Cybersecurity

New research has unveiled Fast16, a sophisticated Lua-based malware framework developed years before Stuxnet, specifically designed to subtly sabotage high-precision calculation software. This discovery not only rewrites the timeline of advanced cyber warfare but also underscores the long-standing targeting of critical industrial and scientific processes for disruptive outcomes. Its existence, predating Stuxnet by at least five years, highlights a persistent evolution of digital weaponry beyond mere data theft, focusing instead on profound system integrity compromise.

Cybersecurity firm Checkmarx has confirmed that a cybercriminal group has published data from its GitHub repository on the dark web, stemming from a supply chain security incident first identified on March 23, 2026. The exposed data reportedly includes sensitive information like source code, employee databases, API keys, and database credentials, though the company asserts this repository is isolated from customer production environments.

A previously undisclosed, zero-click flaw in Windows, born from an incomplete Microsoft patch, has been actively exploited by the notorious Russia-linked hacking group APT28. This new vulnerability, CVE-2026-32202, enabled Fancy Bear to conduct credential theft campaigns against Ukraine and EU nations by chaining multiple zero-day exploits, leveraging weaponized LNK files to bypass security prompts and automatically pilfer NTLM credentials.

Microsoft's Outlook.com is currently experiencing a significant service degradation, leading to widespread intermittent sign-in failures, "too many requests" errors, and unexpected sign-outs for users. The tech giant attributes the disruption to a "recently introduced change" and is actively working to revert it, leaving many customers unable to access their critical email services for over three hours. This ongoing incident, flagged by thousands of user reports on Downdetector, highlights the immediate impact of even minor system alterations on large-scale cloud platforms.

Global deepfake fraud losses have surged to over $2.19 billion, with a staggering 61% of organizations reporting individual losses exceeding $100,000. These financially devastating attacks are driven by a 680% year-over-year rise in deepfake voice incidents, fueled by free, easy-to-use voice cloning tools requiring only three seconds of audio. As demonstrated by a recent nearly $500,000 fraud against a multinational firm in Singapore, these sophisticated social engineering ploys are effectively bypassing traditional enterprise defenses by targeting untrained personnel.

Medical device behemoth Medtronic has officially confirmed a network breach of its corporate IT systems, following claims by the notorious data extortion group ShinyHunters. The group asserts it exfiltrated over 9 million personally identifiable information (PII) records and terabytes of internal corporate data from the world's largest medical device maker. While Medtronic emphasizes no impact on patient safety or product operations, an investigation into potential PII exposure is ongoing.

Cybersecurity researchers have unveiled a massive global SMS fraud campaign leveraging sophisticated fake CAPTCHA schemes to trick users into unknowingly sending expensive international text messages. Active since at least June 2020, this International Revenue Share Fraud (IRSF) operation utilizes traffic distribution systems (TDSs) and browser back button hijacking to redirect victims to multi-stage verification processes, resulting in charges appearing on their mobile bills weeks later. Victims are duped into sending SMS messages to over 50 international destinations, incurring costs of up to $30 per incident for the threat actors who lease the premium-rate numbers.

A significant cyber threat has emerged, with researchers uncovering 73 fake VS Code extensions, including six confirmed malicious ones, actively participating in the GlassWorm v2 info-stealing campaign. This widespread campaign targets developers through popular IDEs like VS Code, Cursor, and Windsurf, exploiting trust in common development tools to deploy GitHub-hosted VSIX extensions after initial infection. Threat actors are employing sophisticated tactics such as social engineering, typosquatting, and sleeper packages to bypass defenses and pilfer sensitive data.

Anthropic's Mythos AI is dramatically accelerating vulnerability discovery, reportedly outmatching human red teams and threatening to swamp existing remediation processes. This rapid rise in identified flaws promises to create critical backlogs for organizations already struggling with the scale and complexity of cybersecurity, extending the window of exposure. The immediate challenge isn't just finding vulnerabilities, but effectively managing and fixing the overwhelming volume Mythos is poised to uncover.

Utility technology giant Itron, a critical provider of infrastructure solutions for global electricity, water, and gas networks, has disclosed a cybersecurity breach where an unauthorized third party gained access to some of its internal IT systems. The company, which activated its response plan last month and engaged external experts, states that the unauthorized activity has been contained and no material operational disruption or customer impact has been observed thus far. This incident underscores the persistent and escalating threat landscape targeting vital infrastructure support systems.

A sophisticated threat group tracked as UNC6692 has been observed deploying a new, custom malware suite named “Snow” to achieve deep network compromise and data theft. Leveraging Microsoft Teams and email bombing tactics, UNC6692 poses as IT helpdesk agents to trick targets into installing malicious software. This novel approach highlights a concerning evolution in social engineering, combining urgency-driven email spam with direct, seemingly legitimate contact via corporate communication platforms.