Ivanti has patched two critical vulnerabilities in its Sentry solution, including a max-severity flaw that allows remote attackers to execute code with root privileges
A new subscription-based infostealer named Storm emerged on underground forums in early 2026, shifting credential theft to server-side decryption to evade endpoint security tools and automate session hijacking against SaaS, cloud, and internal platforms.
OpenAI confirmed its macOS app-signing workflow executed a malicious version of the Axios JavaScript library, published by North Korean-linked threat group UNC1069 after compromising a lead maintainer's NPM account.
European gym chain Basic-Fit confirmed that unknown hackers breached its systems and downloaded personal data belonging to approximately 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain, and Germany.
A joint law enforcement operation involving the United States, United Kingdom, and Canada has identified over $45 million in stolen cryptocurrency and successfully frozen roughly $12 million, which will be returned to victims.
The popular CPUID hardware utility website was breached and manipulated to serve malicious versions of CPU-Z, HWMonitor, and PerfMonitor, deploying a newly identified RAT capable of stealing credentials and cryptocurrency wallets.
A fraudulent website impersonating Anthropic's Claude AI platform was found distributing PlugX, a remote access trojan with deep ties to espionage operations, through a cleverly staged installer chain.
Google has made Gmail end-to-end encryption available on Android and iOS for enterprise users, allowing encrypted messages to be composed and read natively in the mobile app. The feature is powered by client-side encryption and is available now for eligible Google Workspace plans.
A critical pre-authentication remote code execution vulnerability in the Marimo Python notebook platform was actively exploited within 10 hours of public disclosure, with attackers targeting cloud credentials and SSH keys.
Adobe has released out-of-band patches for a critical zero-day vulnerability in Acrobat and Reader, tracked as CVE-2026-34621 with a CVSS score of 9.6, which attackers have been exploiting since at least November 2025.