Microsoft has identified a campaign that uses job-themed repositories to lure software developers into downloading multi-stage backdoors. Attackers exploit trust in shared code, using fake technical assessment projects with repeatable naming conventions to blend into routine workflows and execute malicious code with minimal on-disk traces.
OWASP Top 10 2025—from code to supply chain: Expanding boundaries of security
The OWASP Top 10 2025 list expands security boundaries from code to the entire supply chain, introducing new categories like Software Supply Chain Failures and Mishandling of Exceptional Conditions. This updated list reflects the evolving threat landscape and emphasizes that security is a discipline integrated throughout the software development lifecycle, not just a feature.
Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site - SecurityWeek
Wynn Resorts has confirmed a data breach after hackers stole employee data, including SSNs, and posted it on the ShinyHunters leak site. The company stated the data has been deleted and has not been misused, and they are offering credit monitoring services to affected employees.
‘Richter Scale’ Model Measures Magnitude of OT Cyber Incidents
A new OTI Impact Score model, inspired by the Richter Scale, has been developed to measure the severity, reach, and duration of OT cybersecurity incidents. This scoring system aims to provide a standardized and rapid assessment of actual impacts, helping to avoid over- or under-hyping events and guiding appropriate responses.
The article discusses the emergence of AI mandates in the workplace, drawing parallels to the recent Return to Office (RTO) battles. Companies like Microsoft and Accenture are reportedly pushing employees to use AI tools, with performance and promotions potentially tied to AI adoption, mirroring RTO tactics used by giants like Google and Amazon. While some training mandates are justifiable, the article questions the effectiveness of forcing AI use solely for demonstrating ROI and suggests encouragement over punishment for better employee buy-in.
CISA Confirms Active Exploitation of FileZen Vulnerability
CISA has confirmed the active exploitation of a critical OS Command Injection vulnerability (CVE-2026-25108) in FileZen by Soliton Systems K.K., adding it to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations using FileZen are urged to apply security updates immediately to prevent unauthorized access and system compromise.
Hackers Exploit Cortex XDR Live Terminal for C2 Communications
Hackers are exploiting the Cortex XDR Live Terminal feature to establish covert command-and-control (C2) channels, repurposing a security tool into a backdoor. This abuse leverages the tool’s trusted communications and remote execution capabilities, allowing attackers to blend malicious activity with legitimate traffic.
Threat Actor Allegedly Claimed Leak of Wendy’s International Franchise Database
A threat actor has allegedly leaked the Wendy’s International Franchise Database, exposing sensitive operational configurations, franchisee contact details, and live payment integration credentials across multiple brands, likely originating from the QikServe platform. The leaked data includes franchisee records, operational settings, and critical payment information such as Stripe publishable keys and Worldpay merchant IDs, necessitating immediate rotation of credentials and potential GDPR notifications for affected entities.
ShinyHunters reveals +5M records after Wall Street ignores “final warning” | Cybernews
The extortion gang ShinyHunters has leaked millions of client records from Mercer Advisors and Beacon Pointe Advisors, two prominent US investment firms, after their demands were not met. The exposed data includes contracts and personal information, with the leaked datasets for Mercer Advisors and Beacon Pointe Advisors being 5GB and 60GB respectively.
Teenagers Behind 4.62 Million Ttareungyi Data Breach Identified as Minors
Teenagers exploited weak authentication to access and leak 4.62 million user records from Seouls public bicycle service, Ttareungyi. The leaked data included IDs, addresses, and phone numbers, but not names or resident registration numbers.
CarGurus Data Breach Claim Alleges 1.7M Records Compromised | DataBreach.io
A threat actor, ShinyHunters, claimed responsibility for a data breach at CarGurus, initially alleging over 1.7 million records were compromised, including personally identifiable and internal corporate data. Later, ShinyHunters released over 12 million user records, containing email addresses, names, and IP addresses, after the company did not meet their demands. CarGurus confirmed a cybersecurity incident, stating they are investigating and have secured the environment, though they characterized the breach as limited in scope.
$10K+ Bounty Offered to Hacker Who Can Disconnect Ring Video Doorbells from Amazon Cloud
A bug bounty program is offering over $17,000 to hackers who can disconnect Ring Video Doorbells from Amazon’s cloud while preserving device functionality and enabling local control. This initiative addresses privacy concerns stemming from Ring’s data handling practices and lack of local storage options.
