Author: Nate Nelson, Contributing Writer

ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers’ data and connected systems.

The vendor’s first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month.

Attackers use a sophisticated delivery mechanism of text-only files for RAT deployment, showcasing a clever way to bypass defensive tools and rely on the target’s own utilities.

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.

Massive data dump reveals real identities and details of administrators and members of the notorious hacker forum.

Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.

No matter what new laws or regulations make the cut for 2026, it’s clear that compliance challenges will persist and federal legislation will be limited.

A state-sponsored threat group tracked as “Kimsuky” sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions.

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations’ use of AI and map an expanding attack surface.

Deepfakes are becoming more realistic and more popular. Luckily, defenders are still ahead in the arms race.