VulnHub

RubyGems, the popular package manager for the Ruby programming language, has suspended new registrations after more than 500 malicious packages were uploaded during a recent attack. The incident primarily targeted RubyGems itself rather than end users. While the exact motives behind this attack remain unclear, it raises concerns about the security of software supply chains. Developers who rely on RubyGems for their projects may need to be cautious about the integrity of packages they download. This situation underscores the need for ongoing vigilance in monitoring package sources and ensuring that only trusted packages are used in development environments.

Researchers from the Norwegian University of Science and Technology and the University of the Aegean have developed a new open-source Wi-Fi cyber range designed specifically for security training. Unlike typical training programs that treat Wi-Fi as just another component alongside other wireless technologies, this new resource focuses solely on the IEEE 802.11 standard, which is crucial as Wi-Fi is often the primary entry point for cyber attackers targeting corporate networks. This initiative addresses a significant gap in hands-on training environments, providing a dedicated platform for professionals to enhance their skills in defending against Wi-Fi related security threats. By making this tool freely available, the researchers aim to improve the overall security posture of organizations that rely heavily on wireless networks.

The hacking group ShinyHunters has reported that their domain, shinyhunte.rs, was suspended following a series of attacks on the Canvas Learning Management System (LMS). As a result, they have moved their operations entirely to their dark web site, which uses the .onion domain. This shift highlights the ongoing challenges in combating cybercriminal activities, especially those targeting educational platforms. The suspension of their domain could hinder their ability to communicate and distribute stolen data, but it also indicates the persistent nature of such groups in adapting to law enforcement actions. Users of Canvas and other educational institutions should remain vigilant as these incidents can impact the security of sensitive student information.

Fortinet has issued urgent security patches to address two serious vulnerabilities in its FortiSandbox and FortiAuthenticator products. These flaws could allow attackers to execute commands or arbitrary code, posing a significant risk to organizations using these systems. The vulnerabilities affect both security and authentication processes, making them critical to address promptly. Users and administrators are advised to apply the patches immediately to protect their environments from potential exploitation. This situation underscores the need for ongoing vigilance in managing software security and ensuring systems are updated.

Škoda Auto has reported a data breach following a hack of its online shop, which has resulted in the theft of personal information from an undisclosed number of customers. The company, part of the Volkswagen Group, has not revealed specific details about the types of data compromised. This incident raises concerns about the security of online shopping platforms and the sensitivity of customer data stored by automotive companies. Affected customers should be vigilant for potential phishing attempts or identity theft in the wake of this breach. The incident underscores the ongoing risks faced by businesses that handle personal information online.

Pwn2Own Berlin 2026 has reached full capacity for the first time, leading some researchers who were unable to participate to disclose zero-day exploits publicly. These exploits target widely used software and hardware, specifically Firefox and NVIDIA products, as well as various AI platforms. This situation raises concerns for users and companies relying on these technologies, as zero-day vulnerabilities can be exploited by attackers before patches are released. The public disclosure of these vulnerabilities means that organizations need to act quickly to assess their exposure and implement necessary security measures. This incident emphasizes the ongoing arms race between security researchers and hackers in the cybersecurity landscape.

Researchers have discovered that a tokenizer library file used in Hugging Face AI models can be manipulated, allowing attackers to hijack the model's outputs and exfiltrate sensitive data. This vulnerability affects the integrity of AI models hosted on the Hugging Face platform, which are widely utilized in various applications, including natural language processing tasks. If exploited, this could lead to unauthorized access to data processed by these models, posing risks to both developers and end-users. It is crucial for organizations using these models to be aware of this issue and take steps to secure their implementations. The manipulation of a single file demonstrates how even small changes can have significant security implications.

Sasha Levin, a co-maintainer of the Linux kernel, has introduced a proposal for a runtime killswitch designed to disable vulnerable kernel functions temporarily. This mechanism would be accessible through securityfs, allowing system administrators to quickly mitigate risks associated with known vulnerabilities. The proposal aims to provide a practical solution for managing vulnerabilities in the Linux kernel, which is critical given the widespread use of Linux in servers and devices. By enabling a quick response to potential exploits, this initiative could help enhance the security posture of systems utilizing the Linux kernel. The implementation of such a killswitch is especially relevant as cyber threats continue to evolve, targeting vulnerabilities in operating systems.