I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

Atlassian to use Jira/Confluence metadata and content for AI training starting Aug. 17, 2026

Beginning August 17, 2026, Atlassian will collect cloud customer metadata and in-app content from Jira, Confluence, and other products to train its AI offerings (including Rovo and Rovo Dev). Opt-out rules differ: only Enterprise can opt out of metadata contribution, while “every customer” can opt out of contributing in-app data.

Key Details

  • Scope: enabled by default for Atlassian Cloud and stated to affect ~300,000 organizations.
  • Atlassian defines metadata as content attributes (statistical/numeric derivatives) and “common patterns” (frequent phrases/keywords/topics extracted from search, Rovo Chat, and some configuration data).
  • In-app data includes user-created content and custom names (e.g., Confluence page content, Jira issue titles/descriptions/comments, custom workflow/status names, custom emoji names) that may be used when enabled via settings.

Next Steps

Read more at GitLab Blog, Atlassian

Attackers Hid Malware in a Support Chat Screenshot and Walked Out With 60 DigiCert EV Certificates

Attackers compromised DigiCert support endpoints with a malware payload sent via a customer chat channel and then used access to the internal support portal to obtain EV code-signing certificates that were later used to sign malware. DigiCert says it revoked the affected certificates and changed support workflows and portal access to prevent support staff proxy sessions from exposing certificate “initialization codes.”

Key Details

  • The attacker delivered a payload as a “screenshot” attachment in support chat; the malware infected two DigiCert endpoints, with the second detection delayed due to a malfunctioning endpoint security sensor.
  • From the compromised endpoint, the actor pivoted into DigiCert’s internal support portal where support analysts can proxy into customer accounts; that proxy capability exposed initialization codes for pending code-signing orders.
  • By April 17, DigiCert said it had identified and revoked 60 certificates, including 27 explicitly linked to the threat actor; 11 were community-reported and used to sign the Zhong Stealer malware family.
  • DigiCert reported no evidence the actor misused internal systems beyond code-signing initialization codes within specific accounts, and said it canceled pending orders in the affected window to cut off further access.

Next Steps

  • If you rely on DigiCert code-signing, review recent certificate orders and validate any unexpected issuance/revocation notifications against your internal approval records and vendor communications.

Read more at SecurityWeek, Hackread

Claude’s Chrome extension flaw lets any other extension remotely command the AI agent and exfiltrate data from Gmail/Drive/GitHub

Researchers found that any Chrome extension—including “zero-permission” ones—could message and control the Claude in Chrome extension by abusing a trusted communication path that didn’t verify who was sending commands. LayerX demonstrated theft and unauthorized actions via the AI agent, including accessing Google Drive and Gmail activity and pulling private GitHub code, and said Anthropic’s May 6 patch added friction but didn’t fully remove the underlying attack path in all scenarios.

Key Details

  • LayerX reported the issue to Anthropic on April 27 and said Anthropic characterized it as a duplicate of an issue being addressed in a future update.
  • Anthropic released extension version 1.0.70 on May 6; LayerX said new approval flows and checks made exploitation harder in “standard” mode, but takeover was still possible in some cases.
  • The extension trusted the origin (claude.ai) rather than the execution context, allowing scripts injected by other extensions to be treated as trusted and forwarded as prompts/commands to Claude.
  • Attackers could manipulate Claude’s “perceived” UI state via DOM changes (for example, removing labels/indicators around sensitive actions) to influence decisions and bypass safeguards, according to the proof of concept.
  • LayerX’s PoC actions included sharing Google Drive files externally, surveilling and sending emails from the victim’s account, and extracting private source code from a connected GitHub repository.

Next Steps

  • Update “Claude in Chrome” to version 1.0.70 or later
  • Reduce extension-to-extension attack surface by tightening extension allowlisting, especially on browsers used for sensitive Gmail/Drive/GitHub workflows.

