Airports in Copenhagen and Oslo faced unexpected disruptions this weekend after drones were spotted near their airspace. With both airports temporarily halting flights, the incidents highlight growing concerns over drone misuse and the potential risks to aviation, national security, and public safety Drone Disruption in Copenhagen Copenhagen Airport, one of Scandinavia’s busiest hubs, suspended air…
Threat actors behind a coordinated network on YouTube have uploaded over 3,000 videos that masquerade as software tutorials and cheat walkthroughs, yet lead to credential‐stealer malware downloads. The operation uses compromised channels, fake engagement and download links to evade detection posing a new category of platform-based threat for security teams.
Instagram’s latest overhaul introduces PG-13-level restrictions for teen accounts. Under the update, users under 18 will have tighter filters, limited searches, and parental approval requirements for more open settings.
WireTap shows how a passive DDR4 interposer can recover Intel SGX attestation keys under physical access. The attack reframes trust in SGX-based services and demands stronger physical and cryptographic safeguards.
Security researchers have exposed a large-scale espionage campaign where Chinese hackers weaponized open-source tools to infiltrate critical infrastructure systems worldwide. The operation showcases a shift toward covert, community-blended tactics where public codebases become vectors for nation-state exploitation.
Google Mandiant has launched an investigation into a new cyberattack campaign targeting Oracle systems, raising alarms over advanced threat activity and enterprise risks.
CISA and NSA published a focused plan to harden Microsoft Exchange. Enforce modern authentication, cut exposure, enable Extended Protection, and lock down TLS to stop real-world attacks.
A Reagan-themed anti-tariff ad paused U.S.–Canada talks. Canada’s prime minister apologized to Trump, seeking to cool tempers, protect exporters, and restart negotiations.
Researchers tracked 1,330 suspicious domains impersonating 23 luxury brands ahead of peak shopping. Prepare for activation waves with monitoring, takedowns, and buyer guidance.
Researchers documented CVSS 8.9 command injection in three official Claude Desktop extensions Chrome, iMessage, and Apple Notes. Because those connectors built AppleScript commands with unescaped user input, prompt injection could pivot from web content to local shell execution on macOS. Anthropic patched the issues. This analysis explains the exploit chain, the fixes, and the validation steps security teams should run to keep MCP servers safe.