1. Splunk Enterprise is affected by a critical unauthenticated remote code execution vulnerability tracked as CVE-2026-20253 (The Hacker News).
2. The ShinyHunters threat group is actively exploiting a zero day vulnerability in Oracle PeopleSoft to compromise hundreds of organizations (Reddit).
3. CISA has issued an emergency directive requiring federal agencies to patch a maximum severity Ivanti vulnerability within three days (Reddit).
4. The Lapsus ransomware group has claimed responsibility for a potential breach of GitHub, though the incident remains unconfirmed (Reddit).
5. Chinese state sponsored hackers maintained unauthorized access to an isolated network authentication stack for a decade (Bleeping Computer).
6. The US government ordered Anthropic to suspend access to Fable 5 and Mythos 5 models for foreign nationals due to security concerns (Bleeping Computer).
7. A malicious ad blocker named PromptSnatcher has been identified stealing AI chat data from approximately 90,000 installations (Reddit).
8. A former school district employee was sentenced to 21 months in prison for conducting cyberattacks against their former employer (Bleeping Computer).
9. NPM 12 is introducing changes to script execution behavior to mitigate ongoing supply chain attack risks (Reddit).
10. The state of Maine disabled its data breach notification portal following the submission of fake disclosures (Reddit).
11. A new malware campaign is bypassing AI security scanners by using fake nuclear weapon prompts to trigger safety failsafes (Reddit).
12. Over 400 Arch Linux packages were found to be compromised with rootkits and information stealing malware (Reddit).
Be First to Comment