# Top Stories

FBI investigators are examining suspicious cyber activity on a system containing sensitive surveillance information, with the bureau working to determine the scope and impact according to congressional notifications. This incident highlights vulnerabilities in critical intelligence infrastructure and could affect ongoing national security operations and surveillance capabilities.

TriZetto Provider Solutions, a Cognizant-owned healthcare IT company, disclosed a data breach exposing sensitive information of over 3.4 million patients. The breach affects a company that develops software and services used by health insurers and healthcare providers, potentially compromising medical records, personal identifiers, and insurance information across the healthcare ecosystem.

CISA added three iOS security flaws to its Known Exploited Vulnerabilities catalog after they were targeted in cyberespionage and cryptocurrency theft attacks using the Coruna exploit kit. The vulnerabilities have been actively exploited against high-value targets, prompting federal agencies to patch their iOS devices by a mandated deadline.

International law enforcement dismantled Tycoon 2FA, a $120 phishing-as-a-service platform that enabled cybercriminals to bypass multi-factor authentication through adversary-in-the-middle attacks. The platform was linked to over 64,000 phishing attacks globally before the coordinated takedown involving Europol and cybersecurity companies.

Microsoft researchers report North Korean threat groups are using generative AI as a "force multiplier" to scale up fake IT worker infiltration schemes at global companies. The AI tools assist with creating convincing personas, face-swapping for video calls, and generating daily work communications to maintain long-term employment at target organizations.

Pakistan-linked APT group Transparent Tribe is using AI-powered coding tools to mass-produce malware implants written in lesser-known languages like Nim, Zig, and Crystal. The campaign targets Indian entities with a "high-volume, mediocre mass" of AI-generated implants that rely on trusted services to evade detection.

China-linked APT group UAT-9244 deployed three new malware families (TernDoor, PeerTime, and BruteEntry) against South American telecommunications infrastructure since 2024. The campaign targeted Windows, Linux systems, and edge devices, with Cisco Talos linking the activity to the known FamousSparrow threat group.

FBI arrested the son of a U.S. government contractor on Saint Martin island, accused of stealing over $46 million in cryptocurrency from the U.S. Marshals Service. The arrest represents one of the largest cryptocurrency thefts from a federal agency and highlights vulnerabilities in government digital asset management.

Russian national Evgenii Ptitsyn pleaded guilty to conspiracy charges related to operating the Phobos ransomware, which attacked over 1,000 organizations worldwide and netted more than $39 million in extortion payments since November 2020. Ptitsyn was extradited from South Korea and faces up to 20 years in prison.

Cisco confirmed active exploitation of two vulnerabilities in Catalyst SD-WAN Manager: CVE-2026-20122 (CVSS 7.1) allowing arbitrary file overwrite and another unspecified flaw. The company urged immediate patching as attackers are actively exploiting these flaws to compromise SD-WAN infrastructure in enterprise networks.