The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. […]
Credit card theft campaign abuses Stripe to host stolen payment info
A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. […]
DentaQuest data breach exposed info of 2.6 million accounts
A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. […]
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.
It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway.
The flaw is a server-side request forgery.
UN food agency discloses breach affecting 600,000 Gaza households
The United Nations’ World Food Programme (WFP), the world’s largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. […]
New IronWorm malware hits 36 packages in npm supply-chain attack
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. […]
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it.
RyotaK of GMO
Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk
As AI agents, machine identities, and third-party applications multiply across enterprises, Offroad is betting autonomous security agents can restore control over an increasingly unmanageable identity landscape.
The post Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk appeared first on SecurityWeek.
Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond
Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.
The post Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond appeared first on SecurityWeek.
Willow Raises $7 Million for Securing Autonomous AI Agents
Willow (formerly Webrix) emerged from stealth mode with an access platform designed to secure enterprise AI agents.
The post Willow Raises $7 Million for Securing Autonomous AI Agents appeared first on SecurityWeek.