A widespread Android malware campaign named NoVoice infected at least 2.3 million devices via 50+ Google Play apps masquerading as cleaners, galleries, and games. The malware exploited older, patched Android vulnerabilities (2016–2021) to achieve root access, including use-after-free kernel issues and Mali GPU driver flaws, before disabling SELinux and replacing system libraries with rootkits. Post-exploitation, the attackers injected code into running apps, primarily targeting WhatsApp to extract encryption databases, Signal protocol keys, and account identifiers for session hijacking. Persistence mechanisms ensure survival across factory resets, and the campaign avoided specific Chinese regions while evading detection via emulator, debugger, and VPN checks.

A threat actor tracked as UAC-0255 impersonated Ukraine’s CERT-UA to distribute the AGEWHEEZE remote access trojan (RAT) via phishing emails sent to approximately 1 million ukr[.]net mailboxes on March 26–27, 2026. Targets included state organizations, medical centers, security companies, educational institutions, financial institutions, and software development companies. The campaign leveraged a password-protected ZIP archive hosted on Files.fm, containing a decoy CERT-UA-themed installer that delivered AGEWHEEZE, a Go-based RAT with extensive capabilities for remote control and data exfiltration. The attack’s operational impact was assessed as minimal, with only a small number of personal devices at educational institutions compromised. The threat actor, identifying as Cyber Serp on Telegram, claimed broader success, asserting over 200,000 infections and denying civilian targeting. The campaign exploited domains and infrastructure likely generated with AI assistance, reflecting evolving TTPs in Ukrainian cyber operations.

A 2026 analysis of 2025 incident response cases by Blackpoint Cyber finds threat actors increasingly leveraging legitimate remote access pathways and trusted administrative tools to establish initial access and maintain persistence. Rather than relying on software vulnerabilities, attackers primarily abused valid credentials, SSL VPN sessions, and remote monitoring and management (RMM) tools such as ScreenConnect to blend into normal operations. In cloud environments, adversaries captured and reused authenticated session tokens following successful multi-factor authentication (MFA) via adversary-in-the-middle phishing, bypassing detection by appearing as legitimate sessions.

A newly identified infostealer malware kit named Venom Stealer is offered as a malware-as-a-service (MaaS) subscription priced at $250 per month or $1,800 lifetime, enabling continuous credential harvesting and wallet cracking operations. The kit targets Windows and macOS systems via deceptive social engineering lures integrated into its operator panel, including fake Cloudflare CAPTCHA pages, OS update prompts, SSL certificate errors, and font installation pages. Victims are tricked into executing commands via Run dialog or Terminal, bypassing detection systems by appearing user-initiated. Upon execution, it extracts and exfiltrates browser credentials, session cookies, browsing history, autofill data, cryptocurrency wallet vaults, browser extension data, and system fingerprints from Chromium and Firefox browsers. Venom Stealer distinguishes itself by maintaining silent persistence through a background session listener that reports new credentials and wallet activity to command-and-control infrastructure twice daily, and by continuously monitoring Chrome's login database to capture newly saved credentials in real time. Exfiltrated cryptocurrency wallet data is processed by a server-side GPU cracking engine, with funds automatically transferred across multiple blockchain networks including tokens and DeFi positions, undermining password rotation and incident response efforts.

In 2026, enterprise security teams are abandoning traditional invasive endpoint agents and domain-blocking policies—collectively referred to as "Doctor No"—due to their systemic failure to prevent user workarounds and unmanaged exposure of sensitive data. The reliance on endpoint agents and SSL inspection has created a 'Workaround Economy' where employees bypass controls by moving data into personal email, unmanaged AI tools, or browser extensions, resulting in zero organizational visibility and increased risk. Legacy security stacks, including EDR, DLP, and SASE/SSE solutions, are unable to monitor live browser sessions effectively, leaving critical blind spots such as prompt-level data leakage and unmanaged extension activity. Recent incidents, such as a U.S. law firm discovering 70% of users silently routing corporate data through AI extensions hosted in China despite domain blocking, highlight the inadequacy of current controls. The industry is transitioning toward session-level governance—agentless controls that govern data in real time within the browser, regardless of device or network, to enforce secure AI and web use without breaking usability.

