1. A new Linux kernel local privilege escalation vulnerability named Fragnesia tracked as CVE-2026-46300 allows attackers to gain root access (The Hacker News).
2. A critical heap buffer overflow vulnerability in the NGINX rewrite module tracked as CVE-2026-42945 enables unauthenticated remote code execution (The Hacker News).
3. West Pharmaceutical Services confirmed a cyberattack involving data exfiltration and system encryption (BleepingComputer).
4. The Gentlemen ransomware group is increasingly using physical threats and violence against victims to force payments (Bitdefender).
5. A massive data breach affecting 30 million students across 9000 educational institutions was linked to the ShinyHunters group (Graham Cluley).
6. The Iran linked hacking group MuddyWater launched a cyber espionage campaign targeting nine major organizations including a South Korean electronics manufacturer (BleepingComputer).
7. The hacking group FamousSparrow targeted an Azerbaijani energy firm using repeated Microsoft Exchange exploitation (The Hacker News).
8. A proof of concept exploit was released for the YellowKey zero day vulnerability which allows attackers to bypass Microsoft BitLocker protection (BleepingComputer).
9. Microsoft released patches for 138 vulnerabilities including critical remote code execution flaws in DNS and Netlogon (The Hacker News).
10. A critical vulnerability in the Exim mail transfer agent allows unauthenticated remote attackers to execute arbitrary code (BleepingComputer).
11. The suspected administrator of the Dream Market dark web marketplace was indicted in the United States following an arrest in Germany (BleepingComputer).
12. Microsoft deployed a multi model agentic system called MDASH which identified 16 Windows vulnerabilities during testing (The Hacker News).
Be First to Comment