SecurityWeek

A malicious version of the plugin was published to the Jenkins Marketplace late last week.

Tens of thousands of students studying for final exams around the world have regained access to a key online learning system after a cyberattack had earlier knocked it offline.

Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released.

The second iteration of the German-speaking online crime marketplace had over 22,000 users and more than 100 sellers.

Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors.

Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry.

The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply.

Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust.

A system that thousands of schools and universities use went offline due to a cyberattack, creating chaos as students tried to study for finals.

The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more.

RansomHouse has published several screenshots to demonstrate access to internal Trellix services.

Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension.

CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.

Musk said that he could have founded OpenAI as a for-profit company, just like the other companies he started or took over. “I deliberately chose this,” he said, “for the public good.”

The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was.