Read more at CSO Online, SecurityWeek, CyberScoop

Trellix says attacker accessed part of its internal source code repository; no evidence of tampered releases

Trellix disclosed that a threat actor gained unauthorized access to a portion of its internal source code repository. The company says it has no evidence its software release/distribution process was affected or that the source code has been exploited, but it provided few details about what was accessed or how the intrusion occurred.Trellix is a major enterprise cybersecurity company — protecting 80% of the global Fortune 100 — specializing in extended detection and response (XDR), formed in 2022 from the merger of McAfee Enterprise and FireEye.

Key Details

  • Trellix said it is working with external/leading forensic experts and has notified law enforcement.
  • The company has not disclosed which repositories/products were exposed, how long access persisted, or how much data was taken.

Next Steps

  • Pay extra attention to next releases from Trellix, to detect possible malicious updates.

Read more at Dark Reading, The Cyber Express, SecurityWeek, BleepingComputer

EU provisional AI Act changes delay high-risk obligations and ban “nudifier” apps and AI-generated child sexual abuse content

EU negotiators have updated the AI Act’s rollout, making two significant adjustments: Businesses using AI in sensitive areas — hiring, credit, biometrics, border control, law enforcement — now have until December 2027 to comply, rather than August 2026. The reason is practical: the technical standards companies need to actually follow the rules aren’t finalized yet. AI embedded in regulated physical products gets even more time, until August 2028.**At the same time, the deal adds outright bans on “nudifier” apps and AI-generated child sexual abuse material, with a December 2026 compliance deadline **— sooner than most other obligations.

Read more at The Cyber Express

PCPJack cloud worm evicts TeamPCP infections, then steals and exfiltrates cloud and developer credentials

Researchers reported a modular worm dubbed PCPJack that removes TeamPCP malware artifacts from compromised cloud hosts while installing its own credential-stealing framework. The toolset spreads by scanning exposed cloud services and exploiting known vulnerabilities, then exfiltrates harvested secrets via attacker-controlled infrastructure (including Telegram).

Key Details

  • Target discovery is fueled by Common Crawl parquet datasets, which the malware downloads and parses to identify potential external targets before scanning/exploitation.
  • Credential theft spans cloud/container/dev tooling and services, with modules aimed at environments like Docker, Kubernetes, Redis, MongoDB, and broad cloud app ecosystems (e.g., AWS and GitHub were cited among targeted services).
  • Telegram is used for command-and-control and exfiltration, with credentials encrypted before being sent to an attacker-controlled channel.

Next Steps

  • Patch the five exploited CVEs (CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, CVE-2025-48703) across affected internet-exposed services and images.

Read more at The Register, SecurityWeek, BleepingComputer, The Hacker News, Dark Reading

ICE considers smart glasses to augment Mobile Fortify face-scanning app used for citizenship checks

ICE is exploring developing smart glasses that would supplement its Mobile Fortify facial-recognition app, according to a DHS official and an attendee who heard a senior ICE official discuss the plan at a conference. **Mobile Fortify **is described as letting officers scan a person’s face and quickly query government databases to decide whether to detain them.

Key Details

  • A DHS official said ICE is “exploring developing a pair of smart glasses” tied to Mobile Fortify.
  • A separate source—an attendee at a conference—also said a senior ICE official described the smart-glasses plan.
  • 404 Media previously reported ICE and CBP were using Mobile Fortify internally to scan faces.

Read more at 404 Media

The Password You Can’t Change Is Letting Strangers Drive 16,000 Lawn Mowers and Hack Your Home WiFi

Security researcher Andreas Makris demonstrated that Yarbo’s internet-connected yard robots can be remotely hijacked at scale, including driving units and manipulating their cameras, using weaknesses that effectively grant access across the fleet. The same access path also enabled retrieval of sensitive owner data, turning a consumer yard tool into a remotely controllable physical device and potential foothold inside home networks.

