Each week presents fresh developments, assaults, and safeguards that influence the landscape of cybersecurity. Some dangers are swiftly thwarted, while others remain undetected until they inflict tangible harm. Occasionally, a singular update, exploitation, or error alters our perception of risk and defense. Each incident illuminates how defenders adjust — and how rapidly attackers strive to outpace them. This weekly review compiles the most significant events in one location so you can remain informed and prepared for what lies ahead.

⚡ Highlight of the Week

Google has disabled IPIDEA, an extensive residential proxy network comprised of user devices utilized as the final link in cyberattack chains. The tech giant asserts that these networks not only enable malevolent actors to cloak their harmful traffic but also expose users who enlist their devices to further attacks. Residential IP addresses in the U.S., Canada, and Europe were deemed highly desirable. Google took legal actions to confiscate or divert domains used as command-and-control (C2) for devices engaged in the IPIDEA proxy network, curtailing operators’ capacity to route traffic through compromised systems. The disruption is estimated to have diminished IPIDEA’s pool of available devices by millions. The proxy software is either pre-installed on devices or may be voluntarily installed by users enticed by the prospect of monetizing their internet bandwidth. Upon registration in the residential proxy network, operators vend access to it to their clientele. Numerous proxy and VPN brands, marketed as distinct enterprises, were overseen by the same individuals behind IPIDEA. The proxy network also endorsed numerous SDKs as tools for app monetization, covertly transforming user devices into proxy exit nodes without their awareness or consent once integrated. IPIDEA has also been tied to extensive brute-forcing attacks targeting VPN and SSH services dating back to early 2024. The team at Device and Browser Info has subsequently disclosed a roster of all IPIDEA-associated proxy exit IPs.

Fresh Perspectives From Over 1,800 Security Leaders and Practitioners

Despite 99% of SOCs already leveraging AI, 81% indicate an upsurge in workloads over the past year. Teams have yet to unlock AI’s full potential impact. Tines conducted a survey among over 1,800 security leaders and practitioners globally for their most expansive Voice of Security report to date.

🔔 Major News

Microsoft released off-cycle security patches for a critical Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, identified as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0.

Ivanti introduced security updates to rectify two vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks.

The Polish computer emergency response team disclosed that coordinated cyber assaults targeted more than 30 wind and photovoltaic farms, a private manufacturing company, and a large combined heat and power plant (CHP) supplying heat to nearly half a million customers within the nation.

Cybercriminals are actively seeking out exposed LLM and MCP endpoints to monetize at scale. The campaign dubbed Operation Bizarre Bazaar homes in on vulnerable or unprotected AI endpoints to seize system resources…