# Top Stories

Bitrefill confirmed that North Korea's Lazarus group accessed 18,500 purchase records containing email addresses, crypto payment addresses, and IP metadata. This represents another successful supply chain attack by DPRK actors targeting cryptocurrency infrastructure, highlighting persistent threats to crypto e-commerce platforms.

The GlassWorm supply-chain campaign returned with coordinated attacks targeting hundreds of packages across GitHub, npm, and VSCode/OpenVSX extensions. This demonstrates the continued evolution of software supply chain attacks targeting developer ecosystems and highlights the need for enhanced package repository security.

Medusa ransomware claimed attacks on Mississippi's largest hospital, causing 9-day system outages, and a New Jersey county. These healthcare sector attacks demonstrate the continued targeting of critical infrastructure and the operational impact ransomware has on patient care and public services.

Apple released its first Background Security Improvements update to fix WebKit vulnerability CVE-2026-20643 on iPhones, iPads, and Macs without requiring full OS upgrades. This new update mechanism represents a significant shift in how Apple addresses critical security flaws across its ecosystem.

BeyondTrust disclosed data exfiltration vulnerabilities in Amazon Bedrock AgentCore Code Interpreter, LangSmith, and SGLang that enable attackers to use DNS queries for interactive shells and remote code execution. These flaws highlight critical security gaps in AI code execution environments that could expose sensitive data.

LeakNet ransomware adopted ClickFix social engineering delivered through compromised websites and deploys a Deno runtime-based in-memory loader. This represents a tactical evolution showing ransomware groups moving beyond traditional credential theft to browser-based social engineering for initial access.

South Korean National Tax Service accidentally exposed the mnemonic recovery phrase of a seized Ledger wallet, resulting in theft of $4.4 million from 8.1 billion won worth of confiscated cryptocurrency assets. This incident demonstrates how operational security failures can compromise law enforcement cryptocurrency seizures.

Researchers disclosed vulnerabilities in internet-exposed IP KVM devices from four manufacturers that provide BIOS-level access to servers. These flaws could allow attackers to gain complete control over remote systems through out-of-band management interfaces, representing a significant risk to data center security.

Robotic surgery giant Intuitive disclosed a cyberattack after an employee fell victim to phishing, resulting in unauthorized access to internal business applications. This breach affects a critical healthcare technology provider, potentially impacting surgical robot operations and patient data security.

UK Companies House confirmed a vulnerability that could have exposed details of millions of firms and allowed unauthorized record alterations. This government database breach represents a significant risk to business privacy and the integrity of official corporate records across the United Kingdom.