# Top Stories

Microsoft's LinkedIn is secretly scanning visitors' browsers for over 6,000 Chrome extensions using hidden JavaScript and collecting device data. The "BrowserGate" report reveals how LinkedIn bypasses user consent to profile browser configurations and potentially identify security tools or privacy extensions.

CISA ordered federal agencies to patch a video conferencing vulnerability within two weeks after Chinese hackers actively exploited it. The directive targets a bug in TrueConf's video conferencing platform that allows privilege escalation and reconnaissance on Asian government systems.

North Korean hackers stole $285 million from Drift Protocol in just 10 seconds by taking control of admin keys and draining five vaults. The attackers prepared nonce-based transactions and infrastructure beforehand, executing a sophisticated social engineering attack against the Security Council.

The EU cybersecurity agency CERT-EU attributed a massive data breach at the European Commission to the TeamPCP hacking group. The breach compromised cloud infrastructure and exposed data from at least 29 additional EU entities beyond the Commission itself.

North Korean threat actors from UNC1069 compromised the Axios npm package through targeted social engineering of maintainer Jason Saayman. The supply chain attack demonstrates sophisticated DPRK capabilities to infiltrate widely-used JavaScript libraries through personalized social manipulation campaigns.

Critical vulnerabilities in Citrix ShareFile can be chained together to achieve unauthenticated remote code execution by bypassing authentication and uploading arbitrary files. The flaws allow attackers to completely compromise ShareFile servers without any credentials.

China-linked TA416 (also tracked as DarkPeony, RedDelta, SmugX) has targeted European government and diplomatic organizations since mid-2025 using PlugX malware and OAuth-based phishing. The campaign marks a return to European targeting after a two-year hiatus in the region.

Microsoft discovered threat actors using HTTP cookies as control channels for PHP web shells on Linux servers to achieve remote code execution. The attackers use cookie values to gate execution rather than URL parameters, persisting through cron jobs for stealthier command and control.

Telehealth company Hims & Hers suffered a data breach after attackers stole support tickets from Zendesk's customer service platform. The breach exposed patient information stored in third-party support systems, highlighting risks in healthcare companies' vendor ecosystems.

German political party Die Linke confirmed that the Qilin ransomware group stole sensitive data during an attack that forced IT systems offline. The breach affects one of Germany's major left-wing political parties and threatens to expose confidential political communications and member data.