The Qilin ransomware gang, known for targeting high-profile organizations, has claimed responsibility for the cyberattack on Conpet, alleging the theft of nearly 1TB of data, including sensitive documents and financial information.

La Sapienza University, Europe's largest by in-campus students, has been hit by a ransomware attack attributed to the pro-Russian group Femwar02. The attack has led to significant disruptions, with IT systems offline and data encrypted.

Spain's Ministry of Science has partially shut down its IT systems following claims of a cyberattack. The Ministry cited a "technical incident" without confirming the attack.

A recent Android malware campaign has been identified, exploiting the Hugging Face platform to distribute thousands of malicious APK variants. The malware, disguised as a security tool named TrustBastion.

CISA issued a warning regarding a five-year-old GitLab vulnerability that is actively being exploited. CISA has urged all organizations, including those in the private sector, to prioritize securing their devices against these ongoing attacks.

APT28 is actively exploiting a recently patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw is being used to target Ukrainian government entities and potentially extends to EU-based organizations.

A large-scale campaign has been identified involving over 230 malicious packages, known as skills, for the OpenClaw AI assistant. These skills impersonate legitimate utilities but deliver malware that steals sensitive data.

The Aisuru botnet has set a new record with a massive DDoS attack, peaking at 31.4 Tbps and 200 million requests per second. This unprecedented attack targeted multiple companies, primarily in the telecommunications sector.

Marquis Software Solutions, a financial services provider, experienced a ransomware attack attributed to a breach of SonicWall's cloud backup service. This incident affected numerous U.S. banks and credit unions.

Ivanti has disclosed two critical zero-day vulnerabilities in Ivanti EPMM, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable devices without authentication.