The FBI has issued a new bulletin warning U.S. financial institutions about a sharp increase in ATM jackpotting attacks—incidents where criminals force cash machines to dispense money on demand without any legitimate transaction. According to the agency, in 2025 alone more than 700 jackpotting incidents have been recorded across the United States, causing losses of … Read more
The French Ministry of Finance has reported a significant data breach in the national FICOBA bank account registry, after cybercriminals gained unauthorized access to records covering approximately 1.2 million bank accounts. The incident involves both financial identifiers and sensitive personal data, raising serious concerns about follow‑on fraud and targeted social engineering. FICOBA: A critical component … Read more
Wikipedia has taken the unprecedented step of globally blocking archive.today (and its mirrors) and starting to remove hundreds of thousands of existing links to the service. The decision followed the discovery of both a DDoS attack delivered via archive.today’s CAPTCHA and manipulation of archived web pages, which together undermined the project’s security and trust requirements. … Read more
The popular text editor Notepad++ has significantly reinforced its auto-update infrastructure by introducing a new “double-lock” update verification mechanism. This architectural change is designed to close the weaknesses that were previously exploited in a sophisticated software supply chain attack targeting Notepad++ users. How the Notepad++ software supply chain attack was organized According to a joint … Read more
Popular Visual Studio Code extensions with more than 125 million installs have been found vulnerable to attacks that enable local file theft and arbitrary code execution on developers’ machines. Research by OX Security highlights serious security flaws in four widely used extensions: Live Server, Code Runner, Markdown Preview Enhanced and Microsoft Live Preview. Why Visual … Read more
Anthropic has reported what it describes as a large-scale model distillation campaign targeting its Claude large language model (LLM), allegedly conducted by three Chinese AI companies: DeepSeek, Moonshot AI and MiniMax. According to the company, more than 16 million API calls were generated via over 24,000 fake or proxy accounts, despite Anthropic’s services not being … Read more
The Office of the Attorney General of Texas has filed a lawsuit against network equipment manufacturer TP-Link, accusing the company of misleading consumers and creating potential national security and data privacy risks. At the center of the case are alleged router firmware vulnerabilities, links to the Quad7 botnet, and claims that TP-Link misrepresented the country … Read more
Anthropic has announced Claude Code Security, a new AI-driven capability designed to detect vulnerabilities in source code and propose fixes. The launch immediately affected the stock prices of several leading cybersecurity vendors, yet industry specialists emphasize that this is not a replacement for managed security services, but rather the next step in automating secure software … Read more
Amazon security specialists have disclosed a large-scale, targeted campaign against FortiGate firewalls in which a Russian-speaking threat actor compromised more than 600 devices across 55 countries in just five weeks. The operation stands out because the attacker systematically used generative AI and large language models (LLMs) not only to write tools, but also to plan … Read more
Attackers are aggressively exploiting the critical vulnerability CVE‑2026‑1731 in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA), prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to expand its Known Exploited Vulnerabilities (KEV) catalog. At the same time, researchers are tracking sophisticated campaigns, including a supply chain attack on Notepad++ and targeted abuse of … Read more
