🛑 Major Breaches & Incidents - Asian state-backed espionage campaign, Notepad++ supply-chain compromise

⚠️ Emerging Threats & Vulnerabilities - ICS abuse via default credentials, unsupported edge devices still exploitable, OAuth device-code abuse

🔑 Access & Identity Risk - Initial access brokers fueling large-scale intrusions

🔍 Privacy Watch - Surveillance governance and long-term trust implications

🤖 AI in Cyber - AI finds vulnerabilities, leaks data, and quietly enables attacker tradecraft

🕵️ Asian State-Backed Group Breaches 70 Government and Critical Infrastructure Targets
Security researchers uncovered a previously untracked Asian state-aligned threat group responsible for breaching at least 70 government and critical infrastructure organizations across 37 countries. The campaign focused on long-term persistence, intelligence collection, and stealth rather than disruptive attacks. Researchers noted the group relied heavily on known vulnerabilities and basic tradecraft executed patiently.
👉 Key takeaway: Espionage doesn’t need zero-days when defenders miss quiet intrusions.

🔄 Notepad++ Infrastructure Hijacked in Supply-Chain-Style Compromise
Attackers hijacked infrastructure associated with the Notepad++ website, opening the door to potential redirection of update traffic to malicious endpoints. While no large-scale infections were confirmed, the compromise undermined trust in a widely used open-source tool. The incident reinforces how software distribution pipelines remain prime targets.
👉 Key takeaway: If attackers control updates, they control trust.

⚡ Industrial Control Systems Hit via Default Credentials
Operational disruptions tied to power infrastructure in Poland were linked to attackers exploiting default and weak credentials in industrial control systems. Investigators found exposed systems still running with factory settings and minimal monitoring. The incident highlights how legacy configurations remain one of the easiest paths into critical environments.
👉 Key takeaway: The weakest passwords still protect the strongest infrastructure.

📶 CISA Orders Agencies to Disconnect Unsupported Edge Devices
CISA issued a binding directive requiring U.S. federal agencies to identify and remove unsupported network edge devices, citing their repeated exploitation in real-world attacks. These devices often lack security updates and visibility. The order reflects growing concern over legacy technology lingering at the network perimeter.
👉 Key takeaway: End-of-life tech doesn’t retire quietly — attackers keep it relevant.

🔐 Phishing Campaigns Abuse OAuth Device Codes to Bypass MFA and Gain Persistent Access
Security researchers are tracking a rise in phishing campaigns abusing OAuth 2.0 device authorization flows to gain access to Microsoft accounts. Victims are tricked into approving device codes that generate long-lived access tokens, allowing attackers to bypass MFA entirely. Because the technique uses legitimate authorization mechanisms, detection is especially challenging.
👉 Key takeaway: MFA doesn’t always help when attackers hijack OAuth token flows.

📱 Apple Pay Phishing Campaign Bypasses 2FA Using Social Engineering
A widespread phishing campaign impersonating Apple Pay has successfully tricked users into approving fraudulent transactions, effectively bypassing two-factor authentication. Malwarebytes researchers warn the attacks rely on urgency, spoofed messages, and convincing prompts rather than technical exploits. The campaign highlights how payment fraud increasingly targets user trust, not software flaws.
👉 Key takeaway: When attackers can convince users to click “Approve,” security controls don’t matter.

🔓 Initial Access Broker Pleads Guilty After Selling Access to 50+ Corporate Networks
A cybercrime defendant pleaded guilty to operating as an initial access broker who sold unauthorized entry into more than 50 corporate networks. Prosecutors say the access was sold on underground forums and later used in ransomware and data theft campaigns. Security teams warn that this model allows attackers to skip reconnaissance and exploit phases entirely.
👉 Key takeaway: Selling access has become a scalable cybercrime business.

🛰️ Expanded U.S. Surveillance Capabilities Raise Election Cybersecurity Questions
Recent reporting examines how expanded U.S. surveillance authorities and data collection programs could intersect with election cybersecurity efforts. Analysts emphasize governance, oversight, and technical safeguards rather than political positioning. The focus is on long-term privacy, trust, and how sensitive systems are secured and audited.
👉 Key takeaway: Election security depends on oversight and security controls, not just technical defenses.

🧠 AI-Assisted Discovery Uncovers OpenSSL Vulnerabilities
Researchers using AI-powered analysis uncovered a significant number of previously unknown vulnerabilities in the OpenSSL cryptographic library. Many of the issues had existed for years without detection. The findings show how AI can dramatically accelerate deep code review at scale.
👉 Key takeaway: AI is becoming a force multiplier for vulnerability research — on both sides.

🤖 AI Agent Social Network Exposes Massive Security Flaws
Security researchers breached Moltbook, a social network built specifically for AI agents, exposing emails, private messages, and API tokens within minutes. The platform lacked basic authentication and access controls. The incident underscores how fast-moving AI startups often deprioritize security fundamentals.
👉 Key takeaway: AI platforms fail the same security basics as everything else.

♻️ “Living Off the AI” Emerges as New Attacker Tradecraft
Attackers are increasingly abusing trusted enterprise AI tools to conduct reconnaissance and lateral movement without deploying traditional malware. The approach mirrors classic living-off-the-land techniques, but with AI doing the heavy lifting. This makes detection far more difficult using traditional controls.
👉 Key takeaway: If AI is trusted internally, attackers will borrow that trust.