# Top Stories

Anthropic's Claude Opus 4.6 AI model discovered 22 new security vulnerabilities in Firefox during a two-week security partnership with Mozilla, with 14 classified as high severity, 7 moderate, and 1 low. All issues were patched in Firefox 148 released in January, demonstrating AI's growing capability in automated vulnerability discovery.

OpenAI launched Codex Security, an AI-powered security agent that scanned 1.2 million commits and identified 10,561 high-severity vulnerabilities while proposing fixes. The tool is now available in research preview to ChatGPT Pro, Enterprise, Business, and Edu customers with free usage for one month.

Velvet Tempest ransomware operators are using ClickFix social engineering techniques combined with legitimate Windows utilities to deploy DonutLoader malware and CastleRAT backdoor in Termite ransomware attacks. This campaign demonstrates the evolution of ransomware delivery methods through deceptive user interaction.

Trump's new cybersecurity strategy emphasizes stronger deterrence against cyber adversaries, federal network modernization, critical infrastructure protection, and investment in AI and post-quantum cryptography. The comprehensive strategy addresses emerging technology challenges while strengthening national cyber defenses.

Microsoft reports threat actors are increasingly integrating artificial intelligence across all stages of cyberattacks to accelerate operations, scale malicious activities, and lower technical barriers for less sophisticated attackers. This trend represents a significant shift in how AI is being weaponized by cybercriminals.

Security researchers discovered over 100 GitHub repositories distributing the BoryptGrab stealer malware, which targets browser data, cryptocurrency wallets, system information, and user files. The campaign abuses GitHub's trusted platform to distribute malware at scale through legitimate-appearing repositories.

Cybercriminals are using a new InstallFix social engineering variant that tricks users into running malicious commands disguised as legitimate CLI tool installation guides for Anthropic's Claude Code. This technique represents an evolution of ClickFix attacks targeting developers and technical users.

Securonix identified the VOID#GEIST malware campaign using multi-stage batch scripts to deliver encrypted RAT payloads including XWorm, AsyncRAT, and Xeno RAT. The attack chain employs obfuscated batch scripts as the initial infection vector for deploying multiple remote access trojans.

CISA added three iOS vulnerabilities to its Known Exploited Vulnerabilities catalog, indicating active exploitation of these flaws in real-world attacks. The addition signals that these iOS security issues pose immediate risks to organizations and require urgent patching.

North Korean APT groups are enhancing their IT worker infiltration scams using AI tools for face swapping and automated email communication to better impersonate legitimate remote workers. These DPRK operations continue generating revenue while placing malicious actors inside organizations' technical teams.