1+ hour, 16+ min ago  (401+ words) A new Linux kernel local privilege escalation vulnerability, dubbed "Dirty Clone" (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned network packets through the XFRM/IPsec subsystem, all without leaving a trace in kernel logs…...

1+ hour, 53+ min ago  (332+ words) A high-severity vulnerability in the Amazon Q Developer Extension for Visual Studio Code (VS Code), Amazon's AI-powered coding assistant. Tracked as CVE-2026-12957 and CVE-2026-12958 and disclosed by Wiz Research, the flaws allowed attackers to achieve arbitrary code execution and cloud…...

9+ hour, 41+ min ago  (676+ words) A Chinese-speaking threat group known as CL-STA-1062 has been running a quiet but aggressive campaign against government agencies and critical energy infrastructure across Southeast Asia. The attackers, active since at least March 2022, spent much of 2025 targeting state-owned enterprises with a…...

1+ day, 21+ hour ago  (637+ words) A dangerous Android banking trojan is once again spreading through the Google Play Store, hiding inside what appears to be a simple document reader app. The app has already been downloaded more than 100, 000 times, putting a large number of Android…...

2+ day, 1+ hour ago  (343+ words) Europol and law enforcement partners across multiple countries have dealt a significant blow to the cybercriminal ecosystems powering Steal C, Amadey, and Soc Gholish malware, three widely deployed tools in the modern "cybercrime-as-a-service" supply chain. Spanning two weeks of coordinated…...

2+ day, 4+ hour ago  (635+ words) A newly identified malware cluster known as Ghost Shell has been found actively targeting Ukraine's drone operations and its broader defense supply chain. The campaign uses a sophisticated combination of techniques, including a mutual TLS implant and a Telegram-based dead-drop…...

1+ week, 5+ hour ago  (414+ words) Hazy Beacon, tracked as CL-STA-1020, is a stealthy cyber-espionage campaign targeting Southeast Asian government networks by abusing AWS Lambda Function URLs as covert command-and-control (C2) relays. Traditional malware relied on attacker-owned servers for communication, which defenders could block using IP or…...

1+ week, 7+ hour ago  (426+ words) CISA has issued an urgent advisory warning organizations to secure their Fortinet devices following reports of a large-scale credential exposure campaign known as "Forti Bleed." The alert comes after threat actors were found exploiting compromised credentials linked to tens of…...

1+ week, 2+ day ago  (380+ words) Originally uncovered by security researcher Volodymyr "Bob" Diachenko and subsequently analyzed by Hudson Rock, this dataset reveals a highly automated, industrial-scale operation targeting Forti Gate devices and SSL VPN gateways on an unprecedented global scale. The group systematically swept the…...

1+ week, 2+ day ago  (503+ words) Threat actors have been abusing Valve's Steam Workshop since late 2025, embedding malware inside Wallpaper Engine application wallpapers to hijack active Steam sessions and infect victims with backdoors, infostealers, and crypto miners, with 89% of targets located in China, according to a…...