**Week in Review: Top Cybersecurity News Stories**
As we dive into another week of cybersecurity news, it's clear that attackers are getting more sophisticated and organized. From exploited vulnerabilities to new AI-driven threats, here's a summary of the top stories you need to know.
**Microsoft SharePoint Vulnerability Exploited by Attackers**
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a Microsoft SharePoint vulnerability (CVE-2026-20963). Despite being patched in January 2026, attackers are still exploiting this remote code execution flaw. Organizations must ensure their systems are up-to-date and monitor for any suspicious activity.
**ScreenConnect Servers Open to Attack**
A critical vulnerability (CVE-2026-3564) in ScreenConnect servers has been discovered. This bug allows attackers to hijack sessions by abusing ASP.NET machine keys to forge trusted authentication. ConnectWise has patched the issue, but affected organizations must take immediate action to secure their systems.
**New Vulnerabilities and Threats**
* A powerful iPhone hacking toolkit dubbed "DarkSword" has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities. * The Interlock ransomware gang exploited a critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) weeks before it was patched. * Google researchers have discovered a new spy-grade iOS exploit kit called Coruna, which has been used in commercial surveillance operations.
**Cybersecurity Best Practices**
* CISA urges organizations to secure endpoint management systems immediately, citing the recent cyberattack on Stryker Corporation as an example of foreign cyber activity tied to Middle East conflicts. * Betterleaks, a new open-source secrets scanner, can detect leaked credentials and API keys in git repositories and directories. * Google is restricting access to Android's accessibility API to curb malware abuse.
**Ransomware and Malware**
* ESET Research tracked nearly 90 EDR killers actively used in the wild, which are designed to disable endpoint detection and response software before launching encryptors. * Ransomware attackers often deploy EDR killers as a standard component of their intrusions.
**AI-Driven Threats**
* Fake AI songs streamed billions of times have netted a fraudster $10 million in diverted royalty payments from artists. * Google is slowing down Android sideloading to trip up scammers and reduce scam-driven installation of malicious software.
As we continue to navigate the ever-evolving cybersecurity landscape, it's essential to stay informed about emerging threats and best practices. Keep your systems up-to-date, monitor for suspicious activity, and prioritize security awareness training for your team.