Security news.
Today's security brief highlights active exploitation of a Cisco SD-WAN vulnerability and new phishing tactics abusing .arpa DNS. The growing role of AI in both offense and defense is also a prominent theme, with discussions on AI assistants shifting security priorities and threat actors leveraging AI in their attacks.
Cisco Catalyst SD-WAN Vulnerability Widely Exploited
WatchTowr reports widespread exploitation attempts for CVE-2026-20127 affecting Cisco Catalyst SD-WAN.
Hackers Abuse .arpa DNS and IPv6 to Evade Phishing Defenses
Threat actors are leveraging the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns to bypass domain reputation checks and email security gateways.
AI Assistants Shifting Security Priorities
The increasing popularity of autonomous AI agents with access to user systems is rapidly changing security priorities for organizations.
EU Court Adviser: Banks Must Immediately Refund Phishing Victims
An Advocate General of the CJEU has issued an opinion suggesting banks should immediately refund account holders for unauthorized transactions, even if the victim is at fault.
OpenAI Codex Security Scanned 1.2 Million Commits, Found 10,561 High-Severity Issues
OpenAI has rolled out Codex Security, an AI-powered agent designed to find, validate, and propose fixes for vulnerabilities, available in research preview.
Microsoft: Hackers Abusing AI at Every Stage of Cyberattacks
Microsoft reports that threat actors are increasingly using AI in their operations to accelerate attacks, scale malicious activity, and lower technical barriers.
Termite Ransomware Breaches Linked to ClickFix CastleRAT Attacks
Velvet Tempest ransomware actors are using the ClickFix technique and legitimate Windows utilities to deploy DonutLoader malware and the CastleRAT backdoor.
Over 100 GitHub Repositories Distributing BoryptGrab Stealer
A new report indicates that more than 100 GitHub repositories are distributing the BoryptGrab stealer, which targets browser and cryptocurrency wallet data.