Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
How the GitLost Attack Can Leak Private GitHub Repositories via AI Agents
Researchers from Noma Security have demonstrated the GitLost attack technique, which makes it possible to extract the contents of an ...
Targeted Attacks on Roundcube Mail Servers in US and Canada
A group presumably linked to China and tracked by Proofpoint as UNK_MassTraction has, since May 2026, been conducting targeted attacks ...
CERT/CC warns of hidden admin backdoor in Tenda router firmware
The CERT Coordination Center (CERT/CC) has published an advisory about an undocumented backdoor in the firmware of several router models ...
How CVE-2026-53359 Lets KVM Guests Crash the Host
A use-after-free vulnerability (CVE-2026-53359) has been discovered in the KVM hypervisor of the Linux kernel, allowing a guest virtual machine ...
CVE-2026-20896 in Gitea Docker Images: No-Auth Account Takeover
A critical vulnerability CVE-2026-20896 with a CVSS 9.8 score has been discovered in Docker images of the Gitea platform. It ...
How Operation DragonReturn Uses DCRat to Exploit India’s Tax Season
Researchers at Seqrite Labs have uncovered a multi-stage phishing campaign code-named Operation DragonReturn, targeting Indian taxpayers, tax professionals, and corporate ...
CVE-2026-46242 Bad Epoll: Local Root via Linux epoll Race
A vulnerability CVE-2026-46242 has been discovered in the Linux kernel’s epoll subsystem, dubbed Bad Epoll. It is a use-after-free bug ...
TrojPix reveals fast RF exfiltration from air-gapped PCs
Researchers from Shandong University have presented TrojPix, a data exfiltration technique for physically isolated (air-gapped) computers that uses imperceptible pixel ...
Inside QuimaRAT, a MaaS Java RAT for Windows, Linux and macOS
Researchers at LevelBlue have identified a new cross-platform remote access trojan QuimaRAT, written in Java and targeting Windows, Linux and ...
Why Static Scanners Miss Malicious Skills for AI Coding Agents
Static scanners designed to detect malicious add-on “skills” for AI programming agents such as Claude Code, OpenAI Codex, and OpenClaw ...