DAEMON Tools Trojanised in Supply Chain Attack Targeting Governments
Kaspersky researchers confirmed that Disc Soft's DAEMON Tools Lite — a ubiquitous disk-image utility installed on millions of Windows machines — was compromised in a supply chain attack, with malicious installers distributed through the software's own official website. While the trojanised versions spread widely, a sophisticated backdoor was selectively deployed on roughly a dozen systems belonging to government and scientific entities. Disc Soft has confirmed the breach and released a clean version. The selectivity of the backdoor deployment suggests a targeted espionage motive rather than broad financial crime. Anyone who installed DAEMON Tools in the affected window should treat the system as potentially compromised.
The Record ↗MuddyWater Used Microsoft Teams and Fake Ransomware to Disguise Espionage
Iran's MuddyWater group — linked to the Ministry of Intelligence — ran an intrusion in early 2026 that was dressed up to look like a Chaos ransomware attack. According to Rapid7, the crew used Microsoft Teams for social engineering to gain initial access, then established persistence, harvested credentials, and exfiltrated data — all while the ransomware decoy kept attention focused on the wrong problem. It's a deliberate false flag: burn the evidence, muddy attribution, and give the victim an incident narrative that discourages deeper forensic investigation. The technique underscores why incident responders should treat ransomware deployment as a potential cover story, not a conclusion.
SecurityWeek ↗Instructure Breach: 280 Million Records Claimed Across 8,800 Education Institutions
A hacker claims to have stolen 280 million records from Instructure — the company behind the Canvas learning management system used by colleges, school districts, and online education platforms worldwide. The alleged haul covers students and staff across 8,809 institutions. Instructure has not confirmed the scale of the breach. Canvas is widely deployed across Australian universities and secondary schools, meaning Australian student and staff data could plausibly be in scope. If confirmed, the Privacy Act's mandatory data breach notification obligations would apply to any Australian institutions affected, and the OAIC would likely take a close interest given the volume and sensitivity of education records involved.
Bleeping Computer ↗New GPU Rowhammer Attack Gives Full System Compromise via NVIDIA Chips
Two independent research teams have demonstrated a rowhammer-style attack against NVIDIA Ampere-generation GPUs that goes well beyond flipping bits in GPU memory. By inducing GDDR bitflips through rapid memory access patterns, the researchers achieved full control of the host machine's CPU memory — turning a GPU exploit into a complete system compromise. The catch: IOMMU must be disabled, which is the default configuration on many systems. This is the first GPU rowhammer attack demonstrated to cross the GPU-to-host boundary at this level of impact. The research has significant implications for cloud environments where GPU instances are shared, and for AI inference infrastructure where NVIDIA Ampere cards are ubiquitous.
Schneier on Security ↗CISA's 'CI Fortify' Wants Critical Infrastructure Ready to Survive Weeks Offline
CISA has launched a new initiative called CI Fortify, aimed at preparing critical infrastructure operators to function in complete isolation — disconnected from third-party vendors, IT networks, and even the public internet — for weeks or months at a time during a major geopolitical cyber conflict. The guidance focuses on hardening operational technology (OT) environments, rehearsing manual fallback procedures, and eliminating single points of failure that rely on external connectivity. CISA will begin targeted assessments with critical infrastructure entities to identify gaps. The framing is explicitly oriented around conflict scenarios, a significant shift in tone from prior resilience guidance. Australian critical infrastructure operators under the SOCI Act face similar questions about OT isolation capability.
CyberScoop ↗Quasar Linux RAT: A Stealthy Implant Built to Own Developer Machines
Security researchers have detailed a previously undocumented Linux implant called Quasar Linux (QLNX) that combines rootkit, backdoor, and credential-stealing capabilities into a single, highly evasive package — and it's specifically targeting software developers. The implant is designed to persist undetected on developer workstations, where the payoff is high: source code, cloud credentials, API keys, and SSH certificates. QLNX uses rootkit techniques to hide its processes and network connections, making detection via standard tooling unreliable. The targeting of developers continues a trend that also produced the Trellix breach and last week's DAEMON Tools supply chain attack — compromising a developer is often cheaper than attacking a target directly.
SecurityWeek ↗Oracle Switches to Monthly Critical Patch Releases
Oracle has announced it will shift from its existing quarterly Critical Patch Update cadence to a monthly release cycle for critical-severity vulnerabilities. The change is designed to get high-priority fixes to customers faster, without waiting up to three months for the next scheduled release window. Oracle's quarterly patches have historically been enormous — sometimes covering hundreds of CVEs across its product portfolio — and critics have long argued the cycle leaves defenders exposed for too long after a vulnerability is discovered. Monthly critical releases won't replace the quarterly cycle entirely but will supplement it for the most urgent issues. Organisations running Oracle infrastructure in production should update their patching workflows accordingly.
SecurityWeek ↗AI Startup Braintrust Breached, Asks All Customers to Rotate API Keys
Braintrust, which bills itself as an operating system for teams building AI applications and is used by engineering teams to evaluate and monitor LLM outputs, confirmed that attackers compromised one of its Amazon Web Services environments. The company has notified customers and is asking everyone to rotate their API keys as a precaution — a response that implies potential exposure of credentials stored or accessible within the affected environment. The breach is notable because Braintrust sits in the AI development supply chain: its customers are the teams building AI products, meaning stolen keys could give attackers access not just to Braintrust but to downstream AI systems and the data flowing through them.
TechCrunch ↗DeepSeek Eyes $45 Billion Valuation in First External Funding Round
DeepSeek, the Chinese AI lab that rattled the industry in early 2025 by releasing a large language model trained at a fraction of the cost of comparable US models, is reportedly seeking external investment at a valuation of around $45 billion. That would make it one of the most valuable AI companies outside the US, without having previously taken institutional funding. The fundraise signals that DeepSeek's founders are ready to scale beyond the parent company High-Flyer's hedge fund backing. For the broader AI industry, a $45 billion DeepSeek raises the competitive stakes and adds geopolitical complexity — particularly for Western governments weighing the security implications of Chinese AI infrastructure becoming embedded in global workflows.
TechCrunch ↗OpenAI's Former CTO Told the Court She Couldn't Trust Sam Altman
The Musk v. Altman trial produced its most striking testimony yet on Wednesday, when a video deposition from former OpenAI CTO Mira Murati was shown to the jury. Murati testified under oath that Sam Altman lied to her about whether OpenAI's legal team had cleared a new AI model from the company's safety review process. The deposition adds weight to Elon Musk's central allegation that Altman compromised OpenAI's safety culture in the pursuit of commercial goals. Murati departed OpenAI in late 2024. The trial is testing whether OpenAI's shift to a capped-profit structure violated its founding charitable mission — a question that could have significant governance implications for the broader AI industry.
The Verge ↗Samsung Hits $1 Trillion as AI Chip Demand Rewrites Asian Tech Valuations
Samsung has crossed the $1 trillion market capitalisation mark, driven by surging demand for the high-bandwidth memory chips that power AI training and inference workloads. It becomes only the second Asian company — after TSMC — to reach the milestone. The milestone reflects how the AI boom is reshaping the semiconductor industry's centre of gravity, with memory and advanced packaging becoming as strategically important as compute. For the broader tech industry, a $1 trillion Samsung reinforces the argument that the real infrastructure layer of the AI era is hardware, not software. Australian superannuation funds with exposure to Asian tech indices will be watching Samsung's trajectory closely given the weighting implications.
TechCrunch AI ↗