Latest cybersecurity reporting from selected sources.

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it

AI is breaking things faster than anyone can fix them. Security leaders across the industry are racing to figure out what comes next. The post Inside the race to adapt to an AI-powered security world appeared first on CyberScoop.

Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]

It got stupid again

Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools

Newly named Chinese-speaking actor TA4922 expands from East Asia into Europe and Africa

On Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. [...]

Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentication to perform server-side […]

A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation

Proton uses machine learning models to detect abuse of its services – especially email addresses used by cybercriminals

French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. [...]

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa

Cash-for-intel tradecraft continues to concern intelligence officials years after it was first spotted

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell

Fresh penalties secured after initial prison, community service sentences for RAC double act

Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]

Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen […]

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity