SecurityWeek

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

Notepad++ has shared additional details on the supply chain attack carried out by Chinese state-sponsored hackers via a ...
SecurityWeek

eScan Antivirus Delivers Malware in Supply Chain Attack

The eScan supply chain attack resulted in malware infections after hackers compromised an update server and pushed a malicious file.
SecurityWeek

ICS Devices Bricked Following Russia-Linked Intrusion Into Polish Power Grid

A disruptive cyberattack linked to Russian state-sponsored actors has permanently rendered ICS inoperable at a Polish power grid sites.
SecurityWeek

In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak

Apple updates platform security guide, LastPass detects new phishing wave, CISA withdraws from RSA Conference.
SecurityWeek

Aisy Launches Out of Stealth to Transform Vulnerability Management

Aisy emerged from stealth with $2.3 million seed funding for vulnerability management and threat prioritization platform.
SecurityWeek

175,000 Exposed Ollama Hosts Could Enable LLM Abuse

SentinelOne and Censys identified 175,000 exposed Ollama hosts, distributed across 4,032 autonomous system numbers (ASNs).
SecurityWeek

White House Scraps ‘Burdensome’ Software Security Rules

The White House has revoked software security guidance issued during the Biden administration due to “unproven and burdensome” requirements ...
SecurityWeek

Hugging Face Abused to Deploy Android RAT

Hackers have abused the Hugging Face infrastructure to host a malicious payload and infect Android users with a remote access trojan.
SecurityWeek

Ivanti Patches Exploited EPMM Zero-Days

Ivanti has patched CVE-2026-1281 and CVE-2026-1340, two Endpoint Manager Mobile (EPMM) flaws exploited as zero-days.
SecurityWeek

LLMs Hijacked, Monetized in ‘Operation Bizarre Bazaar’

LLMs and MCPs have been hijacked at scale and the unauthorized access sold for profit in Operation Bizarre Bazaar.