Security news.
Today's security brief highlights ongoing Russian intelligence operations targeting messaging apps, new AI-related threats, and critical vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog. Developers and IT teams should prioritize patching and be aware of sophisticated social engineering tactics.
Ukraine Reports Russian Intelligence Using Fake Support Texts to Steal Messaging Credentials
The SSU and FBI uncovered a Russian intelligence campaign using fake support texts to compromise messaging accounts of officials and military personnel in Ukraine, Europe, and the U.S.
Clean GitHub Repo Tricks AI Coding Agents into Running Malware
Researchers demonstrated that an agentic coding tool can be tricked into executing malicious payloads from a seemingly benign GitHub repository, bypassing security scans and human review.
FBI: Russian Hackers Now Target Signal Backup Recovery Keys
The FBI and CISA warn that Russian intelligence phishing campaigns against Signal users have evolved to steal Signal Backup Recovery Keys, enabling access to historical messages.
CISA Sets Urgent Deadline to Fix Cisco Flaw Exploited in Attacks
CISA has mandated federal agencies patch a actively exploited Cisco Unified Communications Manager Server vulnerability (CVE-2026-20230) by Sunday.
Chinese Framework Powers 200,000 Scam Sites
Threat actors are leveraging the legitimate DCloud Uni-App toolkit to create and sell templates for over 200,000 investment scam websites.
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
A new malware family, SharkLoader, is being used in the "StrikeShark" campaign to deploy Cobalt Strike Beacon, targeting diplomatic and government organizations in Southeast Asia.
Polymarket Customers Lose $3 Million in Supply-Chain Attack
The decentralized prediction market Polymarket will reimburse customers after a supply-chain attack on a third-party vendor led to a malicious script injection and $3 million in losses.
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
A high-severity flaw (CVE-2026-12957) in Amazon Q Developer allowed malicious repositories to execute commands and steal cloud credentials; Amazon has since patched the vulnerability.