2026

Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover

A rare joint alert from all five spy agencies means serious business The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks.…

Claude collaboration tools left the door wide open to remote code execution

Anthropic fixed the flaws – but the AI-enabled attack surfaces remain Security vulnerabilities in Claude Code could have allowed attackers to remotely execute code on users' machines and steal API keys by injecting malicious configurations into repositories, and then waiting for a developer to clone and open an…

Google catches Beijing spies using Sheets to spread espionage across 4 continents

UNC2814 historically targets governments and telcos A China-linked crew found a unique formula for attacking telcos and government orgs across the Americas, Asia, and Africa in its latest round of intrusions. Google's threat intelligence, along with unnamed industry partners, disrupted the gang, which used the Chocolate Factory's own…

Fake ‘interview’ repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed malicious repositories disguised as legitimate projects, according to Microsoft, which said a limited set of those repos were directly tied to observed compromises.…

Ex-L3Harris exec jailed 7 years for selling exploits to Russia

Former Trenchant manager profited millions from cyber tools reserved for the US The former general manager of L3Harris's cyber arm will spend the next seven years behind bars for selling trade secrets to Russia.…

Wynn Resorts takes attacker’s word for it that stolen staff data was deleted

Security pros question assurances as company offers staff credit monitoring Wynn Resorts has confirmed that employee data was stolen from its servers, and is taking the hackers' word that they've since deleted it.…

OpenAI says Chinese cops used ChatGPT to plan and track smear ops against opponents

Note to secret agents: ChatGPT is NOT a private diary A ChatGPT user with links to Chinese law enforcement tried to use the AI chatbot to run smear campaigns targeting the Japanese prime minister and other critics of the Chinese Communist Party, according to OpenAI's latest report on…

Threat intelligence supply chain is full of weak links, researchers find

And they're being stressed by geopolitical concerns that threaten to slow important data-sharing efforts Researchers from Georgia Tech have found that the supply chain for threat intelligence data is susceptible to adversarial action, and proposed a method to improve data sharing that they think will make it stronger.…

Go library maintainer brands GitHub’s Dependabot a ‘noise machine’

When a one-line fix triggers thousands of PRs, something's off A Go library maintainer has urged developers to turn off GitHub's Dependabot, arguing that false positives from the dependency-scanning tool "reduce security by causing alert fatigue."…

UK data watchdog fines Reddit £14.47M for letting kids slip past the gate

Social media giant retorts it doesn't want to collect 'private' data, and plans to appeal The UK's data protection regulator has fined social media giant Reddit £14.47 million ($19.5 million) over its use of children's data.…

Copyright © 2026 Lugapel