A Latvian member of the notorious Karakurt ransomware gang has been sentenced to eight and a half years in US prison for his role as a negotiator and data analyst in the operation. Deniss Zolotarjovs, who received 10 percent of ransom payments in cryptocurrency, helped extort at least 53 organizations between 2021 and 2023, causing 56 million dollars in losses. The 35-year-old was particularly involved in escalating pressure tactics, including recommending the publication of sensitive pediatric patient data when victims refused to pay immediately.

Apache has released critical security patches for HTTP Server and MINA software, addressing over a dozen vulnerabilities including flaws that could allow remote code execution. The HTTP Server update fixes 11 vulnerabilities including double-free bugs in HTTP/2 handling and heap buffer overflows, while MINA patches address two critical issues related to incomplete fixes for insecure deserialization flaws. Apache is urging organizations to upgrade immediately and explicitly configure allowed classes in the ObjectSerializationDecoder to prevent exploitation.

Google has patched a critical remote code execution vulnerability in Android's System component, tracked as CVE-2026-0073, that affects the Android Debug Bridge daemon and can be exploited without user interaction. The flaw allows attackers to execute code as the shell user without needing additional privileges, though there's no indication it has been exploited in the wild yet. In related news, Google has significantly boosted its Android bug bounty program, now offering up to one point five million dollars for certain zero-click exploits.

Security researchers are warning that roughly 300,000 deployments of Ollama, a popular open-source tool for running AI models locally, are vulnerable to a critical security flaw dubbed Bleeding Llama. The vulnerability, tracked as CVE-2026-7482 with a severity score of 9.3, allows attackers to steal sensitive information including API keys, prompts, and messages through just three unauthenticated API calls, with no credentials required. The flaw has been patched in Ollama version 0.17.1, and organizations are urged to update immediately and restrict network access to their deployments.

Security researcher Joey Melo has become a leading expert in AI red teaming by applying his penetration testing mindset to the challenge of jailbreaking large language models. His approach involves manipulating AI systems through carefully crafted prompts and context manipulation—essentially bending the AI to his will without changing the underlying code, similar to how he once modified video game configurations as a kid. After winning multiple AI hacking competitions, Melo now works at CrowdStrike helping developers strengthen AI guardrails, noting that jailbreaking has become significantly harder over the past two years as companies improve their defenses.

A critical remote code execution vulnerability in Weaver E-cology's Debug API, tracked as CVE-2026-22679, is now being actively exploited in the wild. Security researchers are warning organizations using this enterprise collaboration platform to immediately patch or disable the vulnerable debug interface. The flaw allows attackers to execute arbitrary code remotely, posing a significant threat to affected systems.

North Korean threat actor ScarCruft has compromised a gaming platform to distribute BirdCall malware targeting both Android and Windows users. The sophisticated supply chain attack represents a concerning evolution in the group's tactics, using legitimate gaming infrastructure to bypass security defenses and deliver malicious payloads. Security researchers warn this campaign demonstrates increasing sophistication in targeting gaming platforms, which often have large user bases and trusted distribution channels.

A new security scan of one million exposed AI services has revealed widespread vulnerabilities in how organizations are deploying artificial intelligence tools. The research found that many AI systems lack basic security protections, making them easy targets for attackers who could exploit these services to steal data or manipulate AI outputs. The findings highlight a growing security gap as companies rush to adopt AI technology without implementing proper safeguards.

Security researchers are warning about active exploitation of CVE-2026-29014, a critical vulnerability in MetInfo CMS that allows attackers to execute remote code on vulnerable systems. The flaw is being actively exploited in the wild, putting organizations running unpatched MetInfo installations at serious risk. Administrators are urged to apply security updates immediately to prevent potential compromises.

Security teams are leaving a critical vulnerability wide open: outdated VPN configurations that attackers are exploiting to move through networks at unprecedented speed. With AI now automating attacks, traditional remote access systems have become one of the fastest pathways to breach, yet most organizations haven't updated their defenses to match the threat. The gap between attack speed and human response time has collapsed, turning what should be a secure entry point into a liability.