CISA has added the CVE-2026-31431 (Copy Fail) vulnerability in the Linux kernel to its CISA KEV Known Exploited Vulnerabilities catalog, confirming its active exploitation: the flaw, rated CVSS 7.8, allows any unprivileged local user to gain root privileges by corrupting cached in-memory executable files, including setuid binaries, which makes it critical to immediately update Linux … Read more
The Vietnamese operation AccountDumpling uses the Google AppSheet service as a “phishing relay” to send emails on behalf of Meta and steal credentials from Facebook Business owners. Roughly 30,000 compromised accounts are then resold via an underground storefront, while the owners effectively lose control over their pages and ad accounts. Businesses and marketing agencies should … Read more
A newly documented campaign, dubbed PromptMink, is targeting the open source ecosystem and Web3 developers through malicious npm packages, fake job interviews and compromised GitHub projects. The operation is attributed to the North Korean threat cluster Famous Chollima (also known as Shifty Corsair), previously linked to the Contagious Interview scheme and fraudulent “remote IT worker” … Read more
Recent analysis of the VECT 2.0 ransomware family reveals a critical design flaw that effectively transforms this ransomware-as-a-service (RaaS) operation into a data‑wiping malware. Due to a broken implementation of the ChaCha20 cipher, encrypted files larger than approximately 131 KB cannot be recovered by victims or by the attackers themselves, regardless of whether a ransom … Read more
Google has remediated a critical remote code execution (RCE) vulnerability in its Gemini CLI tools, while independent researchers have disclosed additional high‑severity flaws in the Cursor AI IDE. Together, these incidents highlight how AI‑powered development tools and CI/CD integrations are rapidly becoming a prime target in the software supply chain. Critical Gemini CLI vulnerability in … Read more
A newly disclosed Linux kernel vulnerability, dubbed Copy Fail and tracked as CVE-2026-31431, has been rated CVSS 7.8 and allows a local, unprivileged user to obtain full root access on most modern Linux systems. According to research teams from Xint.io and Theori, the flaw is simple to exploit, broadly deployed, and effective across multiple Linux … Read more
Application security vendor Checkmarx is continuing to investigate a significant software supply chain attack that has reportedly led to internal data being published on a Dark Web leak site. The case illustrates how even security vendors remain exposed to sophisticated attacks that target the software delivery pipeline rather than production environments directly. Checkmarx data leak: … Read more
The open source AI gateway LiteLLM by BerriAI is at the center of a serious security incident. A critical vulnerability tracked as CVE-2026-42208 is already being actively exploited to steal sensitive data and LLM provider API keys from exposed deployments, only hours after public disclosure. LiteLLM CVE-2026-42208: critical SQL injection in API key validation The … Read more
One of the world’s most widely used hosting control panels, cPanel, has received urgent security updates to address a serious authentication vulnerability. The flaw affects all currently supported cPanel versions and, if successfully exploited, may allow attackers to gain unauthorized access to the server’s control panel. Critical cPanel authentication vulnerability: scope and nature of the … Read more
A recently disclosed vulnerability in Microsoft Entra ID (formerly Azure AD) allowed users with a new Agent ID Administrator role to take over arbitrary service principals, potentially leading to tenant-wide privilege escalation. The issue, discovered by researchers at Silverfort, highlights the growing security challenges around managing non-human identities and AI agents in modern cloud environments. … Read more
