The cybersecurity landscape is increasingly threatened by state-sponsored groups, particularly from China and Russia, targeting critical infrastructure in the US. Notably, the Volt Typhoon group has been embedding malware in US energy networks.

A cyberespionage campaign targets supporters of Iran's anti-government protests, focusing on Farsi-speaking Iranians, activists, and journalists. The campaign exploits the ongoing internet blackout in Iran and is linked to Iranian-aligned hackers.

A single threat actor is responsible for the majority of exploitation activities targeting two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), identified as CVE-2026-21962 and CVE-2026-24061.

Hackers are targeting Trezor and Ledger users with physical phishing letters, urging them to scan QR codes leading to malicious sites. These letters claim that users must complete an "Authentication Check" or "Transaction Check" by specific dates.

North Korean hackers, identified as UNC1069, targeted a cryptocurrency executive using a fake Zoom meeting and ClickFix scam. The attack aimed to enable cryptocurrency theft and fuel future social engineering campaigns.

A state-backed hacking group is targeting military officials, journalists, and diplomats in Germany and Europe through phishing attacks on Signal. These attacks aim to gain unauthorized access to accounts by impersonating Signal support.

A critical security breach has been identified in the update infrastructure of Notepad++, a widely used text editor for Windows. The breach, attributed to suspected Chinese state hackers.

A new method of hijacking WordPress permalinks involves the creation of shadow directories. This technique allows attackers to inject spam content into search engine results without altering the visible content on the website or its database.

A supply chain attack targeted eScan antivirus software, distributing malware through its update server. The attack involved a malicious file that initiated a multi-stage infection chain.

The EmEditor supply chain compromise involved tampering with Windows Installer (MSI) packages to embed malicious scripts. The attackers used look-alike domains and command-and-control (C2) infrastructure to execute their operations.