A nationwide cyberattack has compromised the OnSolve CodeRED emergency notification system, prompting cities and counties across the United States to warn residents and advise password changes. CodeRED, widely used by local governments, delivers urgent alerts during severe weather, evacuations, missing persons, and other emergencies.

A new Android malware family called Albiriox is being sold under a malware-as-a-service model, offering extensive capabilities for on-device fraud, real-time device control, and screen manipulation. It targets more than 400 financial and cryptocurrency apps and spreads through dropper apps delivered via social engineering and obfuscation techniques.

OpenAI has disclosed a data breach stemming from Mixpanel, a third-party analytics provider used to track API dashboard activity. The incident did not involve unauthorized access to OpenAI’s own systems; instead, an attacker compromised Mixpanel and exported metadata linked to API users. No passwords, API keys, chat data, or payment information were exposed.

Microsoft Teams has become a staple of corporate communication, prompting companies to invest heavily in tools like Microsoft Defender for Office 365 to protect against phishing, malware, and malicious links.

A major malvertising operation known as TamperedChef is tricking users worldwide into installing malware disguised as legitimate software installers. According to Acronis Threat Research Unit (TRU), attackers are deploying fake versions of common tools to establish persistent access and deliver a JavaScript-based backdoor for remote control. The campaign remains active, supported by search engine manipulation, fake ads, and abused digital certificates—all intended to boost credibility and evade security detection.

A global Cloudflare outage briefly impacted access to major websites and online services on Tuesday, causing intermittent failures across platforms including OpenAI, Spotify, X (formerly Twitter), and numerous telecom and media sites. Users reported that pages either would not load or lacked key content, and even Downdetector—which tracks service disruptions—became temporarily unavailable. Cloudflare acknowledged the issue and began gradually restoring service approximately three hours after the problem began.

In mid-September 2025, state-sponsored cyber actors from China exploited Anthropic’s AI technology, specifically Claude Code, to orchestrate automated attacks on roughly 30 high-value global targets, including tech firms, financial institutions, chemical manufacturers, and government agencies.