Lazarus Group Suspected in $290M KelpDAO Crypto Heist — BleepingComputer

State-sponsored North Korean hackers, likely the Lazarus Group, are suspected of orchestrating a $290 million crypto-heist targeting KelpDAO. The attack involved sophisticated techniques to exploit vulnerabilities within the decentralized finance (DeFi) ecosystem. This incident highlights the increasing threat posed by nation-state actors in the cryptocurrency sector, emphasizing the need for robust security measures and continuous monitoring to protect digital assets from such high-profile attacks.

ZionSiphon Malware Targets Israeli Water Systems — The Hacker News

Cybersecurity researchers have identified a new malware strain, ZionSiphon, targeting Israeli water and desalination operational technology (OT) systems. The malware leverages vulnerabilities in these critical infrastructures to potentially disrupt water supply operations. This discovery underscores the vulnerabilities in OT environments that could be exploited by adversaries, necessitating enhanced security protocols and incident response strategies to safeguard essential services against cyber threats.

Microsoft Releases Emergency Patches for Windows Server — BleepingComputer

Microsoft has issued out-of-band updates to address critical issues affecting Windows Server systems. These updates aim to rectify problems that could lead to system instability and potential security vulnerabilities. Organizations relying on Windows Server are advised to apply these patches immediately to mitigate risks and ensure the integrity and availability of their IT infrastructure. This highlights the importance of staying current with vendor patches to protect against potential exploits.

• The Gentlemen ransomware now uses SystemBC for bot-powered attacks [BleepingComputer]
• Microsoft: Teams increasingly abused in helpdesk impersonation attacks [BleepingComputer]
• Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain [The Hacker News]
• SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files [The Hacker News]
• CVE-2023-33538 TP-Link - Security Affairs [Google News Security]