For providers

The flaws, disclosed by Token Security, did not require malware or insider access, only a free Zapier account.

The campaign, active since mid-2025, uses recruitment-themed social engineering to lure developers into downloading a Python-based infostealer and remote access trojan named AUDIOFIX.

Kimsuky, also known as Velvet Chollima, utilized spoofed security software installation pages and fake Webex meeting invitations to deliver malware.

The exposed files encompass a wide range, with 685,047 credential and key files, such as .env files and private keys, and nearly 1 million database dumps, including .sql and .bak files.

CSC analysts identified over 65,590 domains with "FIFA" registered between January 2022 and April 2026, none of which were registered by FIFA itself.

Cybersecurity firm UpGuard discovered an unprotected Microsoft Azure server managed by Pay Tel containing at least 300,000 driver's license scans and other government-issued identification documents.

The identity security startup introduced three new components: Agentic Enrichment, which maps AI agents to their origins and permissions; Agentic Observability, for monitoring agent access paths and delegation chains; and Agentic Guardrails, to enforce least privilege and maintain identity hygiene.

The FROST attack leverages the Origin Private File System (OPFS), a browser feature, to measure Solid-State Drive (SSD) access speeds.

AI has reduced the cost of hacking, but has the cost of mounting a defense dropped at the same rate?