1. CISA added the critical Magento RCE vulnerability CVE-2026-45247 to its Known Exploited Vulnerabilities catalog following reports of active exploitation (The Hacker News).
2. A large scale malvertising campaign is using fake websites mimicking open source tools to distribute malware families like Remus Stealer and SessionGate (The Hacker News).
3. Attackers successfully compromised a senior executive at a global stock exchange, maintaining access to their Outlook mailbox for five months to exfiltrate data (The Hacker News).
4. ShinyHunters leaked 4.9 million customer records from Charter Communications following a social engineering attack on an employee Microsoft account (Reddit).
5. A malicious payload was discovered in the ai-sdk-ollama npm package (Reddit).
6. Researchers identified a vulnerability where poisoned notifications from apps like WhatsApp or Slack can hijack Google Gemini on Android devices (The Hacker News).
7. A new AI built ransomware toolkit has been developed to automate EDR evasion and Active Directory discovery (Reddit).
8. CISA issued a warning regarding cyberattacks specifically targeting fuel tank monitoring systems (Reddit).
9. Five Eyes intelligence agencies warned that Chinese state actors are using LinkedIn recruitment tactics to target sensitive information (Reddit).
10. A massive international operation led by the DOJ and Meta removed 1.4 million accounts and made 63 arrests related to Southeast Asian scam networks (The Hacker News).
11. California Back and Pain Specialists exposed 133GB of patient medical records on a public server (Reddit).
12. A threat actor known as PCPJack hijacked 230 cloud servers to facilitate unauthorized email distribution (Reddit).
13. A two year old RCE vulnerability in Redis was made public after an AI tool successfully identified the exploit chain (Reddit).
14. Pakistan based actors were observed using Xeno RAT to conduct espionage against the Afghan Finance Ministry (Dark Reading).
Be First to Comment