I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. đŸ˜±

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

”Copy Fail” vulnerability gives root access to Linux servers with a tiny Python exploit

CISA added CVE-2026-31431, nicknamed “Copy Fail,” to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The bug lets a low-privilege local attacker escalate to root by corrupting the kernel’s in-memory page cache of setuid binaries, which makes it especially dangerous on CI runners, container hosts, and other shared-kernel systems.

Key Details

  • The issue was fixed upstream in Linux kernel 6.18.22, 6.19.12, and 7.0, with distribution updates rolling out separately.
  • Researchers described exploitation as reliable and low-effort, with public proof-of-concept code already circulating.
  • Microsoft said it is already seeing preliminary testing activity and noted that “local only” still matters a lot once an attacker gets an SSH foothold, lands a malicious CI job, or breaks into a container.

Next Steps

  • Patch Linux kernels immediately, prioritizing systems that run untrusted code such as CI runners, shared hosts, and container nodes.
  • If you cannot patch right away, reduce local attack paths and disable affected crypto-socket exposure where feasible.

Read more at The Hacker News, Microsoft Security Blog, BleepingComputer, SecurityWeek, Wired, Copy.fail

GitHub patches critical RCE bug, but many self-hosted Enterprise Server instances are still exposed

GitHub fixed CVE-2026-3854, a critical command-injection bug where any authenticated user with push access could achieve remote code execution on GitHub backend servers using a normal git push. GitHub says it found no evidence of real-world exploitation before patching GitHub.com, but the lag on self-hosted GitHub Enterprise Server upgrades leaves a large exposed footprint.

Key Details

  • GitHub said it deployed the GitHub.com fix within roughly two hours of validating the report.
  • Wiz reported that about 88% of internet-exposed GitHub Enterprise Server instances were still unpatched at the time of disclosure.
  • The root cause was unsanitized git push options being embedded into internal service headers, which allowed header injection and command execution.

Next Steps

  • Upgrade GitHub Enterprise Server to a fixed release: 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later.
  • Verify that internet-exposed appliances are no longer running vulnerable builds and restrict unnecessary external access to admin or developer surfaces.

Read more at BleepingComputer, The Hacker News, SecurityWeek, CSO Online

Anthropic opens Claude Security public beta

Anthropic launched Claude Security in public beta for Claude Enterprise, positioning it as an in-product way to scan repositories, validate findings, and propose patches without building custom agents or API workflows. In parallel, the open-source CVE MCP Server project uses Anthropic’s Model Context Protocol to let Claude query a large set of security tools through one natural-language workflow.

Key Details

  • Anthropic says Claude Security uses Opus 4.7 to scan codebases, validate findings, and reduce false positives before suggesting patches.
  • The product is aimed at Claude Enterprise customers rather than general public use.
  • Related ecosystem work such as CVE MCP Server is trying to compress multi-tool CVE triage into a single conversational interface.

Next Steps

  • If you use Claude Enterprise, trial Claude Security on a non-critical repository first and measure whether the validation layer meaningfully cuts false positives.
  • Compare its workflow against your existing SAST, dependency, and AppSec tooling before widening use.

Read more at Cybersecurity News, SiliconANGLE, SecurityWeek, Cybersecurity News

AI agents can be tricked into exfiltrating OAuth tokens and other credentials

Okta Threat Intelligence found that agentic AI tools with access to credentials can leak secrets in unpredictable ways through prompt injection and social engineering. In one test, an agent was manipulated into exposing a token indirectly by first showing it locally and then, after a reset, taking a screenshot and sending that image through a hijacked communication channel.

Key Details

  • The test setup assumed the agent had broad workstation access and was controlled through Telegram.
  • After the agent “forgot” earlier context, testers got it to capture a screenshot containing the token and send it out.
  • In another case, the agent directly asked for credentials over Telegram, exposing them through an ungoverned channel.

Next Steps

  • Remove or tightly restrict agent access to tokens and credential stores, and prefer short-lived credentials.
  • Do not control high-privilege agents over consumer messaging platforms without strong governance.
  • Minimize agent permissions and require explicit confirmation for high-impact actions.

Read more at CSO Online, Okta

Survey: only 34% of cyber professionals plan to stay with their current employer

A survey of 500 cybersecurity professionals found that only about a third plan to stay with their current employer. The results point to flexibility, skills growth, and visible executive support for security as stronger retention drivers than raw compensation alone.

Key Details

  • Hybrid schedules, especially one to two days onsite per week, were associated with lower intent to leave.
  • Respondents who felt their employer genuinely treated security as a priority were far more likely to stay.
  • The report says wage growth, career progression, training, autonomy, and modern tooling all weigh heavily in retention.

Next Steps

  • If retention is a problem, formalize a clear hybrid or remote policy instead of negotiating flexibility ad hoc.
  • Publish role ladders, fund training and certifications, and make sure leadership support for security is visible in budgets and staffing.

Read more at CSO Online

OpenAI to restrict GPT-5.5-Cyber to a small group of “trusted defenders”

OpenAI says it will begin a limited rollout of GPT-5.5-Cyber to a handpicked group of defenders working on critical systems. The model is framed as a defensive capability, but the described feature set includes vulnerability discovery, exploitation, and malware analysis, which keeps the dual-use debate front and center.

Key Details

  • OpenAI says access decisions will be coordinated with government and ecosystem stakeholders.
  • Reporting describes GPT-5.5-Cyber as able to pentest, find bugs, exploit them, and analyze malware.
  • The UK AI Security Institute reportedly rated it as one of the strongest cyber-capable models it has tested.
  • The move follows Anthropic’s own limited cyber-model release, which OpenAI leadership had previously criticized.

Next Steps

  • Track how “trusted access” programs for cyber models are being defined, because that will shape who gets early access to offensive-capable tooling.
  • If you rely on external AI vendors for security workflows, include restricted-model access risk in your planning.

Read more at The Register

Disneyland begins optional face-recognition entry lanes

Disneyland Park and Disney California Adventure have started offering optional face-recognition entry lanes for reentry convenience and fraud prevention. Even for visitors who do not opt in, Disney notes that images may still be captured through other entry processes, which raises the usual questions about consent boundaries and retention.

Key Details

  • Disney says the face-recognition lane test is optional, but non-participants may still have their image taken elsewhere in the entry flow.
  • The company says face-derived numeric identifiers are generally deleted after 30 days, with exceptions for legal or fraud-prevention needs.
  • The rollout fits a broader trend of face recognition expanding into airports, stadiums, and other venues.

Next Steps

  • Review venue and supplier privacy notices carefully before adopting biometric entry systems of your own.
  • If you operate public-facing systems, define retention, consent, and exception handling explicitly before launch.

Read more at Disney, Wired

Five Eyes agencies publish guidance for securing agentic AI

Cyber agencies from the US, UK, Canada, Australia, and New Zealand published joint guidance warning that agentic AI systems should now be treated as a mainstream cybersecurity concern. The guidance argues that organizations should govern agents through existing security disciplines like zero trust, least privilege, and defense in depth rather than inventing a separate parallel security model.

Key Details

  • The guidance groups risk into five areas: privilege, design and configuration flaws, behavioral risks, structural failures, and accountability gaps.
  • It highlights prompt injection as a practical agent-hijacking path.
  • Agencies recommend cryptographic identities per agent, short-lived credentials, encrypted communications, and human approval gates for high-impact actions.

Next Steps

  • Give each agent a verified identity with short-lived credentials and encrypt agent-to-service communications.
  • Build human sign-off into any high-impact workflow and map agent deployments back to your existing least-privilege and zero-trust controls.

Read more at CyberScoop

Utah age-verification law targets VPN use explicitly

Utah’s Online Age Verification Amendments, effective May 6, make it the first US state to explicitly address VPN and proxy use in age-verification requirements. The law says a person is considered to be accessing a site from Utah based on physical presence, even if they mask their IP, and it also restricts covered sites from explaining how to use VPNs to bypass checks.

Key Details

  • The law treats access as occurring from Utah if the user is physically located in Utah regardless of VPN or proxy masking.
  • Covered sites are also barred from providing bypass instructions related to VPN-based evasion.
  • This moves age-verification law from pure content compliance into network-location and circumvention policy.

Next Steps

  • If you operate age-gated services in the US, review whether your compliance flows now need to account for state-level anti-circumvention language.
  • Involve counsel early, because rules around location, VPN handling, and user guidance are getting more specific.

Read more at Tom’s Hardware

AWS publishes an ISO 31000:2018 risk management compliance guide

AWS released a new “ISO 31000:2018 Risk Management on AWS” guide that maps AWS services and processes to the core stages of an ISO 31000-aligned risk program. It is not a certification announcement, but it is a useful reference for teams trying to operationalize risk assessment, treatment, and monitoring inside AWS under the shared-responsibility model.

