* Malicious JetBrains Marketplace Plugins Discovered Stealing AI API Keys from Developers

* A Three-Stage Vulnerability Chain Turning Microsoft 365 Copilot Into a Silent Data Exfiltration Weapon

* The Digital Trove: How a Single Hack Exposed One Man’s Entire Life and Why We’re All Vulnerable

* FIFA Bug in World Cup Streaming Infrastructure Opened Door to Remote Takeover

* Passkeys vs Passwords: Readers Debate Whether a Smartphone PIN Can Really Be Safer Than a Complex Password

* GitHub Announces Sweeping npm Security Overhaul to Combat Supply Chain Attacks

* Anthropic Rolls Out Claude Fable 5 in Limited-Time Free Release Before Usage-Based Pricing Kicks In

* OpenClaw AI Agent Found Vulnerable to Phishing Attacks, Leaking Sensitive User Data

* Apple Introduces Automatic Password Changing Feature for Compromised Credentials

* Anthropic Expands Claude Mythos Preview Access to Australian Organisations Through Project Glasswing

* Cybercriminals Exploit ChatGPT Share Links to Distribute Malware Via Fake Outage Pages

* Google Chrome Bolsters Security With Session Cookie Theft Protection for All Users

* Hackers Exploit Meta’s AI Support Bot to Hijack High-Profile Instagram Accounts

* Critical HTTP/2 Bomb Vulnerability Exposes Major Web Servers to Remote Denial-of-Service Attacks

* npm Introduces Human Approval Gates to Counter Software Supply Chain Attacks

* Anthropic’s AI Model Finds Over Ten Thousand Critical Vulnerabilities in Global Software Infrastructure

* Anthropic’s Restricted Claude Mythos Model Moves Closer to Public Release

* AI Emerges as a Game-Changer in Cyber Defence, Australian Signals Directorate Reports

* Grafana Labs Confirms Ransomware Extortion Following TanStack Supply Chain Breach

* GitHub Confirms Internal Repository Breach After Employee Device Compromise

* Google Accidentally Exposes Details of Unpatched Chromium Vulnerability

* CISA Credentials Exposed in Public GitHub Repository for Six Months Before Takedown

* HackerOne Slashes Bug Bounty Payouts as AI Floods Open-Source Security Programs

* Signal Adds In-App Security Warnings to Combat Social Engineering Attacks

* Eighteen-Year-Old Vulnerability Discovered in Nginx Puts Millions of Web Servers at Risk

* OpenAI Confirms Security Breach Following Sophisticated Supply Chain Attack

* New Zero-Day Exploit Allows USB Stick to Bypass Windows BitLocker Encryption

* Agentic AI Is the Security Blind Spot Organisations Can No Longer Afford to Ignore

* Cybercriminals Abuse Amazon SES to Launch Undetected Phishing Campaigns

* ACSC Issues Warning Over ClickFix Attacks Deploying Vidar Stealer Malware

* Malicious OpenClaw Skill Weaponizes AI Agent Framework to Distribute Malware

* Survey Finds 1 in 8 Employees Consider Selling Company Login Credentials Justifiable

* 60% of MD5 Password Hashes Now Crackable in Under an Hour With a Single GPU

* Critical Linux “copyfiles” Vulnerability Grants Root Access on Major Distributions

* Critical cPanel & WHM Authentication Bypass Vulnerability Actively Exploited in the Wild

* Google Patches Maximum Severity CVSS 10 Flaw in Gemini CLI Amid Growing AI Tool Vulnerabilities

* KnowBe4 Research Reveals 86% of Phishing Attacks Are Now AI-Driven

* New “ClawHub” and “ClawSwarm” Malware Campaigns Target AI Agents for Crypto Recruitment