Risk
-
Spain arrests man suspected of aiding pro-Russian hacktivist groups
Spain arrested a man in Palencia who is suspected of aiding pro-Russian hacktivist groups CyberArmy of Russia Reborn and Z-Pentest. Police seized devices, froze crypto wallets and said the probe began with FBI information.
-
GitHub agentic workflow flaw could expose private repositories, researchers say
Researchers say a prompt injection flaw in GitHub Agentic Workflows could let attackers use a public issue to pull data from private repositories without stealing an account or exploiting software vulnerabilities.
-
Fake Netflix, Coca-Cola and FIFA job scams target marketing workers
A phishing campaign has impersonated Netflix, Coca-Cola, Adidas and FIFA to target marketing professionals for at least five months, using fake interview requests and built-in Google login pop-ups to steal accounts.
-
Iran-linked hackers use new Cavern C2 against Israeli targets
Iran-linked hackers used a new modular command and control framework called Cavern against Israeli organizations, according to Check Point Research. The activity relied on DLL side loading, service-provider trust chains and multiple post-exploitation modules.
-
Linux KVM flaw lets guest VM corrupt host memory after 16 years undetected
A Linux KVM use-after-free flaw tracked as CVE-2026-53359 can let a guest VM crash the host, and a withheld exploit is said to reach host code execution on x86 systems with nested virtualization enabled.
-
Threat actors probe patched Gitea Docker flaw after public disclosure
Threat actors have started probing a patched Gitea Docker vulnerability, according to Sysdig. The flaw affects versions through 1.26.2 and can let a reachable container accept forged login headers.
-
Adobe ColdFusion flaw exploited within hours of disclosure, researcher says
Attackers are exploiting a maximum-severity Adobe ColdFusion flaw, CVE-2026-48282, within hours of disclosure, according to a researcher. The bug can enable remote code execution on unpatched systems, and officials have urged rapid patching.
-
Researchers show TrojPix air-gap attack can leak data at 8.1 Mbps
Researchers at Shandong University say a new air-gap attack called TrojPix can leak data from isolated computers through video cable emissions, reaching 8.1 Mbps in tests and a separate maximum range of 208 meters.
-
Researchers flag Java-based QuimaRAT malware sold as a cross-platform MaaS tool
Researchers have identified QuimaRAT, a Java-based cross-platform remote access trojan sold as malware-as-a-service for Windows, Linux and macOS. The modular toolset includes a builder, loader and dropper, with subscriptions starting at $150 a month.
-
Study says AI coding agent skill scanners can be evaded with simple cloaking tricks
Researchers say scanners for malicious AI coding agent skills can be bypassed with simple cloaking tricks, with one method evading every scanner tested more than 90% of the time. A runtime checker caught most hidden threats in tests.






