Latest Internet & Cybersecurity News
Vercel Breached via Compromised Third-Party AI Tool
Cloud platform Vercel suffered a security breach where attackers accessed internal systems and compromised credentials of a limited subset of customers through a third-party AI tool. This incident highlights supply chain risks in AI integrations.
CISA Adds Multiple Flaws to Known Exploited Vulnerabilities Catalog
U.S. CISA added vulnerabilities in SimpleHelp, Samsung, D-Link, Cisco Catalyst, Kentico Xperience, and others to its KEV catalog, including Cisco Catalyst SD-WAN Manager bug CVE-2026-20133. Federal agencies must patch within strict timelines.
Over 400,000 Sites at Risk from Breeze Cache Plugin Flaw
Hackers are exploiting CVE-2026-3844 in the Breeze Cache WordPress plugin, putting over 400,000 sites at risk of takeover. No patch is available yet, urging immediate deactivation.
China-Linked Actors Use Consumer Device Botnets for Espionage
China-aligned threat actors build botnets from compromised routers and edge devices to evade detection in cyber espionage, warned by UK NCSC and partners. They shifted to large-scale covert networks.
Scattered Spider Member Pleads Guilty to $8M Crypto Theft
British national Tyler Buchanan, tied to Scattered Spider, pleaded guilty to SMS phishing hacks stealing over $8 million in cryptocurrency from US victims. This follows similar guilty pleas in the group.
Ransomware Negotiator Admits Assisting BlackCat Attacks
A Florida ransomware negotiator pleaded guilty to secretly aiding BlackCat extortion schemes while hired to resolve them against US companies. He conspired in the attacks.
Bluesky Hit by 24-Hour DDoS Attack by Pro-Iran Group
Social platform Bluesky endured a 24-hour DDoS attack claimed by a pro-Iran group, disrupting service amid rising geopolitical tensions. This reflects digital warfare trends.
North Korea’s Lazarus APT Steals $290M from Kelp DAO
Lazarus Group stole $290 million from cryptocurrency platform Kelp DAO in a major heist. This continues North Korea's crypto theft campaigns funding operations.
Progress Software Fixes WAF Bypass Vulnerability
Progress Software patched high-severity flaws in MOVEit WAF and LoadMaster, including CVE-2026-21876 allowing firewall bypass detection evasion. Updates urged for all users.
AI Model Claude Mythos Discovers 271 Firefox Flaws
Anthropic’s Claude Mythos AI identified 271 vulnerabilities in Firefox, showcasing AI's power in vulnerability discovery. Meanwhile, it turns bugs into exploits for low cost.
French Hacker 'HexDex' Arrested for Sports Institution Breaches
A 20-year-old French hacker alias HexDex was arrested for data breaches targeting sports organizations. Authorities link him to multiple incidents.
Supply Chain Risks Escalate in Cyber Sovereignty Focus
Hidden dependencies and long-tail vendors heighten supply chain risks, prompting calls for SBOM transparency and trust-driven sourcing amid Volt Typhoon-like threats. This affects critical infrastructure.