Major Threats & Vulnerabilities
Data Breaches and Credential Exposures
The hacking group ShinyHunters claims responsibility for stealing over 42 million customer records from Charter Communications. The alleged breach, conducted through social engineering and Microsoft Entra compromise, is under investigation. Organizations are urged to review MFA enforcement and monitor SaaS environments for suspicious activity. Read more on ShinyHunters’ Charter Communications attack.
In another incident, attackers linked to the same group infiltrated 7-Eleven’s internal systems, compromising over 600,000 franchise applicant records from a Salesforce environment. The 7-Eleven breach underscores the risks associated with cloud and third-party platforms. Experts recommend reviewing app permissions, enforcing phishing-resistant MFA, and auditing dormant accounts.
Meanwhile, a cybercriminal is reportedly selling a 340 million-record database allegedly containing OnlyFans user data. Although researchers suspect much of it may be scraped or recycled, the OnlyFans data exposure could still enable phishing and impersonation attacks. Users should avoid credential reuse and enable MFA.
Exploits Targeting Developers and Supply Chains
CrowdStrike, Google, and Shadowserver successfully dismantled the Glassworm botnet, which targeted developers via compromised GitHub repositories. The campaign exploited CI/CD pipelines and developer ecosystems. Security teams should audit OAuth tokens, enforce signed commits, and monitor dependencies for anomalies.
Developers were also targeted by a malicious npm package linked to North Korean threat actors. The package deployed infostealers and keyloggers to steal SSH keys, crypto wallets, and cloud credentials. Experts advise auditing dependencies and rotating credentials regularly.
Additionally, attackers are using SEO poisoning to distribute fake AI installers for Gemini CLI and Claude Code. These malicious installers deploy fileless infostealers targeting developer credentials. Developers should verify software sources and avoid executing untrusted scripts.
AI and Automation Security Risks
Researchers found that open-source AI models from Google and Meta could have safety protections removed using a tool called Heretic. The AI guardrails bypass demonstrates how quickly security controls can be undermined, emphasizing the need for sandboxed testing and restricted internet access during AI model evaluation.
AI assistants also continue to introduce new enterprise security risks. A patched flaw in a popular AI coding assistant revealed how attackers could exploit prompt injection and sandbox bypasses to exfiltrate data. Organizations should implement external access controls and immutable audit logging, as detailed in AI assistant vulnerability findings.
Traditional annual penetration testing is no longer sufficient in the age of AI-driven threats. According to recent research, organizations are shifting toward continuous security validation and AI-powered offensive testing to detect reemerging vulnerabilities and configuration drift.
Software and Infrastructure Vulnerabilities
A flaw in ConnectWise Automate could allow attackers to bypass integrity checks and execute malicious code. While no active exploitation has been reported, administrators should patch immediately and monitor for suspicious plugin activity.
Researchers also discovered that deleted Google API keys can remain active for up to 23 minutes due to delayed revocation. This temporary exposure could allow unauthorized access to services like Gemini and BigQuery. Users should treat key deletion as a containment process and monitor logs for continued use.
Mobile and IoT Threats
A global Android malware campaign is silently subscribing users to premium services through carrier billing fraud. Nearly 250 fake apps impersonate popular platforms, using automation and OTP interception to trigger charges. Users should install apps only from trusted sources and monitor billing statements closely.
Authorities arrested a Canadian man accused of operating the KimWolf IoT botnet, responsible for attacks exceeding 30 Tbps and compromising over one million devices. Organizations should audit IoT devices and disable unnecessary remote access.
Social Engineering and Scareware
The CypherLoc scareware campaign uses phishing emails and browser-locking tactics to trick users into calling fake tech support numbers. Over 2.8 million attacks have been recorded since early 2026. Users should avoid interacting with pop-up warnings and use detection tools to remove scareware.
Industry News
Law Enforcement and Regulatory Developments
The FBI issued a warning about Silent Ransom Group impersonating IT staff to infiltrate law firms. The attackers use legitimate remote tools like AnyDesk and Quick Assist to steal sensitive data. Firms should verify all remote IT requests and monitor for unauthorized access tools.
In a major technological initiative, Tokyo announced plans to test a humanoid robot city in Meguro Ward. The project will explore AI-driven public services, autonomous transport, and drone deliveries, raising new questions about physical AI security and data governance.
Service Disruptions and Privacy Concerns
A GitHub outage disrupted Actions and Pages globally, halting deployments and automation workflows. The event highlights the importance of redundancy in DevOps pipelines and the need for tested incident response plans.
Researchers also raised alarms about WhatsApp’s local storage practices on Apple devices, suggesting that chat data could be exposed if backups or devices are compromised. Users should enable encrypted backups and maintain strong device security controls.
Data Governance and Compliance
Data lineage tools are gaining traction for improving audit readiness and compliance. As reported in recent research, tracing data movement across systems and AI agents helps security teams detect insider threats and SaaS misuse.
Meanwhile, a Blancco report revealed that weak data sanitization practices are causing leaks and compliance failures. Experts recommend verifiable sanitization certificates and forensic testing of retired assets.
Security Tips & Best Practices
Ransomware Defense
According to ransomware experts, organizations should:
- Implement phishing-resistant MFA and restrict remote access tools.
- Use EDR/XDR monitoring, test backups regularly, and deploy ransomware removal tools.
- Run incident response simulations with ransomware scenarios to improve readiness.
Data Protection and Access Control
To reduce exposure from credential theft and data leaks, data protection specialists recommend:
- Enable MFA, encrypt sensitive files, and restrict user access.
- Use DLP tools and monitor outbound traffic for exfiltration attempts.
- Regularly audit cloud storage and inactive accounts to minimize risk.
AI-Driven Exploit Mitigation
As AI accelerates exploit development, security researchers advise:
- Use continuous vulnerability scanning and attack surface management.
- Accelerate patch management and monitor threat intelligence feeds.
- Deploy behavior-based EDR/XDR tools and train developers to identify insecure AI-generated code.
API Security
With API-related risks rising, API security experts recommend:
- Rotate API keys and enforce authentication controls like MFA and least privilege.
- Monitor API traffic and restrict permissions to detect suspicious activity.
- Use API gateways and audit third-party integrations to block malicious requests.
Enterprise Compliance
To maintain enterprise-grade security, organizations should ensure compliance with SOC 2 Type II, ISO 27001, GDPR, and HIPAA standards, and leverage 24/7 support for secure operations.
Tools & Resources
Simplify compliance — get ready-to-use security policies to help protect your business without the cost or complexity of an enterprise, all for under $100.
If you want to see more from our Newsletter Archive please click here.