1. Over 1300 Microsoft SharePoint servers remain vulnerable to a spoofing zero day exploit that is currently being used in active attacks (BleepingComputer).
2. Microsoft released emergency out of band security updates to address a critical privilege escalation vulnerability in ASP.NET Core (BleepingComputer).
3. CISA has flagged a new SD WAN vulnerability that is currently being exploited in the wild (Reddit).
4. Researchers discovered a new variant of the LOTUSLITE backdoor attributed to the Mustang Panda APT group targeting banks in India and policy circles in South Korea (The Hacker News).
5. A critical sandbox escape vulnerability tracked as CVE 2026 5752 in the Cohere AI Terrarium environment allows for root code execution (The Hacker News).
6. The Gentlemen ransomware operation is linked to a botnet of over 1570 victims identified through a compromised SystemBC command and control server (The Hacker News).
7. A new iteration of the NGate Android malware is targeting users in Brazil by using AI generated code to steal NFC data and PINs (The Hacker News).
8. Researchers identified 22 vulnerabilities collectively named BRIDGE BREAK affecting nearly 20000 serial to IP converters from Lantronix and Silex (The Hacker News).
9. The French government agency France Titres confirmed a data breach after a threat actor attempted to sell stolen citizen data (BleepingComputer).
10. A ransomware negotiator pleaded guilty to assisting the BlackCat ransomware gang with extortion efforts against US companies (The Hacker News).
11. A previously undocumented data wiper malware dubbed Lotus was identified in targeted attacks against energy and utility organizations in Venezuela (BleepingComputer).
12. Google patched a vulnerability in its Antigravity IDE that allowed for code execution via prompt injection (The Hacker News).
13. A critical remote code execution vulnerability was discovered in the AWS aws diagram mcp server involving a denylist bypass (Reddit).
14. Versions 1.1.11 through 1.1.13 of the pgserve package were found to be compromised with malicious code (Reddit).
15. Reports indicate that unauthorized users gained access to the Anthropic Mythos AI model (Reddit).
Be First to Comment