Malicious websites trick AI agents into crypto payments, context poisoningLaura FrenchJuly 7, 2026Indirect prompt injections hidden in HTML were discovered on sites targeting developers and cryptocurrency owners.
New TrojPix technique uses screen pixels to exfiltrate data from air-gapped computersSC StaffJuly 7, 2026
CISA to finalize critical infrastructure cyber incident reporting rule in SeptemberSC StaffJuly 7, 2026
Supply chainNorth Korean PolinRider supply chain attack targets 108 unique reposSteve ZurierJuly 6, 2026Socket says the campaign remains active and more attacks are likely.
Ransomware1st ‘agentic ransomware’ JADEPUFFER invades database at machine speedLaura FrenchJuly 2, 2026The LLM fixed a failed login attempt within 31 seconds, demonstrating real-time adaptability.
Vulnerability ManagementCISA adds SharePoint flaw to known exploited vulnerabilities listSteve ZurierJuly 2, 2026SharePoint offers bad actors a roadmap into how an organization operates.
Ransomware‘Interpol’ emails spread custom ransomware with decryption key left insideLaura FrenchJuly 2, 2026The campaign targets small businesses with fearmongering emails.
IdentityMicrosoft Azure’s CLI target of automated password spray attacksSteve ZurierJuly 1, 2026Huntress researchers saw 78 user accounts compromised across 64 organizations.
AI/ML‘BioShocking’ jailbreak tricks AI browsers into disclosing private dataLaura FrenchJuly 1, 2026A website framed as a game led AI assistants to submit private GitHub file contents.
Critical Infrastructure SecurityLeaders call for workforce overhaul as AI reshapes critical infrastructureSC StaffJune 30, 2026Leaders urge faster workforce adaptation as AI reshapes cyber and infrastructure.
Vulnerability ManagementCritical Oracle E-Business Suite bug actively exploitedSteve ZurierJune 30, 2026Critical Oracle EBS flaw now exploited, prompting urgent patching guidance.