Citrix Patches Another Critical Flaw While the Industry Grapples with Information Sharing

We’re seeing some interesting patterns in this week’s security news that really highlight where our industry stands right now. Between Citrix releasing another critical patch that sounds eerily familiar, a Russian hacker getting what feels like a slap on the wrist, and ongoing surveillance debates, there’s a lot to unpack.

The Citrix Déjà Vu Moment

Let’s start with the elephant in the room. Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, and here’s the kicker – one of them is “very similar” to the CitrixBleed and CitrixBleed2 flaws that were exploited in zero-day attacks recently.

AI-Powered Attacks Are Here, and They’re Targeting Everything We Thought Was Secure

Remember when we used to worry about whether attackers would eventually use AI against us? Well, that future arrived faster than most of us expected. Looking at this week’s security news, it’s clear we’re dealing with a fundamental shift in how cyber threats operate – and honestly, it’s a bit unsettling.

When AI Agents Run Their Own Cyber Operations

The most eye-opening story comes from The Hacker News, which detailed how a state-sponsored group used an AI coding agent to run an autonomous espionage campaign against 30 targets. The AI wasn’t just helping with reconnaissance or writing some exploit code – it handled 80-90% of the tactical operations entirely on its own. We’re talking about an AI that could perform reconnaissance, write exploits, and attempt lateral movement at machine speed without human intervention.

Attackers Get Creative: From Job Scams to Dead Drops on the Blockchain

You know how we’re always telling people that attackers are getting more sophisticated? Well, this week’s news really drives that point home. We’re seeing everything from cybercriminals abusing legitimate no-code platforms to using cryptocurrency blockchains as command-and-control infrastructure. Let me walk you through what’s been happening.

When Legitimate Tools Become Attack Vectors

The most interesting development this week involves threat actors abusing Bubble’s AI app builder platform to create convincing Microsoft credential phishing sites. If you’re not familiar with Bubble, it’s a legitimate no-code platform that lets people build web applications without traditional programming skills.

PolyShell Attacks Hit Majority of Vulnerable Magento Stores as Identity Theft Reaches Industrial Scale

We’re seeing some concerning patterns emerge this week that highlight just how quickly attackers can scale their operations when they find the right targets. The most immediate threat hitting e-commerce businesses is the ongoing PolyShell campaign, which has already compromised 56% of all vulnerable Magento stores – a staggering success rate that should have every online retailer checking their patch status right now.

GitHub’s AI Security Push and Why Russian Arrests Actually Matter

You know that feeling when you’re drowning in vulnerability reports and wondering if there’s got to be a better way? Well, GitHub thinks they have an answer, and honestly, it’s about time someone took a serious swing at this problem.

AI-Powered Bug Hunting Gets Real

GitHub just rolled out AI-based scanning for their Code Security tool, expanding way beyond their existing CodeQL static analysis. What caught my attention isn’t just the AI angle – everyone’s doing AI everything these days – but the fact that they’re specifically targeting broader language and framework coverage.

Ghost Campaigns and Harbor Defaults: Why This Week’s Security News Should Make You Check Your Assumptions

You know that feeling when you think you’ve got everything locked down, and then reality comes knocking? This week’s security news is serving up a healthy dose of that reality check, with some particularly sneaky attack vectors that caught my attention.

The npm Ghost Campaign: When Install Logs Lie

Let’s start with the most creative attack I’ve seen in a while. Security researchers discovered what they’re calling the “Ghost Campaign” – a sophisticated npm supply chain attack that’s doing something I haven’t seen before: faking install logs to hide malicious activity.

Firefox Gets Free VPN While Attackers Perfect Their Social Engineering Game

It’s been quite a week in security news, and I wanted to share some thoughts on the stories that caught my attention. We’re seeing interesting developments on both the defensive and offensive sides – from Mozilla stepping up privacy protection to attackers getting increasingly creative with their delivery methods.

Mozilla Makes VPN Protection Mainstream

The biggest news for everyday users has to be Firefox’s new built-in VPN feature in version 149. Fifty gigabytes of monthly VPN traffic at no cost is genuinely impressive, especially when you consider that many people have never used a VPN at all.

FCC Drops the Hammer on Foreign Routers While Attackers Get Creative with Tax Season

Hey everyone – Emma here with some updates that caught my attention this week. We’ve got everything from sweeping policy changes to some pretty clever attack techniques that are worth discussing.

The Big Policy Move: FCC Says No More Foreign Routers

The biggest news this week is probably the FCC’s decision to ban all new consumer routers made outside the USA. They’ve updated their Covered List to include essentially any router manufactured in a foreign country, which is a pretty dramatic expansion from their previous approach of targeting specific companies or models.

TeamPCP’s Supply Chain Spree and the AI Security Blind Spot We All Missed

I’ve been tracking some concerning developments this week that highlight two major gaps in our security posture. While we’ve all been focused on traditional attack vectors, threat actors are exploiting both our software supply chains and our growing reliance on AI tools in ways that should make us all uncomfortable.

The TeamPCP Supply Chain Rampage Continues

TeamPCP is having quite the month. After successfully compromising Trivy and KICS, they’ve now set their sights on the popular LiteLLM Python package, and frankly, their execution is getting more sophisticated with each attack.

Supply Chain Attackers Target Developer Security Tools While Critical PLM Bug Demands Immediate Action

The past week has brought some unsettling news that really drives home how our threat landscape keeps shifting in unexpected ways. We’re seeing attackers go after the very tools we use to secure our code, while a critical RCE vulnerability in widely-used enterprise software is demanding immediate attention from security teams.

TeamPCP Goes After Our Security Tools

Here’s something that should make us all pause: the TeamPCP threat group has been systematically targeting popular security and development tools that many of us rely on daily. According to Dark Reading, they’ve hit Trivy, Checkmarx’s KICS code scanner, VS Code plugins, and the LiteLLM AI library.