A recent Android malware campaign has been identified, exploiting the Hugging Face platform to distribute thousands of malicious APK variants. The malware, disguised as a security tool named TrustBastion.

Two critical vulnerabilities, collectively known as "LookOut," have been identified in Google Looker, a business intelligence platform used by over 60,000 organizations globally.

CISA issued a warning regarding a five-year-old GitLab vulnerability that is actively being exploited. CISA has urged all organizations, including those in the private sector, to prioritize securing their devices against these ongoing attacks.

CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab, posing significant security risks to affected systems.

Foxit Software has addressed multiple cross-site scripting (XSS) vulnerabilities in Foxit PDF Editor Cloud and Foxit eSign. These vulnerabilities could allow attackers to execute arbitrary JavaScript within a user's browser.

Microsoft has identified a growing threat where Python-based infostealers are targeting macOS environments. These attacks exploit cross-platform capabilities and trusted platforms to distribute malware at scale.

A sophisticated social engineering campaign is targeting Windows users in the UK by using fake party invitations to install ScreenConnect, a legitimate remote access tool, for malicious purposes.

APT28 is actively exploiting a recently patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw is being used to target Ukrainian government entities and potentially extends to EU-based organizations.

A large-scale campaign has been identified involving over 230 malicious packages, known as skills, for the OpenClaw AI assistant. These skills impersonate legitimate utilities but deliver malware that steals sensitive data.

A vulnerability identified as CVE-2025-0921 has been discovered in the Iconics Suite, a SCADA system used for industrial process control. This vulnerability allows for execution with unnecessary privileges, potentially leading to a DoS condition.