Key Details

  • According to Makris, the robots run Linux with a hardcoded root password that firmware updates restore back to the default, limiting an owner’s ability to permanently remediate by changing credentials.
  • Makris said the issue is effectively “one-to-many”: access to one robot can translate into access to other Yarbo robots, and he tracked roughly 5,400 devices in the US/Europe and over 11,000 worldwide in his mapping.
  • The researcher demonstrated remote camera control/streaming and joystick-style driving of a robot actively mowing at a private residence, enabling surveillance of a target property.
  • Makris reported he could extract owners’ email addresses, Wi‑Fi passwords, and precise GPS coordinates for devices/households, and The Verge verified at least some of this by contacting owners who confirmed the Wi‑Fi credentials were valid.

Next Steps

  • If you operate Yarbo units, treat them as high-risk IoT endpoints and isolate them to a dedicated guest/IoT network that has no routing to corporate or sensitive home segments (and rotate Wi‑Fi credentials if they were entered into the Yarbo app/device).

Read more at The Verge

Code-of-conduct themed phishing hit 35,000 users and used AiTM to steal Microsoft sign-in tokens in real time

Microsoft reported a multi-stage “code of conduct review” phishing campaign that used adversary-in-the-middle (AiTM) pages to capture Microsoft credentials and session tokens in real time, bypassing MFA. The operation ran April 14–16, 2026 and combined polished internal-compliance lures with legitimate email delivery infrastructure to increase trust and deliver victims into the token-harvesting flow.

Key Details

  • Targeting: 35,000+ users across 13,000+ organizations in 26 countries, with 92% of targets in the United States.
  • Emails used compliance-style branding and urgency, including display names like “Internal Regulatory COC,” “Workforce Communications,” and “Team Conduct Report”, plus authenticity statements claiming links/attachments were “reviewed and approved.”
  • Victims were nudged via a PDF attachment containing a link that kicked off a chain of intermediate pages and CAPTCHA checks intended to appear legitimate and impede automated defenses.

Next Steps

  • Add detections/triage for messages that use “code of conduct”/compliance case lures plus a PDF that links out, especially when paired with multi-step CAPTCHA landing flows.

Read more at Microsoft Security Blog, The Hacker News, SecurityWeek

CISA’s “CI Fortify” urges critical infrastructure to run for “weeks to months” while OT is isolated from IT and third parties

CISA launched its “CI Fortify” initiative to help critical infrastructure operators plan to sustain essential services even after disconnecting OT from business IT, telecom, and third-party/vendor connections during geopolitical crises. The guidance centers on “isolation” (preventing threats entering via IT or suppliers from spreading into OT) and “recovery” (restoring operations quickly if systems are compromised), shaped by concerns about state-backed pre-positioning campaigns like Volt Typhoon and Salt Typhoon.

Key Details

  • The “isolation” pillar assumes third-party communications and service providers may be unreliable in a crisis and calls for proactively severing external links to limit lateral movement into OT while maintaining degraded-but-safe operations.
  • Operators are asked to define acceptable service levels during isolation and align expectations with critical customers (including military installations and other lifeline services).
  • CISA says CI Fortify will include targeted technical assessments and creation of plans that support “safe operations for weeks to months while isolated.”
  • The “recovery” pillar emphasizes current system documentation, secure backups, and rehearsed restoration/manual operations, including identifying dependencies that could stall recovery (e.g., licensing servers, remote vendor access, upstream connectivity).

Read more at CISA, CyberScoop, The Cyber Express

Benchmark finds Claude Opus 4.6 can identify ~25–29% of known single-function C CVE flaws, but with high false positives and inconsistent runs

In a benchmark on 435 real-world vulnerable C functions (paired with their patched versions), researchers found Claude Opus 4.6 correctly identified about 25.1%–28.5% of vulnerabilities depending on prompting and tooling. The same testing showed false positives were frequent (up to ~60% of functions flagged) and results varied noticeably across repeated runs, limiting standalone usefulness without additional workflow controls.

Key Details

  • The test used the paired subset of the PrimeVul dataset (real CVEs with pre-fix and post-fix function pairs), enabling a controlled check of whether the model flags the vulnerable function but not the near-identical patched function.
  • Noise was substantial: ~60% of functions had at least one potentially spurious finding in some configurations, and a structured reasoning approach reportedly reduced this to ~40%.

Read more at ZeroPath

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.