Operation Bizarre Bazaar is a significant cyberattack campaign targeting AI systems to steal compute power and resell access. The campaign, led by a hacker known as Hecker, involves exploiting unprotected AI models, particularly those using MCP.

Ivanti has disclosed two critical zero-day vulnerabilities in Ivanti EPMM, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable devices without authentication.

A critical security vulnerability was discovered in the Bondu AI toy, where an exposed admin panel allowed unauthorized access to sensitive data, including children's personal information and conversation transcripts.

MongoDB ransomware continues to be a significant threat, primarily targeting exposed databases due to misconfigurations. Attackers exploit these vulnerabilities by scanning for open MongoDB instances, deleting data, and demanding ransoms.

A cybercrime operation named "Bizarre Bazaar" is actively targeting exposed LLM service endpoints. This operation involves unauthorized access to weakly protected LLM infrastructure, leading to significant security risks and financial implications.

The GoTo Resolve tool, a legitimate remote administration software, has been identified as a potential security risk due to its ability to be exploited for activities similar to ransomware tactics.

Researchers have identified 16 malicious browser extensions targeting Google Chrome and Microsoft Edge users. These extensions are designed to steal ChatGPT session tokens, granting attackers unauthorized access to users' accounts.

A cyber attack on the Polish power grid in December 2025 has been attributed to the Russian state-sponsored group ELECTRUM. The attack targeted operational technology systems managing distributed energy resources.

A malicious VSCode extension, "ClawdBot Agent - AI Coding Assistant," was identified on the official Extension Marketplace. This extension, posing as a free AI coding assistant for Moltbot, stealthily deploys malware on compromised systems.

MicroWorld Technologies, the developer of eScan antivirus, has confirmed a breach of its update server, resulting in the distribution of a malicious update to a subset of customers.