Pentagon AI office, Army award Ask Sage $10M for GenAI expansion
The contract expands the Army’s “Enterprise Large Language Model Workspace” — just introduced in May — to users at OSD, the Joint Staff, and combatant commands worldwide.
Cyber Security
Insomnia API Client Vulnerability Enables Arbitrary Code Execution via Template Injection
A severe security vulnerability in the Insomnia API Client, a widely used tool by developers and security testers for interacting with APIs, has been uncovered by researchers at an offensive security consultancy. Discovered by Technical Director Marcio…
Threat Actors Exploit Vercel Hosting Platform to Distribute Remote Access Malware
CyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform, to distribute a malicious variant of LogMeIn, a legitimate remote access tool. Over the past two months, threat actors have orchestra…
TxTag Phishing Campaign Exploits .gov Domain to Deceive Employees
A new and alarming phishing campaign has surfaced, leveraging the credibility of a .gov domain to deceive employees into believing they owe unpaid tolls. Identified by the Cofense Phishing Defense Center (PDC), this campaign manipulates the GovDelivery…
PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection
A recent threat hunting session has revealed a sophisticated PowerShell script, named y1.ps1, hosted in an open directory on a Chinese server (IP: 123.207.215.76). First detected on June 1, 2025, this script operates as a shellcode loader, employing ad…
How chiefs of Honeywell Aerospace and Leonardo DRS each plan to expand
The CEOs of Honeywell Aerospace and Leonardo DRS separately told Breaking Defense they are expecting to spend on M&A activity in the near-term.
Massive DDoS Attack Hits 7.3 Tbps Delivering 37.4 Terabytes in 45 Seconds
The internet witnessed a new record in cyberattacks last month as Cloudflare, blocked the largest distributed denial-of-service (DDoS) attack ever recorded. The attack peaked at an astonishing 7.3 terabits per second (Tbps), overwhelming its target wit…
Azure Misconfiguration Lets Attackers Take Over Cloud Infrastructure
A recent security analysis has revealed how a chain of misconfigurations in Microsoft Azure can allow attackers to gain complete control over an organization’s cloud infrastructure, from initial access to full tenant takeover. The attack path, demonstr…
AI Transformational Model accelerates battle staff decision-making ‘seven-fold’ in Air Force experiment
In the service’s inaugural DASH experiment, coders from both industry and the Shadow Operations Center – Nellis (ShOC-N) spent two weeks building “agentic AI” tools that staff officers then tried out in high-pressure conflict scenario…
AntiDot 3-in-1 Android Botnet Malware Grants Attackers Full Control Over Victim Devices
A new Android botnet malware named AntiDot has emerged as a formidable threat, granting cybercriminals unprecedented control over infected devices. Operated and sold by LARVA-398 as a Malware-as-a-Service (MaaS) on underground forums like XSS, AntiDot …