Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- [PL] Fraudsters behind fake online stores scam more than 440 people
- [PL] UOKiK fines Interviewme.pl over costly CV builder
- [PL] Scammers pose as InPost to hijack WhatsApp accounts
- [PL] Fake Allegro email warns of delivery address error
- [PL] People need to be notified of surveillance without delay
- [PL] Palantir loses in Switzerland as Europe moves to curb reliance on the US
- [PL][AUDIO] Fourth episode of the Informatyk Zakładowy retro podcast
- China’s universities cut thousands of ‘obsolete’ arts degrees in AI overhaul
- UK to ban social media for kids under 16, may impose overnight curfews
- [VIDEO] The internet group that changed hacking forever
- Cybercriminals are evading Telegram crackdowns in 'patriot party' and crypto-themed channels
- Council of Europe hacked in ShinyHunters' PeopleSoft heist
- Kodak confirms data breach claimed by ShinyHunters extortion gang
- Ransomware gangs cut off from EUR 336 million ‘AudiA6’ crypto laundering pipeline
- Inside the FBI's 22,000 square-foot indoor technical training environment in Huntsville
For the more technical
- [PL] Fake shipping document campaign shows PureLogs Stealer is a real threat
- FortiBleed — 75k Fortinet firewalls have admin passwords cracked
- Cisco Catalyst SD-WAN Manager arbitrary file write vulnerability
- More evidence that words don't mean what we thought they meant (Ivanti Sentry pre-auth OS command injection CVE-2026-10520)
- Compromise OpenClaw with prompt injections in message objects
- 10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums
- From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware
- Interlock and Rhysida within the ransomware ecosystem
- Killing me gently: Inside Gentlemen’s EDR killer framework
- Malware à la Mode: Tracking Dropping Elephant tradecraft through a China-themed loader chain
- Operation Endgame vs SocGholish
- Atomic Arch: Attackers hijack trusted AUR packages to deliver rootkit-like malware
- Multiple JetBrains IDE plugins caught stealing AI keys
- From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
- Shai-Hulud campaign evolution: Miasma, Hades, and AI scanner evasion
- 152 Chrome live wallpaper extensions hid ad tracking and faked Google search traffic
- Rokarolla: Android banker with complete device takeover capabilities
- NFCShare evolves: from a banking phishing APK to a GitHub-hosted Android NFC fraud campaign
- Hidden in Teams: DragonForce attackers weaponize Microsoft Teams relays to stay hidden
- ClickFix campaign generated via AI delivers SmartRAT
- Someone's hands are on your keyboard then your whole network. Courtesy of ClickFix, Potemkin, RMMProject and EtherRAT
- The devil, eight million emails, and a whole lot of milk
- FishMonger’s arsenal upgraded: SprySOCKS for Windows
- Public and private medical community targeted by China-nexus threat actor pursuing artificial intelligence, cyber, medical, and national defense research
- Velvet Ant’s Operation Highland: How a China-nexus actor infiltrated an internal network undetected
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments