Today’s cybersecurity news highlights a diverse range of threats spanning insider breaches, AI-accelerated attacks, critical software vulnerabilities, and evolving tactics in cyber reconnaissance. Organisations and security teams face increasing challenges from both human and automated adversaries, underscoring the need for rigorous access controls, timely patching, and user-centric security awareness.
Insider Breaches and Executive Device Compromises
Coinbase Insider Breach Linked to Leaked Support Tool Screenshots
Coinbase has confirmed an insider breach involving a contractor who improperly accessed data of approximately thirty customers. This incident, which occurred in December 2025, highlights the persistent risk posed by insiders or contractors with privileged access. For security teams, this reinforces the importance of stringent access management and monitoring of third-party users to prevent data leaks.
Step Finance $40 Million Crypto Theft Traced to Executive Device Compromise
Step Finance revealed a significant loss of $40 million in digital assets after hackers compromised devices belonging to company executives. This attack underscores how targeted compromises of high-level personnel can lead to substantial financial damage. Business leaders should prioritise securing executive endpoints with advanced endpoint detection and response capabilities and enforce strict multi-factor authentication.
Exploitation of Critical Vulnerabilities
Rapid Weaponization of Microsoft Office RTF Bug by Russian APT28
APT28, a notorious Russian threat actor, has been observed weaponizing a Microsoft Office Rich Text Format (RTF) vulnerability within just three days of its discovery. This multistage infection chain delivers malicious payloads following initial user interaction. Security teams must ensure that patching cycles are accelerated and that email filtering systems are enhanced to detect such exploits.
SolarWinds Web Help Desk RCE Flaw Actively Exploited, CISA Warns
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to patch a critical Remote Code Execution (RCE) vulnerability in SolarWinds Web Help Desk within three days. Active exploitation of this flaw poses a significant risk to organisations using SolarWinds products. Prompt patch management and vulnerability scanning remain vital.
Docker Patches Critical Ask Gordon AI Vulnerability Allowing Code Execution
Docker addressed a critical flaw dubbed DockerDash affecting Ask Gordon, an AI assistant integrated into Docker Desktop and CLI. The vulnerability could permit attackers to execute arbitrary code and extract sensitive information via manipulated image metadata. This incident illustrates the growing security considerations around AI-powered tools and container environments.
Malicious Campaigns Targeting Infrastructure and Developer Ecosystems
Citrix NetScaler Reconnaissance Using Thousands of Residential Proxies
A widespread reconnaissance campaign targeted Citrix NetScaler devices by employing tens of thousands of residential proxies to discover login portals. This tactic complicates detection and attribution, highlighting the need for network anomaly detection and robust access controls on internet-facing infrastructure.
GlassWorm Malware Resurfaces, Infecting Open VSX Components
The self-replicating GlassWorm malware has reemerged, tainting new Open VSX software components and potentially delivering information-stealing payloads to downstream users. This resurgence reinforces the criticality of supply chain security and the need for developers and organisations to verify the integrity of open-source dependencies.
AI-Driven Attacks and User Interface Risks
AI Accelerates AWS Environment Breach to Eight Minutes
An AI-assisted attack started with exposed AWS credentials found in public S3 buckets and rapidly escalated to administrative privileges within eight minutes. This rapid breach demonstrates how AI can amplify the speed and sophistication of attacks, increasing the urgency for comprehensive cloud security practices including credential hygiene and continuous monitoring.
Dark Patterns in User Interfaces Undermine Security
An emerging concern is how certain websites and applications use ‘dark patterns’—designs that subtly nudge users toward poor security decisions. These deceptive interfaces erode trust and can lead to inadequate security behaviours. Organisations need to balance user experience with transparent, security-friendly designs.
Data Breaches with Limited Exposure
Iron Mountain Data Breach Limited to Marketing Materials
Iron Mountain disclosed a breach claimed by the Everest extortion gang but stated the impact was mostly limited to marketing materials. While less severe than breaches involving sensitive personal data, such incidents remind organisations of the broad spectrum of data at risk and the reputational consequences of breaches.
Key Takeaways
- Insider threats remain a significant risk; access controls and monitoring for contractors and executives must be stringent.
- Rapid exploitation of newly discovered vulnerabilities, especially in widely used software like Microsoft Office and SolarWinds, requires accelerated patching workflows.
- AI is a double-edged sword, enabling faster attacks but also necessitating improved defences and cloud security practices.
- Supply chain security is critical as malware targeting developer ecosystems resurfaces.
- Malicious reconnaissance tactics leveraging residential proxies complicate detection and require advanced network security measures.
- Organisations must address dark patterns in user interfaces to foster better security behaviour among users.
- Even breaches involving seemingly low-risk data can damage brand trust and should be taken seriously.
Security teams and business leaders should take a holistic approach, combining technical controls, employee training, and robust policies to mitigate these evolving threats.