Dirty Frag is a new, currently unpatched local privilege escalation vulnerability in the Linux kernel that allows any local user to obtain root rights on most popular distributions (Ubuntu 24.04.4, RHEL 10.1, openSUSE Tumbleweed, CentOS Stream 10, AlmaLinux 10, Fedora 44, and others), while the standard temporary mitigation for Copy Fail (CVE-2026-31431) does not work: … Read more
Google has announced the extension of its Binary Transparency mechanism to the Android ecosystem, introducing a public cryptographic log of all its production applications and OS modules. This directly affects all users of Android devices with Google services and developers who rely on trust in updates, and requires enterprise security teams to reconsider their models … Read more
Three packages have been discovered on Python Package Index (PyPI) that, in addition to their advertised functionality, silently deliver the previously unknown ZiChatBot malware for Windows and Linux, using the public Zulip chat service as command-and-control infrastructure; this makes developers and any systems where these packages may have been installed between July 16 and 22, … Read more
The critical CVE-2026-41940 vulnerability in cPanel/WHM is already being used not only by mass botnets and ransomware operators, but also in targeted attacks against military and government resources in Southeast Asia, as well as managed service and hosting providers in several countries. Organizations exposing cPanel to the internet must immediately apply updates and conduct a … Read more
The North Korea–linked group ScarCruft carried out a targeted supply-chain attack against the gaming platform sqgame[.]net, popular among ethnic Koreans in China’s Yanbian region, by replacing Windows and Android components with the BirdCall spyware backdoor; the incident extends what was previously a “desktop” espionage platform into a multi‑platform one (Windows and Android) and creates a … Read more
In mid‑April 2026, a multi‑stage phishing campaign was identified that targeted more than 35,000 users across 13,000 organizations. It used convincing emails about code of conduct violations, legitimate email delivery services, and an adversary‑in‑the‑middle (AiTM) scheme to steal Microsoft credentials and tokens, allowing attackers to bypass multi‑factor authentication. The highest risk falls on organizations in … Read more
Progress Software has released updates to address two vulnerabilities in MOVEit Automation, one of which is the critical authentication bypass CVE-2026-4670 (CVSS 9.8) that allows unauthorized access to the system and administrative control, and the other is the input validation error CVE-2026-5174 (CVSS 7.7), which leads to privilege escalation. Server deployments of the managed file … Read more
In 2025, the barrier to entry for sophisticated cyberattacks collapsed: teenagers with no technical skills, using systems based on large language models, carried out breaches involving millions of records and multi‑million‑dollar extortion schemes, while the average time from vulnerability disclosure to the appearance of a weaponized exploit shrank from more than 700 days in 2020 … Read more
An international operation involving the US, China, and the UAE led to the arrest of at least 276 people, the shutdown of nine cryptocurrency scam centers, and the freezing of more than $700 million in cryptoassets, while simultaneously exposing the tight connection between pig butchering schemes, human trafficking, politically protected scam compounds in Southeast Asia, … Read more
Researchers have recorded a new China-aligned espionage activity cluster, SHADOW-EARTH-053, targeting government and defense organizations in South, East and Southeast Asia, as well as one NATO country (Poland), leveraging exploitation of vulnerable Microsoft Exchange and IIS and installation of the ShadowPad backdoor. In parallel, other clusters, GLITTER CARP and SEQUIN CARP, are running phishing operations … Read more
