Illinois Representative Delia Ramirez has been appointed as the top Democrat on the House Homeland Security Committee's Cybersecurity and Infrastructure Protection Subcommittee, replacing Eric Swalwell following his resignation from Congress.
OpenAI is revoking and rotating signing certificates for its macOS apps after a North Korean hacking group briefly infected the widely-used Axios JavaScript library, forcing all Mac users to update before May 8.
The ShinyHunters extortion gang has published over 78.6 million records allegedly stolen from Rockstar Games through compromised authentication tokens tied to a security incident at analytics firm Anodot.
A critical cryptographic validation bug in the widely deployed wolfSSL library allows improperly weak digests to be accepted during certificate verification, potentially letting attackers impersonate malicious servers. The flaw was patched in wolfSSL 5.9.1 on April 8, 2026.
Operational technology asset owners are being required to attest to post-quantum cryptographic readiness, but the frameworks, tools, and visibility needed to make those attestations meaningful simply don't exist in most OT environments.
The FBI Atlanta Field Office and Indonesian authorities have seized the W3LL phishing kit marketplace and arrested its alleged developer in the first joint US-Indonesia enforcement action targeting a phishing kit creator.
OpenAI is rotating its macOS code-signing certificates after a compromised Axios npm package (version 1.14.1) was executed within a GitHub Actions workflow on March 31, 2026, potentially exposing credentials used to sign ChatGPT Desktop and other apps.
Booking.com has confirmed that unauthorized third parties accessed booking information tied to user reservations, prompting forced PIN resets and direct email notifications to affected customers.
U.S. and Indonesian authorities have jointly dismantled W3LL, a full-service phishing platform that enabled over $20 million in fraud and targeted more than 56,000 Microsoft 365 accounts worldwide.
China-linked APT41 has deployed a zero-detection Linux backdoor targeting AWS, Google Cloud, Azure, and Alibaba Cloud environments, using SMTP port 25 as a covert C2 channel and typosquatted domains to mask malicious traffic.