees as a face-saving revenue mechanism for Tehran. Normalizing toll-based passage would restructure global energy shipping economics and set precedent for strait monetization elsewhere.
Foreign Policy
· 22h ago
· Read full article →
War on the Rocks argues Camp David-style agreements redistribute rather than resolve conflict, with Lebanon and Iran deals concealing unaddressed pressures beneath diplomatic language. The analysis warns current frameworks postpone rather than neutralize Iranian influence in the Levant.
War on the Rocks
· 1h ago
· Read full article →
President Trump abandoned a proposed 20% fee on Strait of Hormuz ship passage on July 14, 2026, following direct requests from Persian Gulf allies. The reversal exposes tension between U.S. economic pressure tactics and allied Gulf states' dependence on frictionless energy export routes.
Just Security
· 20h ago
· Read full article →
Russian-speaking threat actor bandcampro exploited Google's open-source Gemini CLI to automate hacking operations and run a small botnet. The incident marks an early precedent of consumer AI tooling weaponized directly as attack infrastructure.
BleepingComputer
· 14h ago
· Read full article →
CISA warned administrators that attackers are actively exploiting three vulnerabilities in internet-exposed on-premises Microsoft SharePoint Server instances. Unpatched SharePoint deployments remain high-value pivot points into enterprise and government networks.
BleepingComputer
· 23h ago
· Read full article →
Researcher Chaotic Eclipse dropped LegacyHive, a proof-of-concept exploit for a Windows User Profile Service arbitrary hive load privilege escalation zero-day, hours after Patch Tuesday. Release timing compresses the defender response window before threat actors operationalize the technique.
The Hacker News
· 22h ago
· Read full article →
Researcher Nightmare Eclipse published the LegacyHive Windows User Profile Service privilege escalation PoC with deliberate capability limitations to slow weaponization. Partial disclosure still hands attackers a directional blueprint while defenders race to patch.
SecurityWeek
· 2h ago
· Read full article →
Intruder's LLM-powered vulnerability pipeline combined code slicing with AI inference to discover and exploit an unpatched WordPress plugin zero-day, with additional findings under responsible disclosure.
BleepingComputer
· 19h ago
· Read full article →
Get this in your inbox
Free daily briefing. No spam. Unsubscribe anytime.
Subscribe Now