CISA Administrator Exposed AWS GovCloud Keys on GitHub
A CISA contractor stored highly sensitive credentials for AWS GovCloud accounts and internal systems in a public GitHub repository, containing cloud keys, plaintext passwords, and administrative data—rated by security firm GitGuardian as the most severe government data leak of their career.
Botnet Operator “Dort” Arrested: Kimwolf Mastermind Apprehended in Canada
The 23-year-old Jacob Butler from Ottawa was arrested and charged with operating the Kimwolf botnet, which exploited millions of IoT devices for record-breaking DDoS attacks reaching up to 30 terabits per second, and also conducted threats and swatting attacks against security researchers.
Critical Drupal SQL Injection Actively Exploited and Added to CISA Catalog
A SQL injection vulnerability in Drupal Core is actively exploited and added by CISA to the catalog of known exploited vulnerabilities; Imperva has documented over 15,000 attack attempts against 6,000 websites, primarily targeting gaming and financial sites, with security patches available.
Ghostwriter targets Ukrainian authorities with Prometheus phishing malware
Ghostwriter has conducted phishing campaigns against Ukrainian authorities since spring 2026, using malware components OYSTERFRESH, OYSTERBLUES, and OYSTERSHUCK to deploy Cobalt Strike, while Russia leverages AI tools for target reconnaissance and pro-Kremlin groups hijack Bluesky accounts.










