Russian cyber group GREYVIBE has been conducting targeted attacks against Ukraine since August 2025 and requires heightened vigilance in NIS2 reporting chains.
Anthropic’s AI project Glasswing enables manufacturers to systematically identify and fix multiple times the usual number of security vulnerabilities per update.
A CISA contractor stored administrative AWS GovCloud credentials, plaintext passwords, and access tokens in a public GitHub repository after intentionally disabling GitHub’s native secrets detection.
The alleged operator of the Kimwolf botnet was arrested after it compromised millions of IoT devices in six months and conducted record-breaking DDoS attacks reaching 30 terabits per second.
A CISA contractor published internal login credentials that began circulating in November 2025 on GitHub; more than a week later, critical keys remained unrevoked while Congress demands a security review.
The Netherlands dismantled a network of hosting providers linked to the EU-sanctioned Stark Industries and serving as a hub for Russian cyberattacks on European targets.
Attackers have infected a popular npm package (codexui-android, ~27,000 weekly downloads) with malware that steals long-lived OpenAI tokens while successfully evading code audits and Google Play reviews.
Anthropic isolates Claude agents through multi-layered sandboxes (gVisor, Seatbelt, Bubblewrap, VMs) with explicit boundaries for data access, filesystem, and egress control.