Latest Internet & Cybersecurity News
OpenSSF Launches 2026 Cyber Resiliency Survey on EU CRA Impact
Linux Foundation Research and OpenSSF are surveying open source communities on awareness and readiness for cybersecurity regulations like the EU Cyber Resilience Act. This follows last year's study amid growing legislative impacts on maintainers and organizations. Community updates include new sandbox projects and policy collaborations.
Check Point Reveals North Korean KONNI Group's AI PowerShell Malware Targeting Blockchain Devs
KONNI phishing campaign uses Discord links to deliver ZIP files with malicious LNK and decoy PDF, targeting blockchain and crypto developers. Attackers employ AI-generated PowerShell malware for sophisticated intrusions.
SLSH Alliance Exploits Okta SSO in Attacks on 100+ Major Companies
Criminal group SLSH, linking Scattered Spider, LAPSUS$, and ShinyHunters, targets Okta SSO at firms like Atlassian, Moderna, and Halliburton. Campaign involves identity theft and data exfiltration from SaaS environments.
State Actors Exploit WinRAR CVE-2025-8088 Six Months Post-Patch
State-sponsored hackers and cybercriminals continue targeting the patched WinRAR vulnerability despite fixes. This highlights persistent risks from unpatched systems in enterprise environments.
Operation Bizarre Bazaar: First Monetized LLMjacking Campaign Hijacks AI Infrastructure
Pillar Security uncovers massive LLMjacking via scanning exposed AI endpoints, reselling stolen compute via silver.inc marketplace. Over 35,000 sessions affected multiple sectors globally; recommends authentication and audits.
20+ Vulnerabilities in Dormakaba Access Systems Enable Door Unlocking
SEC Consult discloses flaws like hard-coded credentials and command injection in Dormakaba systems, allowing remote door access. No known wild exploits, but risks reconfiguration without authentication.
January 2026 Insider Threat Report Details High-Profile Employee Betrayals
NITSIG/ITDG reports U.S. Treasury cancels Booz Allen contracts over tax data breach, TD Bank bribes, and thefts at JPMorgan, Google. Incidents include $28M fraud, AI secrets to China, and trade secret thefts.
Canadian Report Warns Ransomware and AI Threats Persist Through 2027
Federal Cyber Centre outlook flags ransomware as significant, enhanced by AI for easier attacks on businesses and infrastructure. Hadrian research notes AI attacks overwhelm teams with 99.5% false positives.
Port of Rotterdam Hit by Pro-Russian NoName057(16) DDoS Attack
Maritime sector faces disruption from hacktivist DDoS, following pattern of targeting critical infrastructure. Highlights rising geopolitical cyber tensions in logistics.
Canadian Military Team Wins Global AI Cyber Defense Competition
39 Signal Regiment develops autonomous system to detect and counter AI-driven attacks, placing Canada among elite nations. Underscores advancements in digital defense capabilities.
Hadrian: AI-Driven Attacks Top CISO Concerns for 2026
Two-thirds of CISOs rank AI threats highest; security teams handle mostly false positives, missing 0.47% exploitable issues. Based on 2025 data from 300+ organizations across multiple countries.
Secret Service Flags Major Vulnerabilities in Domain Registration System
IANA domain system weaknesses enable phishing and fraud, remaining unaddressed. Poses risks to global internet trust and security operations.