SecurityWeek

A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads.

Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident.

The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server.

Shadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk.

Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems.

The cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek.

The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults.

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI.

The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors.

Significant cybersecurity M&A deals announced by Airbus, Cellebrite, Databricks, Quantum eMotion, Rapid7, and OpenAI.

The bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation.

In January 2026, a threat actor hacked the hospital’s internal network and stole personal and health information.

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data.

The malware can spy on victims, steal their information, and make configuration changes on devices.

Variance has raised a total of $26 million in funding and the latest investment will fuel platform growth.