• JSP webshells being dropped on unpatched PTC Windchill instances
• OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access
• Telegram-Based Millenium RAT Campaign Infects 60,000 Devices
• Mozilla warns of indirect prompt injection risk in AI coding agents
• US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw
• GPT-5.6 gets better at cybersecurity
• FBI Sounds Alarm Over Russian Intelligence Signal Phishing
• DarkMoon: Open-source AI pentesting platform
• Sycophantic chatbots and the harms that build over many chats
• Companies keep bolting AI onto their products, and the security bill is coming due
• Most teams accept higher risk for faster AI database work
• China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor
• CMC Releases Analysis and Guidance for Education Sector After Canvas Data Breach
• Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
• Twenty Million US IP Connections Used by Proxy Services
• Trust in Automated AI Vulnerability Scanning Collapses to 9%, New Study Finds
• New CISA Guide Helps Agencies Adopt SASE For Zero Trust
• macOS Flaw Lets Standard Users Disable EDR and MDM
• Major Increase in Ransomware Attacks Targeting Europe, Warns New Report
• Researchers Trick AI Browsers Into Leaking Credentials
• Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers
• macOS Backdoor Uses Prompt Injection to Evade AI Triage

The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. Entries in the KEV catalog don’t contain links to reports of exploitation, but PTC’s advisory keeps getting updated with indicators of compromise and advice for defenders, confirming that attackers are dropping JSP webshells on vulnerable systems. CISA ordered US federal civilian government agencies …