As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the attack surface, often in
Romanian Hacker Pleads Guilty to Selling Access to US State Network
Catalin Dragomir admitted in a US court to selling access to an Oregon state government office’s network.
The post Romanian Hacker Pleads Guilty to Selling Access to US State Network appeared first on SecurityWeek.
CISA: Recently patched RoundCube flaws now exploited in attacks
CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. […]
Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS
Threat actors relying on AI have been exploiting exposed ports and weak credentials to take over FortiGate devices.
The post Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS appeared first on SecurityWeek.
Recent RoundCube Webmail Vulnerability Exploited in Attacks
Patched in December 2025, the exploited flaw leads to XSS attacks via the animate tags in SVG documents.
The post Recent RoundCube Webmail Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Mississippi Hospital System Closes All Clinics After Ransomware Attack
A ransomware attack forced the University of Mississippi Medical Center to close all of its roughly three dozen clinics around the state and cancel elective procedures.
The post Mississippi Hospital System Closes All Clinics After Ransomware Attack appeared first on SecurityWeek.
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.
The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded
The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded
PayPal Data Breach Led to Fraudulent Transactions
PayPal blamed an application error for the exposure of customer personal information for nearly 6 months.
The post PayPal Data Breach Led to Fraudulent Transactions appeared first on SecurityWeek.
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo.
The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share
The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share
Arkanix Stealer pops up as short-lived AI info-stealer experiment
An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. […]