Ransomware and extortion operations continue to target organizations worldwide
Ransomware leak sites and reporting showed continued activity from groups such as Qilin, DragonForce, Akira, Play, Incransom, and others against companies, schools, hospitals, and
Credential theft, phishing, and fake downloads remain the main path to compromise
Attackers continued to rely on phishing, fake installers, and stolen credentials as their most reliable access methods. Reports covered trojanized Webex, Zoom, and MobaXterm instal
CrowdStrike, Microsoft, and others are using AI to reframe vulnerability discovery and remediation
A series of vendor posts and interviews emphasized that frontier AI models are now finding vulnerabilities faster than traditional review and fuzzing in some contexts. Chainguard d
Passwordless identity and MFA changes are reshaping enterprise access management
Vendors are steadily shifting away from SMS and older second factors toward passkeys and hardware-backed authentication. Microsoft announced passkeys as the default sign-in experie
Security teams are racing to manage AI, MCP, and coding-agent risk in software development
A growing body of discussion centered on how AI coding agents, MCP servers, and agent histories create new software-security exposures. Researchers and practitioners warned that AI
Firmware and driver flaws continue to expose kernel and physical-memory abuse paths
Several low-level vulnerabilities showed how drivers and firmware can grant attackers dangerous kernel capabilities. CERT published a Pegatron tdeio64.sys issue that allowed arbitr
AI-generated malware and botnets are moving from concept to production
Researchers reported multiple malware and botnet projects that show signs of LLM assistance, including TuxBot v3 Evolution and AI-generated PowerShell reconnaissance code. TuxBot w
The Russian cyber ecosystem faces escalating sanctions and enforcement actions
The U.S., UK, and EU widened sanctions and enforcement actions against Russian-linked cybercriminals, bulletproof hosting operators, and state-aligned actors. Officials said these
A wave of product vulnerabilities hits security vendors and enterprise software
Numerous vendors disclosed severe flaws across the security and enterprise software stack, including Zoom, FortiSandbox, FreeRDP, NGINX, SAP, Adobe, Siemens, Schneider Electric, an
Google and Microsoft are tightening identity and OAuth telemetry after stealthy account attacks
Attackers have started abusing OAuth client ID behavior in Microsoft Entra ID to enumerate accounts and evade normal sign-in logging. Proofpoint showed that spoofed client IDs can

