ShadowHS is an advanced fileless Linux exploitation framework designed for stealthy, in-memory operations. It enables attackers to maintain long-term access to compromised systems without leaving persistent traces.

Marquis Software Solutions, a financial services provider, experienced a ransomware attack attributed to a breach of SonicWall's cloud backup service. This incident affected numerous U.S. banks and credit unions.

Operation Bizarre Bazaar is a significant cyberattack campaign targeting AI systems to steal compute power and resell access. The campaign, led by a hacker known as Hecker, involves exploiting unprotected AI models, particularly those using MCP.

Ivanti has disclosed two critical zero-day vulnerabilities in Ivanti EPMM, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable devices without authentication.

A critical security vulnerability was discovered in the Bondu AI toy, where an exposed admin panel allowed unauthorized access to sensitive data, including children's personal information and conversation transcripts.

MongoDB ransomware continues to be a significant threat, primarily targeting exposed databases due to misconfigurations. Attackers exploit these vulnerabilities by scanning for open MongoDB instances, deleting data, and demanding ransoms.

A cybercrime operation named "Bizarre Bazaar" is actively targeting exposed LLM service endpoints. This operation involves unauthorized access to weakly protected LLM infrastructure, leading to significant security risks and financial implications.

The GoTo Resolve tool, a legitimate remote administration software, has been identified as a potential security risk due to its ability to be exploited for activities similar to ransomware tactics.

Researchers have identified 16 malicious browser extensions targeting Google Chrome and Microsoft Edge users. These extensions are designed to steal ChatGPT session tokens, granting attackers unauthorized access to users' accounts.

A cyber attack on the Polish power grid in December 2025 has been attributed to the Russian state-sponsored group ELECTRUM. The attack targeted operational technology systems managing distributed energy resources.