Palo Alto Networks and SonicWall have released patches for multiple high-severity vulnerabilities affecting their security products. The most critical is a cryptographic signature flaw in Palo Alto's Cortex platforms that could let attackers tamper with protected resources, while SonicWall addressed a SQL injection bug that could allow privilege escalation to admin rights on their SMA1000 series firewalls. Neither company has seen evidence of active exploitation, but both are urging customers to update their systems immediately.

Security researchers have discovered a major vulnerability in Android apps where hardcoded Google API keys can be easily extracted and exploited to access Gemini AI endpoints. CloudSEK found 32 such keys in 22 popular apps with over 500 million combined users, allowing attackers to access private files, cached content, and charge AI usage to developers' accounts. The problem stems from Google's own documentation recommending embedding these keys, which were previously considered harmless but now automatically grant access to Gemini services when AI is enabled on a project.

Artificial intelligence promises tremendous benefits but carries significant risks that businesses are rushing to adopt without fully understanding. Current AI systems aren't grounded in objective truth but rather in probability calculations based on scraped internet data, leading to problems like hallucinations, built-in biases toward Western perspectives, and a dangerous tendency toward sycophancy where AI tells users what it thinks they want to hear. Experts warn that while we can't fully trust AI yet, the technology's potential is too valuable to ignore, making it essential to understand these weaknesses before adversaries exploit our reliance on these systems.

Researchers from RSAC discovered a way to bypass Apple Intelligence's safety protocols with a 76% success rate by combining two attack techniques: Neural Execs, which uses gibberish inputs to trick the AI, and Unicode manipulation, which uses backward text with right-to-left override functions to evade content filters. The attack could potentially allow malicious actors to manipulate private data in third-party apps integrated with Apple Intelligence, affecting an estimated 100,000 to 1 million users, though Apple has since rolled out protections in recent iOS and macOS updates. RSAC estimates there were 200 million Apple Intelligence-capable devices in users' hands as of December 2025, making it a high-value target for attackers.

Security researchers have uncovered a hack-for-hire campaign linked to the Bitter APT group that's specifically targeting journalists across the Middle East and North Africa region. The attacks appear focused on compromising media professionals through sophisticated cyber espionage tactics. This latest campaign highlights the growing threat of mercenary hacking operations being used to surveil and potentially silence journalists in the region.

Adobe has confirmed a zero-day vulnerability in Adobe Reader that's been actively exploited through malicious PDF files since December 2025. Attackers have been leveraging this security flaw to compromise systems before a patch could be developed and deployed. Adobe is working on a fix for this actively exploited vulnerability that poses a significant risk to users who open untrusted PDF documents.

A new report from Zscaler ThreatLabz highlights how artificial intelligence has dramatically shortened the time defenders have to respond to cyber threats, with VPNs now becoming a primary entry point for attackers. The research shows that AI has collapsed the traditional human response window, allowing cybercriminals to move through networks at unprecedented speeds once they gain remote access. Organizations are being urged to rethink their VPN security strategies as these tools increasingly become the fastest path to a successful breach.

A new security bulletin highlights critical vulnerabilities including a hybrid peer-to-peer botnet, a newly discovered remote code execution flaw in Apache that's existed for 13 years, and 18 additional security threats. The report emphasizes how VPN systems have become a preferred attack vector, with AI-enabled threats collapsing the human response window and making remote access channels the fastest path to network breaches. Security researchers are urging organizations to reassess their VPN security posture in light of these evolving AI-powered attack methods.

Federal agencies including the FBI, CISA, and NSA issued an urgent warning this week after Iran-linked hackers disrupted multiple U-S critical infrastructure organizations by targeting internet-exposed programmable logic controllers, particularly those made by Rockwell Automation. The attacks hit water systems, energy facilities, and government services, with hackers manipulating control system displays and project files in a campaign similar to previous operations by CyberAv3ngers, a group tied to Iran's Revolutionary Guard. Authorities are urging organizations to assume they're targets and proactively assess their operational technology environments for vulnerabilities.

US authorities have successfully disrupted a Russian espionage operation where hackers from APT28, also known as Fancy Bear and believed to be linked to Russia's military intelligence, compromised thousands of home and small office routers to intercept sensitive data. The attackers exploited vulnerabilities in TP-Link and MikroTik routers to alter DNS settings, enabling them to harvest passwords, authentication tokens, and emails through adversary-in-the-middle attacks that affected over 200 organizations and 5,000 consumer devices. Microsoft, Lumen Technologies, and UK cyber authorities collaborated with the FBI in the takedown, with activity peaking in December when over 18,000 unique IP addresses from 120 countries were detected communicating with the malicious infrastructure.