A phishing campaign attributed to the Brazilian cybercrime group Augmented Marauder (Water Saci) is actively targeting Spanish-speaking users in Latin America and Europe to deliver the Casbaneiro (Metamorfo) Windows banking trojan and the Horabot malware family. The campaign leverages court summons-themed phishing emails with password-protected PDF attachments that redirect to malicious downloads, initiating a multi-stage infection chain involving HTA, VBS, AutoIt loaders, and dynamic PDF generation for further propagation. The attack infrastructure combines WhatsApp automation, ClickFix social engineering, and enterprise email hijacking to distribute Casbaneiro as the primary payload while Horabot acts as a propagation mechanism targeting Outlook contacts and email accounts.

A malware campaign observed since late February 2026 delivers malicious Visual Basic Script (VBS) files to Windows users via WhatsApp, executing multi-stage attacks to establish persistence and enable remote access. The attack chain uses renamed legitimate Windows utilities (e.g., curl.exe → netapi.dll, bitsadmin.exe → sc.exe) to evade detection, retrieves payloads from trusted cloud services (AWS S3, Tencent Cloud, Backblaze B2), and installs unsigned MSI packages. The malware weakens User Account Control (UAC) defenses by repeatedly attempting elevated cmd.exe execution, modifying registry keys under HKLM\Software\Microsoft\Win, and embedding persistence to survive reboots. This enables privilege escalation without user interaction and deployment of remote access tools like AnyDesk, facilitating data theft and secondary malware delivery.

Google released emergency fixes for the fourth Chrome zero-day vulnerability (CVE-2026-5281) exploited in attacks during 2026, addressing a use-after-free flaw in Dawn, the cross-platform WebGPU implementation within Chromium. The vulnerability allowed attackers to trigger browser crashes, data corruption, rendering issues, or abnormal behavior via malicious web content and specifically enabled arbitrary code execution via crafted HTML in compromised renderer processes. Google confirmed active exploitation in the wild but withheld technical details to prevent further abuse until widespread patch adoption. Updates were immediately available for Windows, macOS, and Linux users in the Stable Desktop channel (versions 146.0.7680.177/178), though rollout may take days or weeks for all users. Automatic updates are enabled by default unless manually disabled. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are advised to apply fixes as they become available.

The FBI issued a public service announcement warning against the use of mobile applications developed by foreign companies, particularly those based in China, citing significant privacy and data security risks. The bureau highlighted concerns that these apps, subject to China’s national security laws, may enable government access to user data. Risks include continuous data collection beyond user consent, default access to sensitive contact information, and storage of collected data on servers in China. Some apps require mandatory data-sharing consent to function. The advisory emphasizes the need for users to limit data exposure and adopt stronger security practices.

Threat actors are increasingly leveraging legitimate, native system tools such as PowerShell, WMIC, and Certutil to conduct attacks, achieving lateral movement, privilege escalation, and persistence while evading detection. Analysis of over 700,000 high-severity incidents indicates that 84% now involve abuse of trusted utilities—a practice known as Living off the Land (LOTL). This shift reduces reliance on malware and exploits, exploiting the blind spot created by legitimate operational noise and the operational necessity of these tools. The technique is now the dominant intrusion vector, often progressing undetected until significant compromise has occurred.

In 2025, 78% of UK manufacturing organizations reported experiencing serious cyber incidents, according to an ESET survey of 500 senior decision-makers. Nearly all (95%) respondents confirmed direct business impact, with 53% incurring financial losses. Supply chain disruption (44%) and missed commitments (39%) were common secondary effects. Of those experiencing operational shutdowns, 77% reported 1-7 days of downtime and 56% noted 1-3 days of outages. Visibility into production-related cyber risks remains limited, with 20% of organizations admitting no or minimal oversight. AI-enabled attacks were identified as the top perceived threat to production (46%), surpassing phishing (42%), ransomware (40%), and unauthorized access (38%). Cyber accountability remains concentrated in IT departments, with only 22% of organizations assigning board-level ownership, indicating low cybersecurity maturity and a reliance on reactive measures despite evidence of significant financial and operational consequences.

A financially motivated North Korea-nexus threat actor compromised the npm account of axios maintainer Jason Saayman and injected a malicious dependency (plain-crypto-js) into two legitimate axios versions (v1.14.1 and v0.30.4) to deliver cross-platform remote access Trojans (RATs) to downstream users. The attack involved pre-staged malicious code, account persistence via email modification, GitHub permission abuse to hide evidence, and direct publishing of malicious packages using stolen npm credentials, bypassing GitHub Actions-based OIDC provenance signing. Impact spans organizations worldwide due to axios’s 100M+ weekly downloads and widespread use as a dependency in CI/CD pipelines.

