Risk
-
Coupang says data breach exposed 33.7 million customer records
Coupang has acknowledged a data breach affecting about 33.7 million domestic customer accounts, exposing names, contact details, shipping addresses and partial order histories; the company says credentials and payment card data were not accessed, has notified authorities and is investigating.
-
New Android RAT ‘Albiriox’ marketed as MaaS targets banking and crypto apps
A new Android remote access trojan called Albiriox is being sold as malware‑as‑a‑service and targets more than 400 banking, payment and crypto apps using droppers, VNC‑based remote control, accessibility abuses and overlays to conduct on‑device fraud, researchers reported.
-
CISA adds OpenPLC ScadaBR XSS flaw to Known Exploited Vulnerabilities list amid active attacks
CISA added CVE-2021-26829, a cross-site scripting flaw in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation tied to a hacktivist operation; Forescout and VulnCheck reported related intrusions and a sustained OAST-driven exploit campaign.
-
Legacy Python bootstrap scripts create potential PyPI domain takeover risk, researchers say
ReversingLabs found legacy zc.buildout bootstrap scripts in several PyPI packages that download an obsolete Distribute installer from a domain now for sale, creating a potential domain takeover supply chain risk; researchers warned some projects still ship the file and pointed to a separate malicious PyPI package discovered by HelixGuard.
-
North Korean actors push 197 malicious packages to npm to deploy OtterCookie variant
Researchers say North Korean actors uploaded 197 malicious npm packages, downloaded over 31,000 times, to deploy an OtterCookie variant that evades sandboxes, establishes C2 access and steals credentials and crypto data; delivery used a Vercel URL and a now-unavailable GitHub account, and the campaign has also employed fake job-assessment lures to distribute Go-based backdoors.
-
Researchers propose observational audit to detect label leakage in machine learning models
A new observational auditing framework lets testers detect whether machine learning models leak training labels without altering training data, using proxy labels and attacker-based tests; experiments on image and click datasets showed tighter privacy settings reduced leakage.
-
Bloody Wolf campaign expands from Kyrgyzstan to Uzbekistan, delivers NetSupport RAT via Java loaders
Researchers report the Bloody Wolf hacking group used impersonated government PDFs and Java JAR loaders to deliver an older NetSupport RAT to targets in Kyrgyzstan and, later, Uzbekistan, employing geofencing and simple persistence techniques.
-
Microsoft to block unauthorized scripts on Entra ID sign-ins with CSP update
Microsoft will change the Content Security Policy for browser-based Entra ID sign-ins at login.microsoftonline.com to block unauthorized scripts and allow only trusted Microsoft domains, with a global rollout beginning mid-to-late October 2026; organisations are asked to test sign-in flows and avoid tools that inject code.
-
OpenAI notifies some API customers after Mixpanel analytics vendor hacked
OpenAI said some ChatGPT API customers had limited identifying information exposed after a smishing-driven compromise of analytics vendor Mixpanel; no chats, API requests, credentials or payment data were exposed and both companies have taken mitigation steps while investigations continue.
-
Gainsight says more customers affected as Salesforce revokes Gainsight-linked access tokens
Gainsight said suspicious activity tied to its applications affected more customers than initially reported and that Salesforce revoked related access tokens; the intrusion has been claimed by ShinyHunters while investigators and vendors take containment steps.
