A cybercrime operation named "Bizarre Bazaar" is actively targeting exposed LLM service endpoints. This operation involves unauthorized access to weakly protected LLM infrastructure, leading to significant security risks and financial implications.

The GoTo Resolve tool, a legitimate remote administration software, has been identified as a potential security risk due to its ability to be exploited for activities similar to ransomware tactics.

Researchers have identified 16 malicious browser extensions targeting Google Chrome and Microsoft Edge users. These extensions are designed to steal ChatGPT session tokens, granting attackers unauthorized access to users' accounts.

A cyber attack on the Polish power grid in December 2025 has been attributed to the Russian state-sponsored group ELECTRUM. The attack targeted operational technology systems managing distributed energy resources.

A malicious VSCode extension, "ClawdBot Agent - AI Coding Assistant," was identified on the official Extension Marketplace. This extension, posing as a free AI coding assistant for Moltbot, stealthily deploys malware on compromised systems.

MicroWorld Technologies, the developer of eScan antivirus, has confirmed a breach of its update server, resulting in the distribution of a malicious update to a subset of customers.

A new Android spyware campaign, identified as GhostChat, is targeting individuals in Pakistan using romance scam tactics. The spyware is disguised as a chat service app that routes conversations through WhatsApp.

Delta, a prominent Russian provider of alarm and security systems, has experienced a significant cyberattack, leading to widespread service disruptions. The attack, described as large-scale and coordinated, has affected the company's operations.

CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux Kernel.

A critical vulnerability in Grist-Core's Pyodide WebAssembly sandbox allows remote code execution (RCE) through malicious spreadsheet formulas. This flaw, with a CVSS score of 9.1, has been patched.