From African Cybercrime Busts to Chrome Zero-Days: What This Week’s Security News Tells Us

You know those weeks where the security news feels like it’s coming at you from all directions? This has been one of those weeks. Between major law enforcement operations, high-profile acquisitions, and yet another Chrome zero-day, there’s a lot to unpack. Let me walk you through what caught my attention and why it matters for those of us in the trenches.

Device Code Phishing Gets a Voice: Why Microsoft Entra Users Are Getting Unexpected Phone Calls

I’ve been tracking an interesting evolution in phishing tactics lately, and frankly, it’s got me concerned about how attackers are getting more sophisticated with their social engineering. We’re seeing threat actors combine device code phishing with old-school voice calls to compromise Microsoft Entra accounts, and it’s working disturbingly well.

The New Hybrid Attack

Here’s what’s happening: attackers are targeting organizations in tech, manufacturing, and finance with a clever two-step process. First, they send the typical device code phishing email asking users to authenticate via a device code. But here’s the twist – they’re following up with actual phone calls (vishing) to walk victims through the process.

AI-Powered Malware and Targeted Attacks: What This Week’s Incidents Tell Us About Evolving Threats

Hey everyone – I’ve been digging through this week’s security incidents, and there are some interesting patterns emerging that I think we should all be paying attention to. We’re seeing everything from AI-assisted malware experiments to state-sponsored campaigns targeting activists, and it’s painting a pretty clear picture of where threat actors are heading in 2026.

The AI Malware Experiment That Fizzled Out

Let’s start with something that caught my eye: the Arkanix Stealer operation. This one’s fascinating because it appears to have been developed as an AI-assisted experiment that was promoted on dark web forums toward the end of 2025, but then just… disappeared.

Texas Takes TP-Link to Court While Chinese APTs Keep Busy: This Week’s Reality Check

You know that feeling when you read the week’s security news and think “well, that escalated quickly”? That’s exactly where I am after diving into this week’s developments. Between state governments filing lawsuits over router security and Chinese threat actors having a field day with zero-days, it’s been quite the ride.

When States Start Suing Router Companies

Let’s start with the big one: Texas is suing TP-Link over what they’re calling deceptive marketing practices around router security. The lawsuit alleges that TP-Link has been marketing their routers as secure while Chinese state-backed hackers have been exploiting firmware vulnerabilities to access user devices.

ATM Jackpotting Hits $20M in 2025 While Nation-State Schemes Target US Companies

I’ve been digging through this week’s security reports, and there’s a concerning pattern emerging that we need to talk about. While we’re all focused on the latest APT campaigns and zero-days, criminals are making serious money through some surprisingly old-school methods – and nation-states are getting creative with their infiltration tactics.

ATM Malware: The $20 Million Problem We’re Not Talking About

The FBI just dropped some eye-opening numbers about ATM jackpotting attacks that honestly caught me off guard. We’re talking about over $20 million stolen in 2025 alone, with 700 incidents last year out of 1,900 total since 2020. That’s a massive spike that suggests these attacks are becoming more organized and profitable.

AI Gets Weaponized on Both Sides: From Code Scanning to Android Malware

It’s been one of those weeks where the security headlines make you wonder if we’re living in a cyberpunk novel. We’ve got AI helping us find vulnerabilities, AI getting abused by malware, healthcare systems shutting down from ransomware, and everyone scrambling to train enough people to handle it all. Let me walk you through what’s happening and why it matters for all of us.

AI-Powered Hackers Crack 600 Firewalls While iOS Spyware Goes Full Stealth Mode

I’ve been digging through this week’s security news, and honestly, it feels like we’re watching the threat landscape shift in real time. Two stories in particular caught my attention because they represent exactly the kind of sophisticated attacks we’ve been warning about – and they’re happening right now.

When AI Becomes the Hacker’s Best Friend

Let’s start with what Amazon’s threat intelligence team uncovered: a Russian-speaking threat actor who managed to compromise over 600 FortiGate devices across 55 countries in just five weeks. What makes this particularly interesting isn’t just the scale – it’s how they did it.

When Security Tools Become Attack Vectors: This Week’s Reality Check

You know that sinking feeling when you realize the very tools meant to protect us are being weaponized? Well, grab your coffee because this week delivered some sobering reminders about how quickly our security assumptions can crumble.

The Shift Left Nightmare We Created

Let’s start with something that’s been bothering me for a while – this whole “shift left” movement that we’ve all been pushing. BleepingComputer’s analysis of what Qualys found when they examined 34,000 public container images should make us all pause. 7.3% were outright malicious. Not vulnerable – malicious.

Hotel Hacker Booked €1,000 Rooms for One Cent – And Other Stories That Should Keep Us Awake

You know that sinking feeling when you realize a vulnerability is simpler than you thought? That’s exactly what happened in Spain this week when police arrested a 20-year-old who managed to book luxury hotel rooms worth up to €1,000 per night for just one cent each. While the Spanish police announcement is light on technical details, this case highlights something we see far too often: payment processing vulnerabilities that can cost businesses serious money.

CISA’s 3-Day Dell Patch Ultimatum Shows How Fast Zero-Days Can Spiral

We’re seeing something pretty concerning unfold this week that really drives home how quickly the threat environment can shift. CISA just issued a rare 3-day patch mandate for federal agencies after discovering that a maximum-severity Dell vulnerability has been getting hammered by attackers since mid-2024. That timeline should make all of us pause and think about our own patch management processes.