Cybersecurity Today

A self-propagating JavaScript worm spread through user scripts on a major collaborative site, forcing admins to restrict edits and replace compromised code. A hacktivist group claims to have leaked thousands of contractor applicant records tied to immigration contracts. Law enforcement and international partners dismantled a major cybercrime forum and seized its database, leading to arrests and follow-up notifications.

A fast rundown of AI-driven targeting in modern strikes and how hacked infrastructure can be weaponized. Coverage of an open-source AI attack toolkit spreading through Fortinet appliances. Reports on major healthcare ransomware incidents that exposed millions of records and crippled clinical systems. A look at GPS and AIS jamming risks that threaten shipping and navigation in contested waters.

A wide-ranging cybersecurity roundup covering an AI agent framework hijack that let webpages brute-force local gateways. A major federal cybersecurity leadership change and controversies around mishandled documents. Discussion of coordinated cyber operations tied to the Iran conflict and risks of retaliation. A USB-based air-gap bridging toolkit from North Korea. A hobbyist-exposed robot vacuum camera and control flaw affecting thousands.

Carey Frey, Chief Security Officer at TELUS with roots at Canada’s Communications Security Establishment, recounts identity’s messy history and TELUS’s FIDO2 lessons. He explores session token theft, why SSO tokens can be dangerous, and how agentic AI and auto-browse amplify risk. He calls for stronger cryptographic roots, proof-based tokens, re-authentication across domains, and fine-grained delegation guardrails.

A critical Cisco SD-WAN vulnerability has been actively exploited, prompting emergency inventory and hardening orders. Researchers demonstrate how MCP integration flaws could lead to remote code execution and even Azure tenant takeover. A large CarGurus data leak raises phishing and fraud risks tied to vehicle shopping. Law enforcement teams trace and recover funds from a tech support scam.

Discord halts an age-verification tie-up after researchers found Persona code hinting at hundreds of checks and risk scoring. Four critical SolarWinds Serv-U remote code execution flaws require urgent self-hosted upgrades. Splunk patches a Windows privilege escalation caused by install-folder permissions. Texas sues TV makers over alleged frequent screenshotting and transmission of screen content without meaningful consent.

AI-driven attacks and how automation cracked hundreds of firewalls using weak access controls. An AI coding agent tied to a major production disruption and the push for strict guardrails. A new AI code-scanning tool that maps data flows and flags vulnerabilities. A global cyber threat exploiting unpatched systems and weak passwords. Rising concerns about online radicalization and youth-targeted recruitment.

Ido Shlomo, co-founder and CTO of Token Security and veteran Israeli cybersecurity practitioner, explains why agentic AI is hard to secure. He discusses permission overreach, identity-first defenses, intent-based permission management, risks from developer tools and leaked tokens, and governance steps like discovery, boundaries, monitoring, and decommissioning.

A critical Dell vulnerability forced an emergency three-day patch directive and involves hard-coded credentials and root access risks. A lawsuit accuses a major router maker of deceptive security and origin claims tied to state-aligned threats. Researchers uncovered nearly 1 billion exposed identity records from an unsecured database. Allegations surface that core Social Security data may have been copied to the cloud without oversight.

A deep dive into info-stealer malware that lifted tokens, cryptographic keys, and a revealing soul.md file from OpenClaw devices. A hobbyist AI project accidentally exposed 7,000 robot vacuums worldwide, including live cameras and floor plans. Two Best Buy fraud cases show why Zero Trust needs behavioral and contextual checks. A supplier breach leaked hundreds of thousands of customer records, highlighting supply-chain risk.