Security Week
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Attackers can inject malicious instructions in a GitHub Issue that are automatically processed by Copilot when launching a Codespace from that issue.
The post GitHub Issues Abused in Copilot Attack Leading to Repository Takeover appeared first on SecurityWeek.
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs
The vulnerability in TeamT5 ThreatSonar Anti-Ransomware was recently added to CISA’s KEV catalog.
The post Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs appeared first on SecurityWeek.
Anonymous Fénix Members Arrested in Spain
The group’s administrator and moderator were arrested last year, and two other members were arrested this month.
The post Anonymous Fénix Members Arrested in Spain appeared first on SecurityWeek.
US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
The Everest ransomware group has taken credit for a hacker attack on Vikor Scientific, now called Vanta Diagnostics.
The post US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach appeared first on SecurityWeek.
Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud
Oleksandr Didenko sold the stolen identities of US citizens, allowing North Koreans to get hired using freelance work platforms.
The post Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud appeared first on SecurityWeek.
Autonomous AI Agents Provide New Class of Supply Chain Attack
While this campaign targets crypto wallets and steals money, the methodology has far wider potential that could be used by other attackers.
The post Autonomous AI Agents Provide New Class of Supply Chain Attack appeared first on SecurityWeek.
Romanian Hacker Pleads Guilty to Selling Access to US State Network
Catalin Dragomir admitted in a US court to selling access to an Oregon state government office’s network.
The post Romanian Hacker Pleads Guilty to Selling Access to US State Network appeared first on SecurityWeek.
Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS
Threat actors relying on AI have been exploiting exposed ports and weak credentials to take over FortiGate devices.
The post Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS appeared first on SecurityWeek.
Recent RoundCube Webmail Vulnerability Exploited in Attacks
Patched in December 2025, the exploited flaw leads to XSS attacks via the animate tags in SVG documents.
The post Recent RoundCube Webmail Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Mississippi Hospital System Closes All Clinics After Ransomware Attack
A ransomware attack forced the University of Mississippi Medical Center to close all of its roughly three dozen clinics around the state and cancel elective procedures.
The post Mississippi Hospital System Closes All Clinics After Ransomware Attack appeared first on SecurityWeek.
PayPal Data Breach Led to Fraudulent Transactions
PayPal blamed an application error for the exposure of customer personal information for nearly 6 months.
The post PayPal Data Breach Led to Fraudulent Transactions appeared first on SecurityWeek.
Critical Grandstream Phone Vulnerability Exposes Calls to Interception
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges.
The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on SecurityWeek.
NIST’s Quantum Breakthrough: Single Photons Produced on a Chip
NIST’s single photon chip will likely make QKD an option for a wider range of companies.
The post NIST’s Quantum Breakthrough: Single Photons Produced on a Chip appeared first on SecurityWeek.
In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI
Other noteworthy stories that might have slipped under the radar: Axonius lays off employees, Abu Dhabi conference data leak, HackerOne addresses AI concerns.
The post In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI appeared first on SecurityWeek.
BeyondTrust Vulnerability Exploited in Ransomware Attacks
CISA has updated its KEV entry for CVE-2026-1731 to alert organizations of exploitation in ransomware attacks.
The post BeyondTrust Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
The FBI has confirmed that the Ploutus malware, which has been around for over a decade, is still being used in the wild.
The post FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025 appeared first on SecurityWeek.
Chip Testing Giant Advantest Hit by Ransomware
The company is investigating whether any customer or employee data was stolen by hackers.
The post Chip Testing Giant Advantest Hit by Ransomware appeared first on SecurityWeek.
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
The malware leverages Gemini to analyze on-screen elements and ensure that it remains on the device even after a reboot.
The post PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence appeared first on SecurityWeek.
French Government Says 1.2 Million Bank Accounts Exposed in Breach
The Ministry of Economy reported discovering unauthorized access to the national bank account registry FICOBA.
The post French Government Says 1.2 Million Bank Accounts Exposed in Breach appeared first on SecurityWeek.
Nearly 1 Million User Records Compromised in Figure Data Breach
The blockchain-based lender has confirmed a data breach after ShinyHunters leaked over 2GB of data allegedly stolen from the company.
The post Nearly 1 Million User Records Compromised in Figure Data Breach appeared first on SecurityWeek.