Google has expanded its AI-powered ransomware detection feature for Google Drive desktop to all paying users, now enabled by default for business, enterprise, education, and frontline Google Workspace licenses. The updated AI model detects 14x more infections than during its beta phase, providing faster and more comprehensive protection. When ransomware is detected, file syncing pauses immediately, safeguarding cloud-stored documents while local files may still be encrypted. Users receive email and admin console alerts, along with detailed restoration instructions to recover affected files. IT administrators retain the ability to disable the feature via the Google Admin console.

Anthropic accidentally exposed the closed-source implementation of its Claude Code AI coding assistant through a packaging error in an NPM release. The leak occurred when version 2.1.88 of Claude Code included a 60 MB source map file (`cli.js.map`) containing approximately 1,900 files and 500,000 lines of internal source code. No customer data or credentials were involved. The exposed code has since propagated widely on platforms like GitHub, prompting Anthropic to issue DMCA takedown notices. The incident stemmed from a human error during release packaging, not a security breach, and Anthropic is implementing measures to prevent recurrence. The disclosed code reveals undocumented features, including a "Proactive mode" for 24/7 autonomous coding and a "Dream" mode for background problem-solving, along with details of Claude-exclusive functionality.

Google has introduced a feature allowing users in the United States to modify their primary @gmail.com address or create a new alias, replacing the prior restriction that prevented changes to the username portion of the address. The change affects account identification across Google services including Gmail, Photos, and Drive, and requires the new address to remain unique and tied to the user’s existing account. Old addresses are retained and cannot be reused by new accounts.

Proton introduced Meet, a new end-to-end encrypted (E2EE) video conferencing platform designed to prioritize user privacy and regulatory compliance. Unlike mainstream services, Meet provides E2EE calls by default without requiring a paid plan or Proton account, supporting one-hour meetings for up to 50 participants at no cost. Longer sessions are available via a paid "pro" tier starting at $7.99/month. The platform integrates with Proton Calendar and supports third-party calendar systems such as Google and Microsoft. Meet is positioned as a response to growing privacy concerns, geopolitical instability, and the use of user conversations to train AI models. Proton emphasizes that Meet’s architecture uses Messaging Layer Security (MLS), an open-source, independently reviewed E2EE protocol, for real-time group communication. All media and chat are encrypted client-side, ensuring Proton cannot access or process cleartext data. Meet leverages WebRTC with Selective Forwarding Units (SFU) for media relay and employs the Secure Remote Password (SRP) protocol for participant authentication. Meeting links include client-side stored IDs and passwords, and the platform supports forward secrecy through epoch key rotation on join/leave events, preventing new members from reading past messages and old members from accessing future ones. The service omits logging of meeting associations and retains only meeting IDs in databases, minimizing exposure in case of a server compromise. Potential risks are limited to meeting link compromise, which can be mitigated through access controls and link rotation.

A critical arbitrary file-write vulnerability in GIGABYTE Control Center (CVE-2026-4415, CVSS v4.0: 9.2) allows unauthenticated remote attackers to write files to any location on vulnerable systems. This flaw impacts versions 25.07.21.01 and earlier of the pre-installed Windows utility, which manages hardware monitoring, fan control, firmware updates, and RGB lighting. Successful exploitation can lead to arbitrary code execution, privilege escalation, and denial-of-service conditions. The issue is exposed when the 'pairing' feature is enabled, enabling network communication with other devices.

Researchers using AI assistant Claude identified and demonstrated remote code execution (RCE) vulnerabilities in Vim and GNU Emacs triggered by opening a specially crafted file. In Vim, the issue arises from missing security checks in modeline handling and sandbox escape, enabling execution of embedded commands under the user’s privileges. In GNU Emacs, the vulnerability stems from automatic Git integration that executes attacker-controlled core.fsmonitor programs when opening files via .git/config manipulation. Both flaws highlight risks in programmable text editors with embedded scripting features and automatic integration with version control systems.

