1. CISA has issued an urgent directive for federal agencies to patch a maximum severity vulnerability in the Widget Factory Joomla Content Editor plugin, which is currently being exploited in the wild (The Hacker News).
2. Microsoft is developing a patch for a zero day privilege escalation vulnerability in the Defender Malware Protection Engine codenamed RoguePlanet (The Hacker News).
3. Threat actors are actively exploiting three vulnerabilities in Fortinet FortiSandbox, including CVE 2026 39813, CVE 2026 39808, and CVE 2026 25089 (The Hacker News).
4. A massive credential harvesting campaign has compromised over 73,000 Fortinet VPN devices worldwide, leading to a significant data leak known as FortiBleed (BleepingComputer).
5. Researchers identified a coordinated malware campaign on the JetBrains Marketplace involving 15 malicious plugins designed to exfiltrate AI provider API keys from developers (The Hacker News).
6. A supply chain attack codenamed easy day js compromised 144 npm packages within the Mastra framework after a contributor account was hijacked (The Hacker News).
7. Kodak confirmed a data breach following claims from the ShinyHunters extortion group that they accessed company data (BleepingComputer).
8. The extortion group FulcrumSec leaked samples from a 1.3TB data breach involving Novo Nordisk after a failed 25 million dollar ransom demand (Reddit).
9. A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications with capabilities to steal PINs and redirect crypto payments (The Hacker News).
10. Multiple ClickFix campaigns are delivering new malware loaders including BabaDeda, Lorem Ipsum, and Potemkin to financial and educational organizations (The Hacker News).
11. A crypto clipboard hijacker campaign is using fake reviews and AI generated content to distribute malicious tools on platforms like GitHub and SourceForge (The Hacker News).
12. Threat actors are abusing the Steam Workshop to distribute malware hidden within wallpaper packages for the Wallpaper Engine application (BleepingComputer).
13. The GhostTree attack technique uses recursive Windows junctions to evade Microsoft Defender scans and hide malicious files (BleepingComputer).
14. A vulnerability in the Google Vertex AI SDK for Python allowed attackers to hijack model uploads and execute code in the cloud infrastructure (The Hacker News).
15. A French speaking attacker maintained persistent access to a compromised automotive business by installing Tailscale and OpenSSH after the primary command and control server went offline (The Hacker News).
Be First to Comment