Recent research reveals that large language models (LLMs) can develop backdoor vulnerabilities from as few as 250 malicious documents embedded in their training data. The study involved training LLMs ranging from 600 million to 13 billion parameters.

Threat actors are exploiting unsecured Milesight IoT cellular routers to send SMS-based phishing messages. These routers are widely deployed in critical infrastructure such as traffic lights and electric power meters.

A widespread malware campaign is targeting macOS users by impersonating a broad range of online services through malicious ads on search engines. The campaign aims to distribute the Atomic Stealer, a potent credential-stealing malware.

Turla has been known for deploying stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations. These activities suggest a strategic alignment between the two groups to enhance operational effectiveness.

A PoC attack has exposed a critical vulnerability in OpenAI’s ChatGPT-integrated Deep Research agent. The attack enables the exfiltration of sensitive data from a user’s Gmail inbox to an attacker-controlled server without any user interaction.

Three TLS certificates were mis-issued for 1.1.1.1, a DNS service operated by Cloudflare and APNIC. These certificates, issued in May 2025 by Fina RDC 2020, a subordinate CA under Fina Root CA, were only discovered four months later.

A significant security incident involving the Salesloft Drift AI chat agent has led to the compromise of OAuth tokens, resulting in unauthorized access to Google Workspace email accounts.

A critical zero-day vulnerability in WinRAR has been actively exploited by two Russian cybercrime groups. The attackers used phishing emails with malicious archive attachments to backdoor victim systems.

Researchers have identified a campaign by the threat actor UNC6148 targeting SonicWall Secure Mobile Access (SMA) appliances. These appliances manage and secure access by mobile devices and are located at the edge of enterprise networks.

A recent investigation uncovered that 245 browser extensions—installed on nearly 1 million devices—are covertly turning users' browsers into web scraping bots. These extensions, available on Chrome, Firefox, and Edge, embed the MellowTel-jsx library.