⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More - Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software...
Cyberattack hits four major Iranian banks, officials say - A cyberattack disrupted operations at four major Iranian banks, but protective measures were immediately implemented to protect customer data, Iran's Bank Coordination Council announced on Sunday.
FBI disrupts massive AI-powered phishing service using a million URLs - In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords.
CISA orders feds to patch actively exploited Ivanti flaw by Sunday - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04.
Vibe coders are gonna vibe code: How CISOs are tackling code sprawl - Employees are increasingly building automations, agents, and apps with AI tools outside traditional security oversight. Tines explores how CISOs are handling AI-driven code sprawl, shadow tooling, and governance challenges.
China slams US move to blacklist major Chinese tech firms - China said on Saturday that it’s “strongly dissatisfied” with the Pentagon's decision to label some of its leading tech firms as aiding the country’s military, with the commerce ministry calling on the Trump administration to reverse the move immediately.
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication - Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise...
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web - GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk.
Ex-school district employee jailed for hacks on former employer - A former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages.
Why AI Projects Stall and How CIOs Can Respond - Across enterprises, a familiar pattern is emerging. A business unit identifies an AI tool with a clear upside in productivity or revenue. Their proposal moves into procurement. Security raises concern[…]
[Webinar] Device code phishing in 2026: live demos, real kits, and where it's headed next - 18 kits, a 37x spike in detections, and every major AiTM vendor adding it to their platform: device code phishing has gone from espionage-grade to criminal commodity. Join Push Security's VP of R&D Luke Jennings for attacker-side demos and a breakdown of the kits and campaigns we're tracking in the wild....
CISA tells govt agencies to patch critical exploited flaws in 3 days - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies.