CrowdStrike 2026 Global Threat Report: Evasive Adversary Wields AI
The CrowdStrike 2026 Global Threat Report reveals that in 2025, adversaries increasingly utilized AI-enabled techniques, trusted access paths, and cross-domain movement to evade detection, with the average eCrime breakout time dropping to 29 minutes. The report highlights a 42% increase in exploited zero-days and a significant rise in cloud-conscious intrusions, emphasizing the need for organizations to understand evolving adversary tactics.
Deserialization Flaw in Ruby Workers That Could Enable Full Compromise
A critical Remote Code Execution (RCE) vulnerability has been discovered in RubitMQ job workers due to unsafe JSON deserialization practices, allowing attackers to execute arbitrary commands. This flaw, identified by NullSecurityX and assigned CVE-2024-XXXX with a CVSS score of 9.8, stems from the Oj.load function’s ability to reconstruct objects, which can be exploited by injecting crafted JSON payloads to compromise the entire infrastructure.
Fake Zoom meeting “update” silently installs surveillance software | Malwarebytes
A fake Zoom website is silently installing Teramind surveillance software on Windows machines by tricking users into downloading a malicious update. This sophisticated attack leverages a convincing imitation of a Zoom waiting room and a fake Microsoft Store installation screen to deploy the monitoring tool without user consent, making it difficult to detect.
The crs-agent-skill GitHub repository provides an agent skill designed to help AI coding assistants manage ModSecurity, Coraza, and OWASP Core Rule Set (CRS) WAF rules. It offers capabilities for writing, validating, testing, and tuning WAF rules, including features for handling false positives, converting OpenAPI specifications to WAF rules, and supporting incident response workflows.
Chinese AI Labs Launch Massive Distillation Attacks on Anthropic Claude, Tracking 13M Exchanges
Three Chinese AI labs, DeepSeek, Moonshot, and MiniMax, have been identified conducting industrial-scale data extraction campaigns against Anthropic’s Claude models, generating over 13 million exchanges. These sophisticated distillation attacks aimed to illicitly acquire advanced AI capabilities like coding and reasoning, bypassing safety measures and terms of service.
CrowdStrike reports that AI is accelerating cyber attacks, with average breakout times dropping to 29 minutes in 2025, a 65% increase from 2024. Cybercriminals are exploiting AI systems through prompt injection and using AI to automate reconnaissance and credential theft, with state-sponsored hackers showing an 89% surge in AI usage.
North Korean state hackers, specifically the sophisticated Lazarus group, have been observed deploying Medusa ransomware in financially-motivated attacks against institutions in the US and the Middle East. This marks a shift from previous ransomware strains like Maui and Play, with experts noting the increased coordination between nation-states and cybercriminals.
New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices
The new ZeroDayRAT malware is being marketed as a Malware-as-a-Service (MaaS) on Telegram, offering surveillance and financial theft tools for Android and iOS devices. While advertised with features like live tracking, remote camera/microphone access, and cryptocurrency theft, inconsistencies raise doubts about its authenticity, suggesting it might be an overhyped offering.
Anthropic claims its Claude Code can streamline COBOL modernization, suggesting AI can automate tasks that are currently cost-prohibitive and time-consuming. However, IBM disputes this, arguing that decades of hardware-software integration cannot be replicated by simply moving code, and that AI tools do not capture the full complexity of legacy systems.
ShinyHunters extortion gang claims Odido breach affecting millions
The ShinyHunters extortion gang has claimed responsibility for a data breach at Dutch telecommunications provider Odido, stating they stole nearly 21 million user records. While Odido confirmed a breach affecting 6.2 million customers, they deny ShinyHunters' claims of stealing plaintext passwords and internal corporate data.
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover - SecurityWeek
A vulnerability in GitHub Codespaces could have allowed attackers to take over repositories by injecting malicious Copilot instructions in a GitHub issue, a technique dubbed RoguePilot. This attack could lead to the exfiltration of a privileged GITHUB_TOKEN and a full repository takeover, but GitHub has since patched the vulnerability.
Ad tech firm Optimizely confirms data breach after vishing attack
Ad tech firm Optimizely confirmed a data breach after a vishing attack compromised internal business systems and CRM records, exposing basic business contact information. The company warned customers about potential follow-up phishing attempts using the stolen data.
Conduent data breach could be largest in U.S. history
The Conduent data breach, potentially the largest in U.S. history, exposed sensitive information including addresses, Social Security numbers, and medical data for over 10 million individuals. Hackers had access to the data from October 21, 2024, to January 13, 2025, and affected individuals in multiple states are being notified and offered free credit monitoring until April 30, 2026.