The recent Vercel breach underscores a critical cybersecurity vulnerability stemming from the unapproved use of AI applications. A compromised third-party AI tool, granted OAuth access to internal systems, allowed attackers to pivot into Vercel's environment. This incident reveals the escalating risks associated with shadow AI integrations and OAuth sprawl within enterprise ecosystems.

Multiple official SAP npm packages were compromised in a sophisticated supply-chain attack, leading to the theft of sensitive credentials and authentication tokens from developers and CI/CD environments. Security researchers link the incident with medium confidence to the notorious TeamPCP threat actors, known for similar supply-chain compromises.

A sophisticated supply chain attack, dubbed "mini Shai-Hulud," has compromised critical SAP-related npm packages, actively stealing developer credentials and cloud secrets. This campaign targets SAP's JavaScript and cloud application development ecosystem, posing a significant threat to CI/CD pipelines and software integrity. Researchers link the operation to the known TeamPCP threat actor, raising alarms about its advanced propagation and data exfiltration capabilities.

Google has patched a critical maximum-severity vulnerability in its Gemini CLI, impacting continuous integration (CI) environments and posing a significant remote code execution (RCE) risk. This flaw, carrying a CVSS score of 10.0, allowed attackers to bypass security measures and execute arbitrary commands on host systems before sandboxing could initialize. The fix addresses how the tool processes untrusted inputs, preventing potential supply-chain attacks.

New research from Forescout reveals a critical vulnerability: at least 670 internet-facing VNC servers offer direct, unauthenticated access to industrial control systems (ICS) and operational technology (OT). This alarming exposure represents a significant attack vector for nation-state actors and cybercriminals targeting critical infrastructure globally. It underscores a broader issue of millions of remote access servers left unprotected online.

A critical authentication bypass vulnerability, identified as CVE-2026-41940 with a CVSS score of 9.8, has been discovered in cPanel and WebHost Manager (WHM), allowing unauthenticated access to web hosting control panels. This severe flaw necessitates an emergency, manual update process for all affected versions, exposing a vast array of websites and server infrastructure to significant risk.

Ukrainian law enforcement has successfully dismantled a cybercrime ring responsible for hijacking and monetizing over 610,000 Roblox gaming accounts, yielding a profit of $225,000. This operation highlights the growing sophistication of financially motivated cybercriminals targeting digital assets, regardless of their perceived value.

Cyberattackers have leveraged zero-day authentication bypass vulnerabilities in the widely-used Qinglong task scheduling tool, actively deploying cryptominers on developer servers since early February. These critical remote code execution (RCE) flaws, affecting versions 2.20.1 and older, were exploited weeks before their public disclosure, highlighting a significant pre-patch threat window. The compromise allows adversaries to inject malicious shell commands, resulting in high CPU usage from disguised cryptomining processes.

North Korean state-sponsored hackers, known as Famous Chollima, are exploiting AI-generated npm packages in a sophisticated supply chain attack codenamed "PromptMink." This multi-layered campaign infiltrates development environments to plunder cryptocurrency wallets and sensitive credentials from unsuspecting users. The novel approach highlights an evolving threat landscape where AI tools are leveraged for advanced cyber espionage and financial theft.

The U.S. Marine Corps is integrating brain function evaluations into Marines' official health records, driven by congressional mandates to address the impacts of weapons blast exposure. This move aims to establish cognitive baselines and monitor neurological health, particularly for troops at high risk, as part of broader mitigation strategies to protect warfighters from overpressure injuries. The initiative follows immediate steps to limit blast exposure in training environments.

The Pentagon has disclosed for the first time that Operation Epic Fury in Iran has cost American taxpayers approximately $25 billion to date. Acting comptroller Jules Hurst III revealed the figure during House Armed Services Committee testimony, noting that the bulk of the expenditure has been on ordnance. This public disclosure marks a significant moment for the Trump administration regarding the financial transparency of the ongoing conflict.

BAE Systems Hägglunds is downplaying Estonia's recent withdrawal from a high-stakes joint European procurement of CV90 infantry fighting vehicles, stating the impact on the program will be "marginal." This comes as the company intensifies negotiations with the remaining five European nations for what is expected to be a substantial order of at least 500 new vehicles. Concurrently, BAE is undertaking significant investments to ramp up its production capacity in response to the robust demand for armored platforms across the continent.