# Top Stories

CISA added VMware Aria Operations vulnerability CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, confirming active exploitation of this RCE flaw. Federal agencies must patch by the CISA deadline, and the KEV listing signals widespread threat actor interest in this VMware infrastructure management platform vulnerability.

Google patched CVE-2026-21385, a high-severity memory corruption flaw in Qualcomm's graphics component that has been actively exploited in targeted Android attacks. The vulnerability allows buffer over-read when adding user data without checking available buffer space, with exploitation potentially linked to commercial spyware or nation-state groups.

Iranian drone strikes directly hit two AWS data centers in the UAE and damaged another facility in Bahrain, disrupting cloud services across the Middle East. The physical attacks demonstrate how geopolitical conflicts can directly impact critical cloud infrastructure that enterprises worldwide depend on for operations.

Dutch paint giant AkzoNobel confirmed hackers breached the network of one of its U.S. sites in what appears to be a targeted attack on industrial infrastructure. The breach affects a multinational company with significant manufacturing operations, highlighting ongoing threats to critical industrial sector organizations.

Interpol's operation against an African cybercrime syndicate led to 574 arrests and recovery of over $3 million, with threat hunters helping decrypt six malware variants. The international law enforcement action demonstrates the scale of organized cybercrime operations and the critical role of private sector threat intelligence in dismantling criminal networks.

Researchers traced U.S.-developed exploits through a supply chain from spyware vendors to Russian hackers to Chinese cybercriminals in the first known mass iOS attack. The exploit kit's journey illustrates how advanced nation-state tools proliferate through cybercriminal ecosystems, creating broader security risks beyond their original targets.

LexisNexis Legal & Professional confirmed a data breach where hackers accessed customer and business information, with threat actors subsequently leaking 2 GB of stolen data containing millions of records. The breach affects a major legal and professional services data provider, potentially exposing sensitive client information and legal research data.

Microsoft identified hackers abusing legitimate OAuth redirection mechanisms to bypass email and browser phishing protections, targeting government and public-sector organizations. The technique leverages trusted OAuth flows to redirect victims to attacker-controlled infrastructure without stealing authentication tokens, representing an evolution in phishing tactics.

A newly announced quantum algorithm challenges assumptions about RSA decryption timelines, suggesting quantum computers could break RSA encryption much sooner than expected without requiring million-qubit systems. This development accelerates concerns about quantum threats to current encryption standards and the urgency of post-quantum cryptography adoption.

Researchers discovered vulnerabilities in agentic AI browsers like Comet that allow attackers to access local file systems, browse directories, and exfiltrate data through simple calendar invites. The findings highlight new attack surfaces created by AI-powered browsing tools that can be manipulated to perform unauthorized system operations.