Mount Royal University in Calgary says hackers stole and then deleted data from its file storage systems after breaching the university's network. In an update published on its website, MRU states that it has engaged technical teams and external cybersecurity experts to investigate the incident and to support recovery efforts following a cyberattack on June 17. The incident disrupted a broad range of university systems, including online services, internet access, and certain internal systems. READ MORE...
American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. AssuranceAmerica operates through a network of over 9,500 independent agents and provides auto, renters, and commercial auto insurance coverage across 14 U.S. states. The company revealed in a filing with Maine's Office of the Attorney General that the data breach has exposed the information of 6,998,886 people. READ MORE...
A lone threat actor used AI to orchestrate a complex attack against a large Amazon Web Services (AWS) environment and successfully extort the victim. Security and incident response firm Sygnia this week published research describing how a financially motivated attacker took advantage of agentic AI workflows to "accelerate victim reconnaissance, attack tool development, command structuring and environment-specific adaptation." READ MORE...
Suspected Chinese spies have been breaking into major US and Canadian universities since May, exploiting vulns in Roundcube mailservers to steal data belonging to physics and engineering administrators and professors, according to Proofpoint threat researchers. Proofpoint directly observed "less than 10" universities targeted in these intrusions, Greg Lesnewich, principal threat research engineer at Proofpoint, told The Register. READ MORE...
Network analysts who open packet captures in Wireshark push untrusted data through a large set of protocol dissectors, and each parser is a spot where a malformed frame can trip up the software. The 4.6.7 maintenance release closes twelve of those weak points. The fixes reach from cellular signaling parsers to the code that reads capture files off disk. Most of the patched advisories describe crashes. READ MORE...
Microsoft has quietly fixed the "RoguePlanet" zero-day in Microsoft Defender, closing the latest hole exposed by security researcher Nightmare Eclipse after months of public sparring over the company's handling of vulnerability reports. The vulnerability, tracked as CVE-2026-50656, was addressed through an update to the Microsoft Malware Protection Engine rather than via its monthly Patch Tuesday bundle. READ MORE...
Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. Each one is a little bundle of plain-English instructions, scripts, and files that a tool such as Claude Code or OpenAI Codex loads when it needs a new trick. One marketplace filled up with more than 40,000 listed skills within months of the format showing up in late 2025. Most came from the community, and nobody vetted them. READ MORE...
As a growing number of organizations deploy AI gateways to manage access to foundation models, all signs point to them becoming yet another surface for security defenders to protect. Researchers at Darktrace recently investigated an incident where a threat actor gained access to an EC2 server hosting an AI gateway connected to Amazon Bedrock services. The attacker used the access for cryptomining but could just as easily have abused the AI gateway to make it a much more serious compromise. READ MORE...
A Linux vulnerability that allows untrusted virtual machines to gain root access to host machines is one of two high-severity flaws to surface this week in the open source operating system. The vulnerability resides in KVM, which is, in essence, a virtual machine app included in the kernel of many Linux distributions. The vulnerability allows guest virtual machines to break out of that container. READ MORE...
Several popular AI coding assistants were tricked into facilitating developer machine hacking via an attack technique that has been known for decades, according to Google-owned cloud security giant Wiz. Dubbed GhostApproval, the attack has been successfully tested against Claude Code, Amazon Q Developer, Cursor, Google Antigravity, Augment, and Windsurf. GhostApproval leverages symbolic link (symlink) following, a longstanding file system behavior. READ MORE...
A security researcher has discovered an undocumented backdoor in multiple Tenda firmware versions that provides attackers with administrative access to a device's web management interface. The security hole appears to affect Tenda routers, switches, and other types of networking devices. Tracked as CVE-2026-11405, the vulnerable code was found in the login function of the web server binary and can be abused for authentication bypass. READ MORE...