News
-
Iran-linked hackers use new Cavern C2 against Israeli targets
Iran-linked hackers used a new modular command and control framework called Cavern against Israeli organizations, according to Check Point Research. The activity relied on DLL side loading, service-provider trust chains and multiple post-exploitation modules.
-
Linux KVM flaw lets guest VM corrupt host memory after 16 years undetected
A Linux KVM use-after-free flaw tracked as CVE-2026-53359 can let a guest VM crash the host, and a withheld exploit is said to reach host code execution on x86 systems with nested virtualization enabled.
-
Threat actors probe patched Gitea Docker flaw after public disclosure
Threat actors have started probing a patched Gitea Docker vulnerability, according to Sysdig. The flaw affects versions through 1.26.2 and can let a reachable container accept forged login headers.
-
Adobe ColdFusion flaw exploited within hours of disclosure, researcher says
Attackers are exploiting a maximum-severity Adobe ColdFusion flaw, CVE-2026-48282, within hours of disclosure, according to a researcher. The bug can enable remote code execution on unpatched systems, and officials have urged rapid patching.
-
Suspected China-linked hackers target Indian taxpayers with tax-themed malware campaign
A suspected China-nexus campaign targeted Indian taxpayers and finance teams with tax-themed phishing emails, using fake government lures to deliver DCRat and other malware during the country’s income tax filing season.
-
Opera GX flaw let sites silently install mod and leak data
Researchers found an Opera GX flaw that let a malicious site silently install a mod and leak data from pages a victim visited. Opera says it patched the issue and found no evidence of abuse in the wild.
-
U.S. county linked to $1 million payment in data theft extortion case
A case study linked a $1 million payment to a U.S. government entity after stolen files were threatened with release. The report pointed to Union County, Ohio, and described a data theft extortion scheme with no evidence of encryption.
-
Sysdig says AI agent ran ransomware attack through patched Langflow flaw
Sysdig says an AI agent carried out a ransomware attack from start to finish after exploiting a patched Langflow flaw, stealing credentials and encrypting a production database. The report says the case shows how exposed software and weak defaults can be chained automatically.
-
Ransomware groups use Citrix flaw, stolen VPN logins and supply chain credentials
Ransomware crews tied to Anubis, The Gentlemen, VECT and TeamPCP are using Citrix exploitation, valid VPN credentials, BYOVD techniques and supply chain access to break into targets and move through networks.
-
MeetingTV sues Palo Alto Networks over Koi Security report that linked startup to espionage campaign
MeetingTV has sued Palo Alto Networks and Koi Security over a threat-intelligence blog that linked the startup to Chinese espionage. The company says the report was AI-driven, inaccurate and led to blocks on its domains.