Key Details

  • The guide covers risk context setting, assessment, treatment, monitoring, and review.
  • It ties those steps back to AWS-native services and automation patterns.
  • The release is mainly useful as a reference architecture and control-mapping aid for cloud-heavy risk programs.

Next Steps

  • If you run your ISMS or ERM workflows in AWS-heavy environments, review the guide for service mapping ideas and architecture references.
  • Do not treat the document as a substitute for your own risk methodology, ownership model, or treatment decisions.

Read more at AWS Security Blog

Telegram Mini Apps abused for crypto scams and Android malware delivery

Researchers described a fraud operation that uses Telegram bots to launch Mini Apps inside Telegram’s in-app browser, making phishing and scam dashboards look native to the platform. Some of the same flows also pushed Android APK downloads, using brand impersonation and countdown-based urgency to drive deposits, referrals, or malicious installs.

Key Details

  • The campaigns impersonated brands including Apple, Coca-Cola, Disney, eBay, IBM, MoonPay, NVIDIA, and YouKu.
  • Scam pages often showed fake balances, earnings, countdowns, and withdrawal barriers to pressure victims into depositing funds.
  • Some Mini Apps distributed brand-masquerading APKs, hosted in a way that reduced browser warning friction.

Next Steps

  • On managed Android devices, consider blocking APK sideloading unless there is a strong business need.
  • Train users to treat Telegram bots launching Mini Apps the same way they would treat unknown links or app-install prompts.

Read more at BleepingComputer

Google AppSheet notification emails used as a phishing relay in a large Facebook takeover campaign

Guardio and others reported that a Vietnamese-linked operation used Google AppSheet’s email-notification infrastructure to send Meta-themed phishing lures from trusted Google systems. That let the messages inherit Google’s mail reputation and helped them pass common email authentication checks on the way to an estimated 30,000 compromised Facebook accounts.

Key Details

  • Phishing mail was sent through AppSheet infrastructure such as [email protected] and appsheet.bounces.google.com.
  • Reporting linked roughly 30,000 victim records to Telegram-based exfiltration and operator workflows.
  • Some clusters used Google Drive-hosted PDFs and live operator panels, while others used Netlify or Vercel-hosted Facebook Help Center clones.

Next Steps

  • If AppSheet is not a normal part of your vendor or application estate, flag or block inbound AppSheet notification mail.
  • Update phishing awareness and email filtering rules to account for trusted-platform relay abuse, not just spoofing.

Read more at The Hacker News, Guardio Labs, Hackread

Google patches a CVSS 10.0 Gemini CLI trust bug affecting headless CI runs

Google fixed a maximum-severity Gemini CLI flaw where headless CI runs automatically trusted the workspace and loaded attacker-controlled configuration or environment variables. In practical terms, that meant a malicious repository or pull request could turn Gemini CLI into a CI-host code-execution path if the workflow processed untrusted content.

Key Details

  • The issue affected headless runs on untrusted directory contents, especially CI jobs processing user-submitted pull requests.
  • Google changed headless behavior so workspace trust must now be explicit, aligning it with interactive mode.
  • Google also changed --yolo handling so fine-grained tool allowlists are no longer bypassed, which may break existing workflows.

Next Steps

  • Update Gemini CLI and google-github-actions/run-gemini-cli to 0.1.22.
  • Review workspace-trust handling and tool allowlists in CI before re-enabling automated use on untrusted repositories.

Read more at The Register, SecurityWeek, The Hacker News, CSO Online

Malicious lightning PyPI package executed a hidden JavaScript payload on import

Newly published versions of the PyPI lightning package were reportedly tampered with so that importing the module triggered a hidden downloader and an obfuscated JavaScript payload. Reporting suggests the implant targeted developer and cloud credentials and may also have been used to abuse stolen GitHub tokens and tamper with downstream package or repository workflows.

Key Details

  • The reported malicious behavior targeted tokens, environment variables, repositories, and cloud-related secrets.
  • Socket said it observed behavior consistent with GitHub API abuse to commit encoded stolen data into repositories and even attempts to infect npm tarballs.
  • Suspicious activity around a Lightning-AI GitHub account complicated disclosure and response, although the full compromise scope was not confirmed.

Next Steps

  • If you installed and imported lightning 2.6.2 or 2.6.3, rotate exposed secrets immediately and inspect repositories for unauthorized commits or encoded data.
  • Downgrade to lightning 2.6.1 or hold upgrades until maintainers publish verified remediation guidance.

Read more at Socket, The Hacker News, Socket, Socket

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.