Akira ransomware has evolved into one of the most disruptive ransomware-as-a-service operations, hitting more than 250 organizations and extorting over $244 million. This article walks through how Akira gains initial access, exploits VPN and firewall weaknesses, moves laterally, and applies double extortion — then outlines practical defenses security teams can deploy now.
Researchers uncovered serious AI bugs across Meta, Nvidia, Microsoft and open-source inference frameworks after tracking a ShadowMQ deserialization pattern built on ZeroMQ and Python pickle. At the same time, new research shows how Cursor’s AI IDE can be hijacked via rogue MCP servers, turning developer workstations into high-value malware delivery platforms if teams ignore AI supply-chain security.
Five facilitators admitted to helping North Korean remote IT workers infiltrate 136 US companies through stolen identities and “laptop farms,” sending more than $2.2 million back to the regime and exposing hidden risks in everyday hiring pipelines.
macOS now attracts serious attention from nation-state and criminal actors, especially credential stealers. A new public dataset, Malet, and a static analysis tool, Katalina, give defenders large-scale visibility into Mach-O malware traits. Teams can use them to tune EDR, test vendor claims, and finally treat Mac fleets as first-class citizens.
Researchers hammered ChatGPT, Gemini, and Claude with adversarial prompts across hate, self-harm, sexual content, and crime. Gemini Pro 2.5 leaked the most unsafe answers, Gemini Flash 2.5 resisted best, and Claude models looked strict but cracked under “academic-style” questions in some categories.
Researchers identified Android-based photo frames that auto-download malware at boot, then execute payloads after each restart. Consequently, attackers gain control on rooted devices with disabled SELinux and weak signing.
A threat actor has registered over 4,300 look-alike hotel booking domains, launching a large-scale phishing campaign that impersonates major travel brands to steal payment card data from unsuspecting guests.
The Washington Post reports a staff data breach tied to an Oracle E-Business Suite zero-day. Nearly 10,000 employees and contractors receive notices as responders verify scope and guide credit protection.
CISA warned that multiple federal agencies still haven’t fully patched Cisco ASA/FTD devices despite active exploitation. Because the campaign targets the VPN web server and enables device takeover, teams must apply fixes for CVE-2025-20333/20362, follow ED 25-03 inventory and validation steps, and disconnect end-of-support hardware. This analysis explains impact, attack flow, high-signal detection, and fast remediation so defenders can reduce edge-device risk without slowing operations.
Sprout is a Rust-based UEFI bootloader that pursues sub-second startup and data-driven policy. It reduces drift, speeds rollbacks, and clarifies failure modes. Secure-boot enablement is underway; teams should pilot now, prepare key management, and align firmware updates for a smooth transition to verified and measured boot.