Security news.
Today's security news highlights significant data breaches and ongoing state-sponsored cyber campaigns. Multiple ISPs in Japan suffered a breach exposing millions of email logins, while Russian intelligence continues to evolve its tactics to target Signal users and government officials.
Data Breach Exposes 14.2 Million Email Logins at Six Japanese ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach affecting one of its email systems, exposing up to 14.2 million email logins across six internet service providers.
Russian Intelligence Uses Fake Support Texts to Steal Messaging Credentials
The SSU and FBI uncovered a long-running Russian intelligence campaign using fake support texts to compromise messaging accounts of officials, military personnel, and activists in Ukraine, Europe, and the U.S.
Clean GitHub Repo Tricks AI Coding Agents into Running Malware
Researchers demonstrated how an agentic coding tool, tasked with setting up a benign GitHub repository, could be tricked into executing a malicious payload invisible to security scanners and AI agents.
FBI Warns Russian Hackers Now Target Signal Backup Recovery Keys
The FBI and CISA issued a warning that a phishing campaign linked to Russian intelligence services is now targeting Signal users to steal their Signal Backup Recovery Keys, enabling access to historical messages.
CISA Sets Urgent Deadline to Fix Exploited Cisco Flaw
CISA has mandated federal agencies patch a actively exploited vulnerability in Cisco Unified Communications Manager Server by Sunday, highlighting the critical nature of the flaw.
Polymarket Customers Lose $3 Million in Supply-Chain Attack
Decentralized prediction market Polymarket will reimburse customers who lost approximately $3 million after hackers injected a malicious script into the platform's frontend following a third-party vendor breach.
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
A new cyberattack campaign, dubbed StrikeShark, is deploying a previously undocumented malware family called SharkLoader to deliver Cobalt Strike Beacon on compromised hosts, targeting diplomatic and government organizations.
Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories
AWS has patched a high-severity vulnerability (CVE-2026-12957) in Amazon Q Developer that could allow a malicious repository to run commands and steal a developer's cloud credentials.