Israeli startup Copperhelm has officially emerged from stealth mode, announcing $7 million in seed funding to advance its innovative agentic cloud security platform. This significant investment, led by TLV Partners, will fuel the development and market expansion of a platform designed to autonomously monitor, investigate, and remediate threats within large enterprise cloud environments using AI agents. Founded by a team with deep expertise from Unity, McAfee, and RSA, Copperhelm aims to redefine cloud security with its real-time, context-aware approach.

A critical supply chain attack has compromised the popular Bitwarden CLI NPM package, specifically version 2026.4.0, leading to the potential theft of multi-cloud secrets and GitHub tokens from affected systems. This incident, linked to ongoing campaigns against the open source software ecosystem and potentially prior Checkmarx compromises, highlights a sophisticated threat targeting development environments and critical infrastructure. With over 250,000 monthly downloads, the compromise of Bitwarden's CLI presents a significant risk to enterprises relying on the platform for secure credential management.

Cloudsmith, a Belfast-based artifact management platform, has secured $72 million in Series C funding, bringing its total investment to $124 million. This significant capital injection will fuel its mission to secure the increasingly complex software supply chains, particularly those generated by AI agents and large language models (LLMs). The platform offers critical capabilities such as detecting vulnerabilities, blocking malicious code, and providing a chain of custody for vital software packages and ML models.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical directive, ordering all federal agencies to patch a zero-day Microsoft Defender vulnerability, CVE-2026-33825 (BlueHammer), by May 7. This high-severity privilege escalation flaw has been actively exploited in attacks, allowing low-privileged local actors to gain SYSTEM access on Windows systems. The mandate comes after a security researcher publicly disclosed the flaw and proof-of-concept exploit code, highlighting concerns over Microsoft's disclosure process.

A newly identified, China-backed advanced persistent threat (APT) group dubbed GopherWhisper has been uncovered by ESET, revealing a sophisticated campaign leveraging custom Go-based malware and an array of legitimate communication platforms. Active since at least 2023, this group is exploiting services like Microsoft 365 Outlook, Slack, and Discord for command-and-control, and File.io for data exfiltration, compromising dozens of government entities worldwide. ESET researchers managed to access GopherWhisper's C2 communications, providing unprecedented insight into their operations and confirming attribution.

The United Kingdom's National Cyber Security Centre (NCSC-UK) and a coalition of ten international partners have issued a stark warning: China-nexus hackers are increasingly leveraging vast botnets of compromised Small Office/Home Office (SOHO) and Internet of Things (IoT) devices to conduct stealthy cyber operations. This joint advisory highlights a significant shift in state-sponsored threat tactics, moving away from individually procured infrastructure towards extensive networks of hijacked consumer devices to obscure their origins and evade traditional defenses. These sophisticated proxy networks, including identified botnets like Raptor Train and KV-Botnet, pose a profound challenge to national security.

Hackers have severely compromised the software supply chain of Checkmarx KICS, an open-source security scanner, by injecting malicious code into its official Docker images and VS Code/Open VSX extensions. This sophisticated attack allowed the exfiltration of critical developer credentials, including GitHub tokens, cloud access keys for AWS, Azure, and GCP, npm tokens, and SSH keys from compromised development environments. The stolen data was then covertly transmitted to imposter Checkmarx domains, highlighting a serious breach in trust for a tool designed to enhance code security.

Trigona ransomware has re-emerged with a significant tactical shift, now deploying a custom-built, proprietary data exfiltration tool named "uploader_client.exe" to steal sensitive data from compromised networks. This sophisticated command-line utility employs parallel uploads and TCP connection rotation after 2GB of traffic, specifically designed for enhanced speed and evasion. Observed in recent March attacks, this move indicates a deliberate effort by attackers to maintain a lower profile by sidestepping public tools that typically trigger security defenses.

Hackers are actively exploiting a critical vulnerability, CVE-2026-3844, in the widely used Breeze Cache WordPress plugin, allowing unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution. This severe flaw, rated 9.8 CVSS, has already seen over 170 exploitation attempts and impacts more than 400,000 active installations globally, underscoring an immediate threat to a vast segment of web infrastructure.

The escalating conflict with Iran has significantly diverted U.S. military resources, including tens of thousands of service members and critical Patriot interceptor stockpiles, away from global commitments and particularly impacting the prospect of a robust American role in a future Ukraine peacekeeping mission. This large-scale reallocation comes as Kyiv observes the very air defense systems it needs being consumed in a new Middle East war, raising serious doubts about Washington's capacity and willingness to fulfill long-term security commitments in Eastern Europe. Amidst these shifting priorities, the Trump administration has already tempered its initial proposals for leading such a mission, signaling a challenging path ahead for Ukraine's post-conflict stability.

The Department of Defense has rapidly deployed over 100,000 semi-autonomous AI agents across its unclassified networks in less than five weeks, signaling a significant acceleration in AI adoption within the military. These agents, built using low-code/no-code platforms like Agent Designer, are actively automating diverse tasks for military personnel and civilians, logging over 1.1 million sessions to date.

The Pentagon has fundamentally reshaped its counter-drone strategy following a September exercise that meticulously replicated a Ukrainian 'spiderweb' drone attack on a Florida airfield. Dubbed Operation Clear Horizon, the simulation exposed critical vulnerabilities in existing U.S. counter-UAS approaches, prompting a comprehensive re-evaluation of defense priorities and procurement. This decisive shift is now directly informed by real-world battlefield intelligence from Eastern Europe, signaling a new era for U.S. drone defense.