[TheHackersNews] Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack. The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025,... ow.ly/Bb7E106oZTQ

[Wired - Security] Hundreds of People With ‘Top Secret’ Clearance Exposed by House Democrats’ Website. A database containing information on people who applied for jobs with Democrats in the US House of Representatives was left accessible on the open web. ow.ly/PxAU106oZU1

[Schneier on Security] First Wap: A Surveillance Computer You’ve Never Heard Of. Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws: Operating from their base in Jakarta, where... ow.ly/OjG0106oZZj

[Security Affairs] Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD. Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks. Trend Research... ow.ly/sV1V106p00n

[The Register - Security] Ex-CISA head thinks AI might fix code so fast we won't need security teams. Jen Easterly says most breaches stem from bad software, and smarter tech could finally clean it up Ex-CISA head Jen Easterly claims AI could spell... ow.ly/aHhg106p03U

[HelpNet] 72 states sign first global UN Convention against Cybercrime. The world’s first global convention to prevent and respond to cybercrime opened for signature today in Hanoi, Vietnam, and will remain open at United Nations Headquarters in New... ow.ly/T4Pr106p09m

[TheHackersNews] ⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens. Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to... ow.ly/pkvl106p0ec

[HelpNet] Ransomware, extortion groups adapt as payment rates reach historic lows. Ransomware groups are facing an economic downturn of their own: In Q3 2025, only 23 percent of victims paid a ransom, and for data theft incidents that involved no... ow.ly/PYLb106p0fI

[The Register - Security] Researchers exploit OpenAI's Atlas by disguising prompts as URLs. NeutralTrust shows how agentic browser can interpret bogus links as trusted user commands Researchers have found more attack vectors for OpenAI's new Atlas... ow.ly/OSFr106p0os

[HelpNet] eBook: A quarter century of Active Directory. Active Directory (AD) remains the backbone of enterprise identity and a prime target for attackers. Explore its 25-year history, evolving risks, and how organizations can modernize password... ow.ly/2UCi106p0p0

[HelpNet] Jumio introduces selfie.DONE to simplify digital identity verification. Jumio announced the launch of selfie.DONE, a new solution that delivers on the company’s vision for true reusable identity. selfie.DONE empowers trusted users to be... ow.ly/x1Wq106p0yO

[Schneier on Security] Louvre Jewel Heist. I assume I don’t have to explain last week’s Louvre jewel heist. I love a good caper, and have (like many others) eagerly followed the details. An electric ladder to a second-floor window, an angle grinder... ow.ly/c435106p0yR

[HelpNet] Albireo PCS delivers secure, managed cloud alternative to on-premise servers. Albireo Energy launched Private Cloud Services (PCS), a secure, fully managed cloud service designed to host and protect Building Automation System (BAS) and... ow.ly/vIz5106p0zs

[HelpNet] Zumigo enhances fraud prevention with low-code tools and passwordless authentication. Zumigo has upgraded its solutions designed to help businesses fortify their defenses against rising sophisticated consumer fraud with an identity-first... ow.ly/1WqO106p0Ap

[Security Affairs] Crafted URLs can trick OpenAI Atlas into running dangerous commands. Attackers can trick OpenAI Atlas browser via prompt injection, treating malicious instructions disguised as URLs in the omnibox as trusted commands. Attackers can... ow.ly/xpVR106p0As

[The Register - Security] You have one week to opt out or become fodder for LinkedIn AI training. Nations previously exempt from scraping now in the firing line If you thought living in Europe, Canada, or Hong Kong meant you were protected from... ow.ly/AjIM106p0By

[TheHackersNews] New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands. Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject... ow.ly/uhXx106p0BF

[Dark Reading] Qilin Targets Windows Hosts With Linux-Based Ransomware. The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats. ow.ly/BnBu106p0MU

[The Register - Security] Breach at Iran’s cyberspy factory results in leak of student data. Ravin Academy confirms the intrusion on Telegram, says investigation continues Iran's school for state-sponsored cyberattackers admits it suffered a breach... ow.ly/QcsX106p0PB

[Cyberscoop] Hacking Team successor linked to malware campaign, new ‘Dante’ commercial spyware. Kaspersky researchers said Memento Labs appears to be behind both the Operation ForumTroll malware and spyware, known as Dante. The post Hacking Team... ow.ly/SFzu106p0Zo