One of the world's most active ransomware groups exploited a critical vulnerability in Oracle's PeopleSoft software suite and used it to target about 100 customers and extort at least one of them to pay up in exchange for not leaking stolen data, researchers said. The group, tracked as ShinyHunters, had been exploiting the PeopleSoft vulnerability for more than two weeks before Oracle flagged it. CVE-2026-35273, as the vulnerability is tracked, carries a severity rating of 9.8 out of 10. READ MORE...
The FBI, along with Google and Lumen Technologies, took down a major cybercrime network based in China that was responsible for an estimated $1.9 billion in losses, officials said Friday. Outsider, which provided phishing kits and hosted infrastructure for cybercriminals since July 2023, facilitated a wave of phishing attacks against people and businesses in 55 countries, including the United States, the FBI said in a LinkedIn post. READ MORE...
Pharmaceutical giant Novo Nordisk last week disclosed a cybersecurity incident involving unauthorized access to personal data. Novo Nordisk is a Danish pharmaceutical company renowned for developing treatments for diabetes and weight management, including widely popular drugs such as Ozempic, Wegovy, Rybelsus, Victoza, and Saxenda, along with a broad lineup of insulin products. The company revealed that it recently discovered unauthorized access to internal IT systems. READ MORE...
Vulnerability disclosures are piling up faster in 2026 than anyone expected at the start of the year. The running count for the first few months sits well above the original projection, and the Forum of Incident Response and Security Teams (FIRST) now expects the year to land near 66,000 CVEs. The cause sits mostly with one development: AI tools have started hunting for software flaws on their own, and they are good at it. READ MORE...
Financial services organizations are widely using AI agents for common business operations, but many of them aren't sure whether their AI tools have opened the door for hackers, according to a new report. Sixty-two percent of financial services firms have deployed AI agents, and 93% of those firms have given them some level of autonomy, the Cloud Security Alliance (CSA) said in its Tuesday report. READ MORE...
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. A report from the open-source intelligence community Independent Federated Intelligence Network (IFIN) notes that a new maintainer is spoofing a trusted publisher on the AUR platform to push infected packages. The Arch Linux distribution is popular among power users and developers. READ MORE...
A Ukrainian national pleaded guilty in a US court to his role in the notorious Conti ransomware group, the Department of Justice announced. The man, Oleksii Oleksiyovych Lytvynenko, 44, of Cork, Ireland, was arrested in Ireland in 2023 and was extradited to the US in October 2025 to face Conti-related charges. Lytvynenko admitted in court to joining the Conti operation in September 2021 and working on the development of a malware loader for the group. READ MORE...
The U.S. government on Friday ordered Anthropic to immediately suspend foreign access to Fable 5 and Mythos 5, its two most advanced artificial intelligence models, citing national security concerns tied to a reported method of bypassing the models' safety restrictions. The directive, issued late Friday afternoon by Secretary of Commerce Howard Lutnick in a letter to Anthropic Chief Executive Dario Amodei, placed the two models under export controls that prohibit use by foreign nationals. READ MORE...
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. The exfiltrated information could be email content (e.g., access codes, passwords), calendar events and meeting details, documents, and other content accessible through Copilot Enterprise Search. READ MORE...