A critical new Mirai variant, Nexcorium, is actively exploiting CVE-2024-3721 to hijack TBK DVR-4104 and DVR-4216 devices, building a formidable DDoS botnet through command injection. This operation is part of a broader trend where threat actors are leveraging known vulnerabilities in various IoT devices, including end-of-life TP-Link Wi-Fi routers, to deploy Mirai-like malware.

Sanctioned cryptocurrency exchange Grinex has suspended operations following a $13.74 million cyberattack, with the company accusing Western intelligence agencies of perpetrating the "sophisticated" hack. This incident not only led to the theft of over 1 billion rubles in user funds but also severely disrupts an infrastructure reportedly utilized for Russian sanctions evasion. Incorporated in Kyrgyzstan, Grinex was sanctioned by the U.K. and U.S. last year for its role in illicit financial activities.

New data reveals that unmanaged non-human identities, such as service accounts and API keys, were responsible for a staggering 68% of cloud breaches in 2024, far surpassing traditional attack vectors like phishing. This alarming statistic underscores a critical vulnerability in modern cybersecurity, as the proliferation of AI agents and automated workflows is rapidly expanding the volume of these often-unmonitored, privileged credentials. These "ghost identities" represent a vast, accessible attack surface that security teams are struggling to track.

Vercel, a prominent web infrastructure provider, has publicly confirmed a significant security breach, attributing its origin to a compromised employee account at Context.ai, a third-party AI tool. This supply chain attack subsequently allowed unauthorized access to internal Vercel systems and exposed a limited subset of customer credentials, prompting immediate credential rotation for affected users. The sophisticated nature of the incursion, now claimed by the notorious ShinyHunters group who are demanding a $2 million ransom, underscores the evolving threat landscape faced by critical online services.

Cybersecurity researchers have flagged ZionSiphon, a new and politically motivated malware specifically designed to target Israeli water and desalination operational technology (OT) systems. Detected shortly after the recent Twelve-Day War between Iran and Israel, this sophisticated threat possesses sabotage capabilities for chlorine and pressure controls and demonstrates advanced multi-protocol ICS manipulation, with its Modbus attack path being the most developed.

A critical 'by design' vulnerability in Anthropic's Model Context Protocol (MCP) is threatening the integrity of the AI supply chain, potentially allowing remote code execution (RCE) on thousands of systems. This systemic flaw, affecting over 7,000 publicly accessible servers and software packages, exposes sensitive data like API keys and chat histories, yet Anthropic has declined to address the architectural weakness.

Despite the dazzling promises of AI demonstrations, a significant majority of AI initiatives ultimately falter not due to technological inadequacy, but because their impressive demo performance crumbles under the weight of real-world operational complexities. This prevalent 'demo-to-production chasm' reveals a critical disconnect between controlled environments and the messy realities of enterprise deployment, where pristine data and predictable inputs give way to unruliness. The initial burst of enthusiasm often wanes as organizations grapple with the profound challenges of integrating AI into existing workflows and managing unforeseen operational friction.

This week, web infrastructure giant Vercel revealed a data breach stemming from a compromised third-party AI tool, a stark reminder of the pervasive supply chain risks facing even sophisticated tech providers. This incident, alongside disruptions of major DDoS-for-hire services and the emergence of the PowMix botnet targeting Czech workers, collectively paints a picture of adversaries increasingly exploiting trusted pathways and legitimate tools to achieve their objectives. From AI-powered applications to browser extensions and even update channels, the consistent theme is a strategic bending of trust rather than outright system breakage.

A critical remote code execution vulnerability (CVE-2026-5760, CVSS 9.8) has been discovered in SGLang, a widely used high-performance framework for serving large language models. This severe flaw allows attackers to achieve arbitrary Python code execution on inference servers by manipulating specially crafted GGUF model files, presenting a significant supply chain risk for AI deployments. The exploit targets the '/v1/rerank' endpoint through Jinja2 server-side template injection, making any system loading a compromised model vulnerable.

The U.S. Air Force's planned retirement of the A-10 Thunderbolt II by fiscal year 2029 is poised to create a critical void in combat search and rescue (CSAR) capabilities, threatening a specialized mission that dates back to the Vietnam War. This move eliminates not only an aircraft, but also the 'Sandy' pilots whose decades-old, unique training fosters operational trust and expertise essential for complex, high-stakes recovery operations. A recent CSAR mission over Iran, involving a damaged A-10, starkly illustrates the irreplaceable value of a dedicated platform and highly trained personnel for rescuing downed aircrews.

The U.S. Air Force has announced a reversal in its A-10 Warthog retirement timeline, extending the venerable ground-attack aircraft's service through 2030, a year beyond its previously scheduled 2029 exit. This strategic decision by Secretary of the Air Force Troy E. Meink aims to bolster combat power amidst escalating operational demands, particularly in ongoing missions in Iran. The extension comes as the Defense Industrial Base ramps up production of new combat aircraft, suggesting a tactical need to maintain immediate aerial capabilities.

France is significantly accelerating its defense modernization efforts, fast-tracking decisions on a new rocket artillery system and a formidable land-based ballistic missile to prepare for potential 'wars of attrition' by 2030. These urgent procurements, including 26 new artillery units and a 2,500km hypersonic-capable missile, underscore Paris's commitment to bolstering its long-range strike capabilities and domestic defense industrial base amid evolving geopolitical landscapes. The push includes extensive testing of indigenous systems from firms like Safran, MBDA, Thales, and ArianeGroup, alongside consideration of foreign alternatives.