Threat Intelligence
Kaspersky Details Umbrij, a New ToddyCat Tool Targeting Corporate Gmail via OAuth Tokens
An APT-tooling disclosure with corporate-Gmail implications — defender teams review OAuth-token hygiene this week.
phishing
Two vendor-documented hospitality-sector phishing campaigns land the same week — sector-advisory work for hotel-industry defenders this week.
Artificial Intelligence (AI)
An AI-coding-agent bypass with cross-vendor implications — defender posture-review work for organizations running open-source agents this week.
Artificial Intelligence (AI)
A multi-vendor AI-browser research disclosure — defender posture-review work for organizations deploying agentic browsers this week.
Policy & Government
A bipartisan House vote on child-safety platform obligations — Senate outlook and industry response in focus this week.
Policy & Government
A policy-signal shift on CISA staffing — federal-adjacent defender teams and industry partners watch for follow-through this week.
Vulnerabilities
A pre-authenticated critical vulnerability in a widely-deployed load balancer — patch verification for defender teams this week.
Microsoft 365
A scale-significant Azure CLI credential-attack campaign — defender teams stay in account-hardening posture this week.
Policy & Government
Microsoft's PQC guidance lands alongside the accelerated federal deadline — vendor roadmap alignment this week.
Artificial Intelligence (AI)
A senior US-intelligence framing lands mid-cycle — how AI-cyber policy hardens in focus this week.
Six NetScaler flaws, one with echoes of CitrixBleed — defender teams stay in patch-verification posture this week.
A fresh vendor-research disclosure at the intersection of AI agents and supply-chain risk — Microsoft says poisoned tool descriptions can quietly redirect what an agent does, and pairs the research with defender guidance for teams shipping agentic AI this week.
Another Defender zero-day for defender teams to verify — patch cycle plus KEV watch this week.
One confirmed victim, a reported 99 more not yet named — Oracle PeopleSoft customers stay in patch-verification posture this week.
Two researchers mapped the proximity-sharing protocols behind AirDrop and Quick Share and found six flaws spanning five billion Apple and Android devices, with vendor fixes only partly shipped.
A scale-significant AI-app privacy disclosure with developer accountability implications: Wake Forest researchers found 282 of 444 iOS AI apps exposing usable LLM credentials in their own network traffic, and most stayed open months after notification.
A critical remote monitoring and management vulnerability is under active exploitation to deliver an infostealer that hunts cloud and AI development credentials — and it is now on CISA's KEV list.
Another Oracle product line under active exploitation — high-priority patch verification this week.
Another scale-significant Japanese-sector disclosure: Aflac Life Insurance Japan says intruders sat in its policyholder portal for ten days and exfiltrated the personal data of roughly 4.38 million customers and agents.
A high-profile Oracle PeopleSoft customer disclosure: Nissan says current and former employees' data was exposed via CVE-2026-35273, with sector-advisory implications for the broader Oracle exploitation cycle.
Browser-extension enforcement action at scale from Microsoft. The company pulled 119 Edge add-ons that concealed payloads inside image and font files, with a combined install base reported at up to 2.6 million, and suspended the developer accounts behind them.
A coding-AI-assistant flaw with cloud-credential implications — defender posture review for the week.