Illinois Representative Delia Ramirez has been appointed as the top Democrat on the House Homeland Security Committee's Cybersecurity and Infrastructure Protection Subcommittee, replacing Eric Swalwell following his resignation from Congress.
The FTC is ramping up enforcement against AI-powered harms including nonconsensual deepfakes and voice cloning scams, with new legal authority under the Take It Down Act set to activate in May.
Pillar Security researchers discovered a vulnerability in Google's Antigravity AI developer tool that combined prompt injection with file-creation capabilities to bypass secure mode and grant attackers remote code execution.
Kaspersky researchers uncovered 26 malicious apps on the Apple App Store impersonating wallets like MetaMask, Coinbase, Trust Wallet, and OneKey, all linked to a campaign called FakeWallet tied to the ongoing SparkKitty operation.
State-sponsored North Korean hackers from the Lazarus Group are believed to be behind a $290 million heist targeting the KelpDAO DeFi protocol, with attackers manipulating cross-chain verification nodes to authorize fraudulent transactions.
Seiko USA's website was defaced over the weekend by attackers claiming to have stolen its entire Shopify customer database and threatening to publish the data unless the company pays a ransom.
Forescout Technologies has uncovered 20 new vulnerabilities in serial device servers from Silex and Lantronix, collectively dubbed BRIDGE:BREAK, enabling remote code execution, firmware tampering, and device takeovers in critical OT and healthcare environments.
Sophos has documented a sharp rise in QEMU abuse since late 2025, with two distinct campaigns leveraging the open-source emulator to establish covert tunnels, harvest credentials, and deliver ransomware.
Threat actors have spent over a year attempting to exploit CVE-2023-33538, a high-severity command injection flaw in discontinued TP-Link routers, but errors in their own exploit code have prevented any successful compromise, according to Palo Alto Networks.
AI systems can now generate fully convincing data breach narratives—complete with technical details and fake quotes—triggering real crisis responses at organizations that were never actually compromised.