Daily Recap, AI-native security, agentic workflows, and AI-abusing malware were prominent as Nebulock raised $25 million, the MCP spec expanded enterprise use while introducing new risks, and a new macOS malware strain hid fake errors to confuse AI analysis tools. Separately, Robinhood improved access-approval speed for high-velocity development while Polish authorities disrupted a SIM-swapping crypto-theft gang and attackers leveraged Bluekit, browser-in-the-middle phishing, and callback scams to target credentials. #Nebulock #MCP #macOSMalware #Robinhood #PhilipMartin #Uber #Akrites #PolandSIMSwapping #Bluekit #SIMSwapping #Cellebrite #FCC #Windows10ESU #ChromeAddOn #ShopOrderTrackingApp #PirloTV #TataElectronics #Snyk
AI & Security
- AI-native security, agentic workflows, and AI-abusing malware dominated the day, with Nebulock raising $25 million, the MCP spec expanding enterprise use but adding new risks, and a new macOS malware strain planting fake errors to confuse AI analysis tools β AI Security, MCP Risks, macOS Malware
- Mythos-style AI, red-team GRC automation, and security operations thinking were in focus as analysts weighed the impact of new AI systems and the case for NDR in modern detection workflows β Mythos AI, GRC Agent, NDR Case
Enterprise Security & Identity
- Robinhood said it cut access-approval times to support high-velocity development, while Philip Martin joined Uber as CISO, highlighting leadership and access-governance changes at major tech firms β Robinhood Access, Uber CISO
- The Linux Foundation launched Akrites, a new open-source security project aimed at strengthening modern defenses β Akrites Project
Cybercrime & Phishing
- Poland busted a SIM-swapping gang linked to millions in crypto theft, while a browser-in-the-middle phishing kit and callback scams showed attackers continuing to refine credential theft β SIM-Swapping Bust, Bluekit Phishing, Callback Scam
- A new bulletin highlighted smart TV proxyware, a 24-year-old curl bug, and more AI crime forums activity, underscoring the breadth of current threat chatter β ThreatsDay Bulletin
Nation-State & Disruptions
- Ukraineβs state postal operator and a Russian dairy company both reported cyberattack-related disruptions, showing ongoing operational impact across Eastern Europe β Ukraine Postal, Russian Dairy
- Russia was also reported to have used Cellebrite to access an activistβs phone even after contract cancellation, raising fresh concerns over digital surveillance β Cellebrite Use
Policy, Regulation & Government
- The FCC adopted new cybersecurity rules for emergency systems and undersea cables, while a federal court struck down a Trump election-focused executive order as illegal β FCC Rules, Court Ruling
- At CISA, DHS said the president has met with a potential nominee as the agency looks to hire 600 people, signaling a major workforce push β CISA Hiring
Vulnerabilities & Platform Abuse
- Microsoft quietly extended free Windows 10 ESU support to October 2027, giving users more time before end-of-support pressures intensify β Windows 10 ESU
- A Chrome ad blocker with more than 10 million installs was found capable of dormant script injection, and the Shop order-tracking app was abused to enable phishing campaigns β Chrome Add-on, Shop Abuse
- PirloTVβs sports piracy network was disrupted with 44 domains seized, marking another hit against large-scale illegal streaming infrastructure β PirloTV Seizure
Breaches & Business News
- Coverage of the day also included a Tata Electronics breach and Snyk layoffs as part of broader security-industry and corporate news β Industry Roundup