Weekly threat intelligence roundup covering major security incidents including a Vercel breach via stolen OAuth tokens, a French government identity agency data breach, UK Biobank health data exposure, and a Bitwarden npm supply-chain attack. AI-related threats include unauthorized access to Anthropic's unreleased Claude Mythos model, an AI-assisted mass exploitation platform (Bissa Scanner), and a prompt-injection RCE in Google's Antigravity IDE. Key patches include a critical ASP.NET Core privilege escalation (CVE-2026-40372), an Apple iOS notification data leak flaw, and active exploitation of an LMDeploy SSRF vulnerability. Threat reports cover The Gentlemen ransomware-as-a-service, Mustang Panda espionage targeting India and South Korea, a Checkmarx developer tools supply-chain attack, and a Google Ads malvertising campaign stealing over $1.27M in crypto.
Sort: