1. A critical Linux local privilege escalation vulnerability named Copy Fail tracked as CVE-2026-31431 allows unprivileged users to obtain root access (The Hacker News).
2. Official SAP npm packages were compromised in a supply chain attack to steal developer credentials and authentication tokens (Bleeping Computer).
3. Google patched a maximum severity remote code execution flaw in the Gemini CLI npm package and GitHub Actions workflow (The Hacker News).
4. CISA issued an emergency directive for federal agencies to patch a Windows zero-day vulnerability (Reddit).
5. A popular WordPress redirect plugin was found to contain a dormant backdoor that allowed arbitrary code injection for five years (Bleeping Computer).
6. Iran-linked Handala hackers leaked data belonging to US Marines and sent threatening messages via WhatsApp (Bitdefender).
7. A developer at an AI startup triggered a 2 million dollar data breach after downloading a malicious script to cheat in Roblox (Graham Cluley).
8. Authorities arrested hackers responsible for hijacking and selling 610,000 Roblox accounts (Reddit).
9. Researchers identified a new DPRK-linked attack campaign using AI-inserted malware within npm packages (The Hacker News).
10. A Chinese Ministry of State Security hacker accused of Silk Typhoon operations was extradited to the United States (Bitdefender).
11. A critical authentication bypass and remote code execution vulnerability was identified in ProFTPD tracked as CVE-2026-42167 (Reddit).
12. A critical authentication bypass vulnerability affecting cPanel and WHM was disclosed as CVE-2026-41940 (Reddit).
13. A cybersecurity incident was reported affecting Adams County in Mississippi (Reddit).
14. Minirat malware targeting macOS systems was discovered being distributed via npm packages (Reddit).
15. Security researchers identified 35 vulnerabilities within the Hermes Agent software (Reddit).
Be First to Comment