⚡ Weekly Roundup: Fortinet Exploits, Chrome 0-Day, Paragon Spyware, and More

North Korean hackers got into the Axios package, which has more than 100 million downloads a week. The fact that the malware deletes itself shows that the attackers planned and carried out the attack. Google fixed 21 security holes in its Chrome web browser, one of which is a high-severity flaw that has been used in real-life attacks.

Chinese hackers used a zero-day flaw in TrueConf's video conferencing software to attack government agencies in Southeast Asia. Due to a lack of integrity checks during application updates, attackers have been able to deliver tampered code. This is known as CVE-2026-3502 (CVSS score of 7.8). The Fortinet FortiClient EMS vulnerability has been used.

Apple makes iOS and iPadOS safer from the DarkSword Exploit Kit. ClickFix makes it easier for DeepLoad malware to get to you.

Anthropic says that a person made a mistake and released the internal code for its popular AI coding assistant, Claude Code. Every week, new security holes are found, and the time between when they are made public and when they are used gets shorter and shorter. Learn how to fix identity gaps by getting advice from IT leaders.

For example, find apps that are not connected or that use manual credentials, and give AI more access to these apps to help solve the problem. For private help, you can call the Samaritans at 08457 90 90 90, go to a local Samaritans branch, or click here for more information. This session shows how to effectively measure, fix, and close identity gaps based on data from over 600 IT and security leaders in 2026.

Know that AI agents are already in use, but many teams don't know enough about security. Without accessing source code or private information, Dev Machine Guard scans installed software, such as IDEs, AI agents, extensions, and configurations. Pius maps a company's internet-facing assets to find possible risks of exposure and reconnaissance that attackers could use.

Both tools give useful information on how to keep development environments safe and protect against threats from outside. This is only for academic and educational purposes, so please don't use it for anything else. There hasn't been a security audit on it.