Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access,
The post Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw appeared first on SecurityWeek.
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.
Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on
Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on
Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector
The attacks included a destructive infiltration of Poland’s energy system in December and was suspected of originating in Russia.
The post Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector appeared first on SecurityWeek.
Firefox now has a free built-in VPN with 50GB monthly data limit
Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. […]
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique.
“The campaign abuses Google Ads to serve rogue ScreenConnect (
“The campaign abuses Google Ads to serve rogue ScreenConnect (
RSAC 2026 Conference Announcements Summary (Day 1)
A summary of the announcements made by vendors on the first day of the RSAC 2026 Conference.
The post RSAC 2026 Conference Announcements Summary (Day 1) appeared first on SecurityWeek.
Microsoft fixes bug causing Classic Outlook sync issues with Gmail
Microsoft has fixed a known issue causing Gmail and Yahoo email synchronization and connection problems for classic Outlook users. […]
Zero Trust: Bridging the Gap Between Authentication and Trust
Passing MFA doesn’t mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must verify both user identity and device health. […]
HackerOne discloses employee data breach after Navia hack
Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. […]
Extortion Group Claims It Hacked AstraZeneca
The Lapsus$ hackers allegedly compromised internal code repositories, credentials, and employee data.
The post Extortion Group Claims It Hacked AstraZeneca appeared first on SecurityWeek.