Major Threats & Vulnerabilities
AI-Powered Cyberattacks and Exploits
The 2026 Verizon DBIR revealed that vulnerability exploitation has surpassed credential abuse as the leading breach vector, accounting for 31% of incidents. The report highlights how generative AI is accelerating attack automation and expanding third-party risk exposure, particularly among SMBs facing ransomware threats.
Microsoft Defender vulnerabilities are currently being exploited in the wild, allowing SYSTEM-level privilege escalation and disabling endpoint protections. Microsoft has released patches, and organizations are urged to update immediately and reinforce endpoint monitoring.
In Linux environments, a flaw in the __ptrace_may_access() function (CVE-2026-46333) enables local privilege escalation and SSH key theft. Major distributions have issued patches, and administrators should prioritize kernel updates.
Browser and Cloud Exploitation
Browser-based threats continue to rise, with SMBs increasingly targeted through malicious extensions and AI-driven phishing campaigns. The growing use of SaaS and AI tools is expanding the attack surface, making MFA and secure browser management essential defenses.
Researchers at 7AI uncovered a browser-extension campaign that evades endpoint detection and response (EDR) systems by injecting JavaScript into authenticated sessions. The CRXfiltrate campaign highlights the need for strict extension controls and continuous monitoring.
Meanwhile, a vulnerability in Amazon Redshift’s JDBC Driver (prior to version 2.2.2) could allow remote code execution through malicious database connection URLs. AWS has patched the issue, and users should upgrade immediately.
Phishing and Supply Chain Threats
Threat actors are exploiting OAuth workflows in device code phishing attacks targeting Microsoft 365 users. Kits like EvilTokens and Tycoon 2FA automate token theft via QR codes and malicious PDFs, underscoring the need for phishing-resistant MFA.
OpenAI confirmed a breach involving two developer devices compromised in the TanStack supply chain attack. The incident highlights the growing risks in developer ecosystems and the importance of securing CI/CD pipelines.
Intel 471 researchers reported that underground phishing marketplaces now operate as organized ecosystems offering phishing kits, infrastructure, and AI-assisted tools, accelerating credential theft and MFA bypass attacks.
Emergency Patches and System Updates
Vendors including Ivanti, SAP, Fortinet, VMware, and n8n have issued emergency patches addressing critical remote code execution and authentication bypass vulnerabilities. Organizations should apply updates immediately, secure admin consoles, and rotate credentials to prevent exploitation.
Industry News
Data Breaches and Exposures
A CISA contractor inadvertently exposed AWS GovCloud credentials, SSH keys, and internal deployment files on a public GitHub repository. The credentials were active for up to 48 hours before being rotated, raising concerns about federal supply chain security.
DragonForce ransomware targeted Tennessee-based AdvancedHEALTH, leaking 390 GB of data and exposing 2.3 million patient records. Attackers threatened to release data daily until ransom demands were met.
The NYC Health and Hospitals breach compromised medical and biometric data of 1.8 million individuals through a third-party vendor. Experts warn that stolen fingerprints pose permanent identity risks.
A GitHub breach linked to a malicious VS Code extension compromised 3,800 repositories, underscoring the risks of unverified developer tools and the need for strict extension vetting.
Corporate and Policy Developments
Nvidia AI chips continue to reach China and Russia despite export restrictions, prompting U.S. national security concerns over supply chain enforcement.
Detroit automakers including GM, Ford, and Stellantis are cutting over 20,000 white-collar jobs as they pivot toward AI development roles, signaling a major workforce transformation.
Elon Musk’s lawsuit against OpenAI was dismissed, clearing the way for a potential $1 trillion IPO and strengthening Microsoft’s partnership with the company.
Anthropic announced monthly credit caps for its Claude Agent SDK, marking a shift toward metered AI compute billing and sparking developer criticism.
The Vatican is collaborating with Anthropic’s co-founder Christopher Olah to draft an AI ethics doctrine, signaling the Church’s growing role in global AI governance.
Southwest Airlines banned humanoid robots from flights following safety incidents, highlighting the need for clearer AI and robotics safety policies.
Technology and AI Developments
Apple is preparing a major AI-driven Siri overhaul ahead of WWDC 2026, introducing writing tools, prompt automation, and enhanced privacy controls.
Discord has rolled out end-to-end encryption for calls but not text chats, leaving some communications exposed to potential interception.
Gen Z’s backlash against AI continues to grow, with surveys showing nearly half of young adults believe AI’s risks outweigh its benefits.
Security Tips & Best Practices
Are Your Vendors Increasing Risk?
- Continuously monitor and classify vendors by criticality and data access.
- Review AI and data handling practices and use third-party risk tools.
- Enforce MFA and least privilege access, setting minimum security baselines in SLAs.
Protect Developer Environments from Malicious Extensions
- Audit installed VS Code extensions regularly.
- Remove unused or unverified plugins.
- Enable MFA and install extensions only from verified publishers.
Humanoid Robot Security Risks
- Segment robots from IT/OT networks and restrict vendor access with MFA and VPNs.
- Monitor telemetry, disable unnecessary sensors, and require signed firmware updates.
- Test incident response plans for robotic failures or hijacking scenarios.
Are Your Browser Workflows at Risk?
- Restrict browser extensions to approved allowlists and audit permissions regularly.
- Implement phishing-resistant MFA, secure DNS filtering, and isolated browsing environments.
- Continuously monitor browser telemetry and egress traffic for anomalies.
Simplify compliance — get ready-to-use security policies to help protect your business without the cost or complexity of an enterprise, all for under $100.
If you want to see more from our Newsletter Archive please click here.
