More from Cybersecurity & Privacy

• 
  Adaptavist Hit by Ransomware, Fake Emails Flood Inboxes

  Adaptavist Group, a UK software consultancy, is grappling with a security breach after attackers used stolen credentials to access its systems. A ransomware gang called "The Gentlemen" claims to have stolen extensive data, including customer records and source code, though the company insists no client systems or sensitive personal data were compromised. Meanwhile, clients face a wave of imposter emails attempting phishing scams. The investigation is ongoing as Adaptavist works to contain the fallout and reassure its customers.

• 
  Arbitrum Freezes $71M in Kelp Hack

  Arbitrum's Security Council has frozen approximately 30,766 ETH worth around $71 million linked to the recent KelpDAO exploit. This emergency action moves the stolen funds into a frozen intermediary wallet, restricting hacker access and marking a rare governance intervention on a permissionless network. The freeze recovers about a quarter of the total $292 million stolen, potentially easing loss socialization debates and aiding law enforcement efforts. The next steps depend on further governance decisions and whether other chains act similarly.

• 
  Coin Center: Code Equals Free Speech

  Crypto lobby Coin Center has reinforced its stance that software code is protected free speech under the US First Amendment. Executive Director Peter Van Valkenburgh and Research Director Lizandro Pieper argue that writing crypto code is akin to publishing a book or recipe, deserving constitutional safeguards. This distinction matters as courts grapple with developer liability amid recent convictions like Tornado Cash's Roman Storm. Coin Center calls for clear legal frameworks to protect developers unless they directly control user assets or transactions.

• 
  $290M KelpDAO Hack Linked to Lazarus

  KelpDAO suffered a massive $290 million crypto theft over the weekend, with North Korea's notorious Lazarus Group suspected behind the attack. The hackers exploited vulnerabilities in KelpDAO's cross-chain rsETH token system, using falsified blockchain data to bypass security. This incident marks one of the largest crypto heists of the year, following a similar $280 million theft from Drift Protocol. Investigations continue as the DeFi community braces for potential ripple effects.

• 
  Gentlemen Ransomware Boosts Attacks with SystemBC Botnet

  The Gentlemen ransomware gang has escalated its operations by leveraging the SystemBC proxy botnet, which includes over 1,570 infected corporate hosts worldwide. This botnet enables stealthy payload delivery, targeting mainly organizations in the US, UK, Germany, Australia, and Romania. Researchers warn this signals a shift toward more sophisticated, large-scale attacks as the gang integrates advanced post-exploitation tools. Cybersecurity teams are urged to watch for new attack patterns and deploy updated detection methods.

• 
  Seiko USA Website Hacked, Data Held Hostage

  Over the weekend, the Seiko USA website was defaced by hackers who claim to have stolen the company's Shopify customer database. The attackers displayed a ransom message threatening to leak sensitive customer data including names, emails, and order histories unless a ransom is paid. Visitors to the site saw a warning that Seiko USA has 72 hours to negotiate or face public data exposure. So far, Seiko USA has not publicly responded, but the extortion message has been removed from the site.

• 
  Critical SGLang Flaw Enables Remote Hacks

  A severe vulnerability, CVE-2026-5760, has been uncovered in SGLang, an open-source AI serving framework, allowing attackers to execute arbitrary code remotely via malicious GGUF model files. The flaw exploits a Jinja2 template injection in the reranking endpoint, posing a major security risk with a CVSS score of 9.8. Experts warn that without patching, systems remain exposed to remote code execution attacks. The recommended fix involves sandboxing template rendering to block malicious payloads.

• 
  Vercel Hit by AI Tool Breach, $2M Ransom

  Vercel, the cloud platform behind Next.js, suffered a security breach after an employee gave unrestricted access to a third-party AI tool, Context.ai, compromising their Google Workspace account. The attacker, linked to the ShinyHunters group, is demanding a $2 million ransom for stolen non-sensitive environment variables. Vercel has engaged cybersecurity firm Mandiant and notified law enforcement, urging customers to rotate API keys and review deployments. The incident highlights risks of broad AI tool permissions and prompts tighter security measures moving forward.

• 
  Microsoft Teams Exploited in Helpdesk Scams

  Microsoft has revealed a surge in cyberattacks exploiting Microsoft Teams, where hackers impersonate IT helpdesk staff to trick employees into granting remote access. Using legitimate tools like Quick Assist and Rclone, attackers move laterally within networks to steal sensitive data, blending malicious activity with normal operations. This sophisticated nine-stage attack chain highlights the growing threat of trusted collaboration platforms being weaponized. Microsoft urges users to treat external Teams contacts cautiously and tighten controls on remote assistance and WinRM usage.