Supply chain compromise in Trivy scanner triggers CanisterWorm propagation across CI/CD pipelines, now expanding to encompass additional open-source ecosystems and attributed to multiple advanced threat actors. The TeamPCP threat group continues to monetize stolen supply chain secrets through partnerships with extortion groups including Lapsus$ and the Vect ransomware operation, with Wiz (Google Cloud) confirming collaboration and horizontal movement across cloud environments. Cisco’s internal development environment was breached using stolen Trivy-linked credentials via a malicious GitHub Action, resulting in the theft of over 300 repositories, including proprietary AI product code and data belonging to corporate customers such as banks, BPOs, and US government agencies. Attackers also abused stolen AWS keys across a subset of Cisco’s cloud accounts, with multiple threat actors observed participating in the breach. New developments include the compromise of the Axios NPM package, a top-10 JavaScript library with over 400 million monthly downloads, via malicious versions 0.27.5 and 0.28.0. The attack delivered a multi-platform RAT through a malicious dependency impersonating crypto-js, with operational sophistication including pre-staging, platform-specific payloads, and anti-forensic cleanup. Initial attribution suggested TeamPCP involvement, but Google attributed the incident to UNC1069, a suspected North Korean actor linked to Lazarus Group, indicating potential actor diversification or false-flag operations. The Axios compromise highlights escalating tradecraft in open-source supply chain attacks, distinct from opportunistic infections and suggesting a focus on access brokering or targeted espionage rather than indiscriminate data theft.

Google has officially begun rolling out developer verification for Android apps in Brazil, Indonesia, Singapore, and Thailand ahead of the September 2026 enforcement deadline as part of its initiative to prevent malicious actors from distributing harmful apps. The verification process now requires developers distributing outside the Google Play Store to confirm their identity via the Android Developer Console, though most Play Store developers already meet the requirements. The mandate was first announced in August 2025, with enforcement scheduled to begin in September 2026 for the four countries before expanding globally. Google aims to enhance security and accountability by making developer verification mandatory, addressing risks of impersonation and malicious app distribution through third-party marketplaces. Existing Play Store developers are likely to have already met these verification requirements, and technical measures such as ADB authentication and a 24-hour waiting period for sideloading unregistered apps are being introduced to balance security with user flexibility.

Mid-market security teams increasingly rely on CVE-based vulnerability tracking, but experts warn this approach creates critical blind spots in real-world exposure management. Exploitation timelines have collapsed from months to hours, with potential for minutes or even seconds, escalating risk for organizations unable to patch within 30 days. Traditional CVE-only strategies overlook critical exposures such as misconfigured databases, exposed management interfaces, and overlooked attack surface elements despite patch deployments, leaving fully patched environments vulnerable to compromise.

Organizations are increasingly prioritizing data integrity and trustworthiness as core cybersecurity concerns, driven by AI-driven decision-making systems that rely on accurate, uncompromised inputs. Data distortion—whether intentional manipulation or unintentional corruption—poses a critical operational risk, as even minor alterations in training or operational datasets can produce inaccurate or harmful outputs. The reliance on data across financial, operational, and strategic domains amplifies the impact of compromised information, transforming data integrity from a technical issue into a strategic leadership challenge. The shift reflects a recognition that modern threats target not only systems but also the data inputs these systems consume, necessitating a proactive approach to understanding data flows, sources, and transformations to prevent silent corruption. Without robust governance and continuous validation, compromised data can blend into normal operational patterns, evading detection and undermining downstream processes, particularly those driven by AI models.

A Maryland man, Jonathan Spalletta (aka "Cthulhon"), has been charged with orchestrating two smart contract heists against the Uranium Finance decentralized exchange (DEX) in April 2021, stealing approximately $53.3 million in cryptocurrency. The suspect surrendered to law enforcement and appeared in court, where prosecutors alleged he exploited code flaws in Uranium Finance's AMM contracts to drain the exchange's assets, forcing it into insolvency. Proceeds were laundered through Tornado Cash and partially spent on high-value collectibles before law enforcement recovered approximately $31 million in cryptocurrency and seized assets in February 2025. The first breach on April 8, 2021, involved manipulating the AmountWithBonus variable to issue unauthorized zero-token withdrawals, draining about $1.4 million, which he partially extorted back as a sham bug bounty. The second attack on April 28, 2021, exploited a single-character error in transaction-verification logic, allowing him to withdraw 90% of the DEX's assets across 26 liquidity pools while depositing negligible value.

The rapid adoption of AI agents is shifting enterprise machine-to-human identity ratios from 100:1 to projections of 1,000:1, necessitating a fundamental re-evaluation of digital trust mechanisms. Digital certificate lifespans are decreasing, increasing the operational complexity of identity lifecycle management and raising the risk of outages without automated trust infrastructure. Trust assumptions are eroding due to deepfake-enabled phishing and autonomous agents performing actions on behalf of users, necessitating cryptographic validation of content, identity, and actions.

