• Cursor Extension Flaw Exposes Developer API Keys
• Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets
• Researchers Track 2.9 Billion Compromised Credentials
• Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
• A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks
• Medtronic Confirms Data Breach After ShinyHunters Claims
• Ransomware Turf War as 0APT and KryBit Groups Trade Blows
• Chinese National Extradited Over Silk Typhoon Cyber Campaign
• No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
• North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures
• US Sanctions Target Cambodian Scam Network Leaders
• Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
• Widely Used Browser Extensions Selling User Data
• Most Cybersecurity Professionals Feel Undervalued and Underpaid
• Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
• Hacker with a special interest in breaching sports institutions ends behind bars
• Google brings instant email verification to Android, no OTP needed
• If cyber espionage via HDMI worries you, NCSC built a device to stop it
• Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)
• GopherWhisper APT group hides command and control traffic in Slack and Discord
• OpenAI tackles a bad habit people have when interacting with AI
• A year in, Zoom’s CISO reflects on balancing security and business
• Scenario: Open-source framework for automated AI app red-teaming

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX