Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
CVE-2026-20896 in Gitea Docker Images: No-Auth Account Takeover
A critical vulnerability CVE-2026-20896 with a CVSS 9.8 score has been discovered in Docker images of the Gitea platform. It ...
How Operation DragonReturn Uses DCRat to Exploit India’s Tax Season
Researchers at Seqrite Labs have uncovered a multi-stage phishing campaign code-named Operation DragonReturn, targeting Indian taxpayers, tax professionals, and corporate ...
CVE-2026-46242 Bad Epoll: Local Root via Linux epoll Race
A vulnerability CVE-2026-46242 has been discovered in the Linux kernel’s epoll subsystem, dubbed Bad Epoll. It is a use-after-free bug ...
TrojPix reveals fast RF exfiltration from air-gapped PCs
Researchers from Shandong University have presented TrojPix, a data exfiltration technique for physically isolated (air-gapped) computers that uses imperceptible pixel ...
Inside QuimaRAT, a MaaS Java RAT for Windows, Linux and macOS
Researchers at LevelBlue have identified a new cross-platform remote access trojan QuimaRAT, written in Java and targeting Windows, Linux and ...
Why Static Scanners Miss Malicious Skills for AI Coding Agents
Static scanners designed to detect malicious add-on “skills” for AI programming agents such as Claude Code, OpenAI Codex, and OpenClaw ...
How a GX Mods bug in Opera GX exposed Gmail addresses
Opera has fixed a critical vulnerability in the GX Mods mechanism of its gaming browser Opera GX, which allowed a ...
Inside the Kairos Data-Extortion Case Against a US County
A government entity in the US paid about $1 million to extortionists who, according to researchers, did not encrypt a ...
Gaslight: Rust-Based macOS Backdoor Targeting Analyst LLM Tools
Researchers at SentinelOne have discovered a previously unknown family of malware for macOS called Gaslight, which combines backdoor and infostealer ...
False Extreme Alert Sent via Brazil’s Defesa Civil System
On June 20, 2026, an unidentified attacker gained unauthorized access to Brazil’s national emergency alert system Defesa Civil Alerta and ...