Enterprises are transitioning from AI chatbots to AI agents capable of autonomous reasoning, planning, and action across systems. These agents introduce new security risks driven by access scope and operational autonomy. Three primary categories of AI agents—agentic chatbots, local agents, and production agents—each present distinct identity and governance challenges. CISOs must prioritize visibility into agent identities, permissions, and interactions to mitigate exposure of sensitive data, unauthorized system modifications, and prompt injection risks. The shift underscores AI agents as first-class identities within enterprise environments, requiring identity governance frameworks to align permissions with intended agent functionality and reduce attack surfaces.

A coordinated phishing campaign from November 2025 to January 2026 delivered the .NET-based Phantom Stealer infostealer to organizations in European logistics, manufacturing and technology sectors. The malware was distributed as a commercial toolkit bundling a stealer, crypter and remote access tool (RAT) under subscription tiers, enabling credential harvesting, session data theft and sensitive information exfiltration via messaging platforms, SMTP and FTP. Attackers impersonated a legitimate equipment trading company, using procurement-themed emails with professional formatting and consistent email authentication failures to bypass defenses.

Iran has reactivated the state-backed Pay2Key ransomware operation, recruiting affiliates from Russian cybercrime forums to conduct pseudo-ransomware attacks against high-impact US targets as part of its ongoing geopolitical conflict with the US and Israel. The campaign blends destructive wiper malware (e.g., Apostle retrofitted as ransomware) with extortion schemes to obscure geopolitical motives, complicate attribution, and maximize disruptive and financial impact. Affiliates receive profit-sharing incentives (up to 80% payouts) for attacks aligning with Iranian state objectives, effectively outsourcing cyber retribution to the global cybercrime ecosystem.

A security flaw in ChatGPT allowed attackers to exfiltrate sensitive user data—including prompts, messages, and uploaded files—through a single malicious prompt and DNS side channel. The issue stemmed from a hidden outbound communication path in ChatGPT’s isolated runtime environment, enabling covert transmission of data to external servers. Exploitation did not require complex attack chains; attackers could trick users into pasting malicious prompts via social engineering. OpenAI deployed a patch on February 20 after receiving a responsible disclosure from Check Point researchers. The scope of potential exposure included corporate credentials, personal health records, and other sensitive information processed by ChatGPT users.

A faulty software update in Lloyds Banking Group’s mobile banking platform caused a five-hour window on March 12, 2026 during which transaction details from current accounts were briefly exposed to other users accessing their transaction lists within similar timeframes. The incident affected 447,936 mobile banking users, with 114,182 potentially viewing sensitive payment details such as sort codes, account numbers, National Insurance numbers, and vehicle registrations. Balances remained unaffected and no unauthorized transactions were possible. Lloyds attributed the issue to a glitch in a software update deployed at 03:28 UTC and resolved at 08:08 UTC, with no recurrence reported.

Unknown threat actors, identified as TA415 (APT41), deployed the open-source Velociraptor forensic tool to download and execute Visual Studio Code, likely for command-and-control (C2) tunneling. The attack leveraged legitimate software and Windows utilities to minimize malware deployment and maintain a foothold in the target environment. The attackers used Cloudflare Workers domains for staging and additional payloads, and the incident highlights the evolving tactics of threat actors using legitimate tools for malicious purposes. The attack began with the use of the Windows msiexec utility to download an MSI installer from a Cloudflare Workers domain. Velociraptor was then used to establish contact with another Cloudflare Workers domain, facilitating the download and execution of Visual Studio Code with tunneling capabilities. This allowed for remote access and code execution, potentially leading to further malicious activities such as ransomware deployment. The phishing campaign targeted US government, think tank, and academic organizations involved in US-China relations, economic policy, and international trade. The attackers impersonated the US-China Business Council and John Moolenaar, Chair of the Select Committee on Strategic Competition between the US and the Chinese Communist Party. The phishing messages contained links to password-protected archives hosted on cloud services, which included a shortcut (LNK) file and a hidden subfolder. Launching the LNK file executed a batch script that downloaded the VSCode Command Line Interface (CLI) from Microsoft’s servers, created a scheduled task for persistence, and established a VS Code remote tunnel authenticated via GitHub. The script also collected system information and the contents of various user directories, sending it to the attackers.