Threat actor Team 8, associated with North Korean state interests, has been observed distributing the StoatWaffle malware through malicious Microsoft Visual Studio Code projects. The attack vector relies on the 'tasks.json' configuration file, which automatically executes predefined commands when a project folder is opened in the IDE. This technique allows attackers to achieve code execution on a victim's machine without requiring additional user interaction beyond opening the project. The campaign has been active since late 2025.

TechnologySoftware DevelopmentIT Services

HIGH

Other Global 7h ago

Unapproved AI Tool Usage Identified as Primary Enterprise Risk by 2026

Recent industry analysis indicates that by 2026, the use of unapproved AI tools will become a leading vector for enterprise security breaches. This trend is compounded by increasing geopolitical tensions and stringent data sovereignty regulations that complicate traditional security architectures. Organizations are currently struggling to maintain visibility over shadow AI usage, which bypasses standard corporate security controls.

TechnologyFinanceHealthcare

CRITICAL

Ransomware Global 7h ago

Ransomware Evolution: Threat Actors Leveraging AI for Accelerated Attacks

Threat actors are integrating AI tools into their attack lifecycle to enhance the speed and efficacy of ransomware operations. These actors are focusing on the exploitation of valid credentials to gain unauthorized access, effectively bypassing traditional security perimeters. By automating reconnaissance and lateral movement, attackers can identify and encrypt high-value data assets before security teams can detect or respond to the intrusion.

TechnologyFinanceHealthcare

HIGH

Zero-Day Global 10h ago

QNAP Patches Four Critical Vulnerabilities Demonstrated at Pwn2Own Ireland 2025

During the Pwn2Own Ireland 2025 event, the research team 'Team DDOS' successfully demonstrated a chain of vulnerabilities in QNAP SD-WAN routers. These vulnerabilities, tracked as CVE-2025-62843, CVE-2025-62844, CVE-2025-62845, and CVE-2025-62846, allowed the researchers to bypass security controls and gain root access to the devices. QNAP has since issued firmware updates to remediate these security gaps.

TechnologyTelecommunicationsEnterprise Infrastructure

LOW

Other United States 10h ago

Analysis of U.S. Cybersecurity Strategic Policy Effectiveness

Cybersecurity industry leaders have issued statements supporting the effectiveness of the current administration's cybersecurity strategy. The discourse centers on the success of recent policy pivots aimed at enhancing national cyber resilience. No specific cyber incident or breach was reported in this context.

GovernmentTechnologyCritical Infrastructure

MEDIUM

Data Breach Global 10h ago

Mazda Motor Corporation Discloses Data Breach Affecting Employees and Partners

Mazda Motor Corporation identified a security breach that resulted in the exposure of sensitive information related to its workforce and business partners. The incident was detected in December, though the company has only recently finalized the disclosure process. Mazda has initiated an investigation to determine the full scope of the data exfiltration and has begun notifying affected parties.

AutomotiveManufacturing

MEDIUM

Other Global 13h ago

OpenAI Introduces 'Library' Feature for Persistent Cloud Storage of User Files

OpenAI is deploying a new 'Library' feature that enables users to upload and store files and images within the ChatGPT platform. These items are saved to the user's account, allowing for persistent reference across different chat sessions. The feature is designed to streamline workflows by maintaining context through stored assets.

TechnologyEnterprise SoftwareGeneral Public

CRITICAL

Supply Chain Global 13h ago

Trivy Open Source Tool Compromised to Target CI/CD Pipeline Secrets

Threat actors successfully compromised the open-source security scanner Trivy to distribute malicious payloads. By embedding an infostealer within the tool's workflow, attackers gained the ability to harvest sensitive secrets directly from CI/CD environments. This allows for lateral movement into cloud infrastructure and source code repositories.

TechnologySoftware DevelopmentCloud Services

HIGH

APT China 13h ago

RSA Panel Highlights Need for Private-Sector Collaboration Against State-Sponsored Cyber Threats

During an RSA Conference panel, security experts discussed the limitations of current public-private partnerships in addressing advanced cyber threats. The panel noted that while groups like Scattered Spider have demonstrated the need for real-time information exchange, government participation in such collaborative efforts remains inconsistent. The discussion underscored that private enterprises are increasingly forced to rely on their own intelligence networks to counter state-sponsored and organized cybercrime operations.

TechnologyCritical InfrastructureFinancial Services

LOW

Other Global 13h ago

Technical Analysis of Google Authenticator Synced Passkey Architecture

Unit 42 researchers conducted a detailed examination of how Google Authenticator handles passkeys, focusing on the underlying cryptographic mechanisms. The report outlines the lifecycle of passkey generation, storage, and synchronization across devices. It specifically highlights the secure communication protocols used to facilitate passwordless authentication in the Google ecosystem.

TechnologyCybersecurityEnterprise IT