A Chinese national executed a spear-phishing campaign targeting NASA employees by impersonating a U.S. researcher. This deception led to the unauthorized sharing of sensitive information related to defense software and export controls. The NASA Office of Inspector General is investigating the incident, which raises concerns about national security and the vulnerability of governmental agencies to social engineering attacks. Such incidents can have serious implications, as they may compromise sensitive technologies and data. The case underscores the need for enhanced cybersecurity measures and employee training to prevent future breaches.
A recently identified vulnerability in Windows has been exploited by APT28, a hacking group linked to Russia, in attacks targeting Ukraine and several EU nations. This flaw allows for zero-click attacks, meaning attackers can compromise systems without any user interaction. The incomplete patch aimed at fixing this vulnerability has raised concerns about its effectiveness, potentially leaving users at risk. The ongoing exploitation of this vulnerability poses a serious threat to sensitive data and national security for affected countries. As this situation evolves, it is crucial for Windows users to stay updated on patches and security advisories.
A significant vulnerability in OpenSSH has been discovered, allowing attackers to gain full root shell access to affected systems. This flaw, which has been present for 15 years, stems from a coding issue that misinterprets comma characters in certificate principals as list separators. As a result, unauthorized users could exploit this vulnerability to escalate privileges and take control of systems. OpenSSH is widely used for secure remote access, making this a serious concern for organizations relying on it for security. Users and administrators are urged to review their systems and apply any available patches to mitigate this risk.
A recently discovered vulnerability, tracked as CVE-2026-6770, allowed attackers to track and fingerprint users of Firefox and the Tor Browser, even when they were using Private Browsing mode. This flaw could bypass Tor's New Identity feature, which is designed to enhance privacy. As a result, both Firefox version 150 and Tor Browser version 15.0.10 have released updates to address this issue. This vulnerability is particularly concerning because it compromises the privacy protections that users rely on, especially those using Tor for anonymous browsing. Users are urged to update their browsers promptly to protect against this tracking risk.
A recently discovered vulnerability in Firefox, tracked as CVE-2026-6770, could allow attackers to fingerprint users of the Tor network. This issue primarily affects users who rely on Firefox and Tor for enhanced privacy and anonymity. Fingerprinting techniques can be used to track users across the internet, undermining the very purpose of using Tor, which is designed to protect user identities. The vulnerability has been addressed in the latest updates, specifically Firefox version 150 and Tor version 15.0.10, which users are strongly encouraged to install promptly. By patching this vulnerability, both Mozilla and the Tor Project aim to reinforce the security measures that protect user privacy online.
Hackread – Cybersecurity News, Data Breaches, AI and More
A flaw in Microsoft Entra's Agent ID allowed for privilege escalation, which could lead to a complete tenant takeover through the misuse of Service Principals. This vulnerability posed a significant risk to organizations using Microsoft Entra, as it could enable attackers to gain unauthorized access to sensitive data and systems. Microsoft has since released a patch to address this issue, ensuring that affected users can secure their environments. It is crucial for companies to apply this update promptly to mitigate potential risks and protect their assets from exploitation. Regular monitoring and security practices should also be reinforced to prevent similar vulnerabilities in the future.
Recent attacks involving malicious browser extensions called 'AiFrame' are targeting users by injecting iframes that display phishing content. These extensions are designed to extract sensitive information from users, posing a significant risk to their online security. The attacks can compromise personal data, making it essential for users to be cautious about the extensions they install. This situation highlights the vulnerability of browser ecosystems, where seemingly benign add-ons can turn out to be harmful. Users are advised to only download extensions from trusted sources and to regularly review the permissions granted to their installed extensions.
A vulnerability known as 'Pack2TheRoot,' tracked as CVE-2026-41651, has been identified in Linux systems, allowing local users to gain root privileges without authorization. This flaw has existed for nearly 12 years and has been rated with a high severity score of 8.8. It enables unprivileged users to install or remove system packages, which could lead to complete control over the system. This issue affects any Linux distribution that utilizes PackageKit, making it a significant concern for users and administrators alike. Given the potential for exploitation, it is crucial for affected parties to take immediate action to secure their systems.
A newly discovered vulnerability known as Pack2TheRoot poses a significant risk to Linux systems by allowing local users to gain root access through the PackageKit daemon. This flaw enables unauthorized users to install or remove system packages, potentially compromising the integrity of the system. The vulnerability could be exploited by anyone with local access to a vulnerable Linux machine, making it a concern for both individual users and organizations that rely on Linux environments. As the flaw can lead to full control over the system, it is crucial for affected users to take immediate action to mitigate risks and secure their systems. Researchers are urging users to monitor their systems closely until a patch is available.
Researchers have identified that over 10,000 instances of the Zimbra Collaboration Suite (ZCS) are exposed to the internet and are vulnerable to ongoing cross-site scripting (XSS) attacks. This security flaw allows attackers to execute malicious scripts in users' browsers, which can lead to unauthorized access to sensitive information. The affected servers could be utilized by various organizations for email and collaboration services, making them prime targets for exploitation. The ongoing nature of these attacks means that users and administrators should take immediate action to secure their systems. Ignoring this vulnerability could lead to severe data breaches and loss of confidential information.
Researchers at Kaspersky have identified a new vulnerability in the Remote Procedure Call (RPC) architecture of Windows. This flaw allows an attacker to set up a counterfeit RPC server, which they can then use to gain elevated privileges on a target system. The implications of this vulnerability are significant, as it could enable attackers to execute malicious actions with higher access rights, potentially compromising sensitive data and system integrity. Organizations using affected systems should be vigilant and consider implementing security measures to defend against this exploitation. The discovery emphasizes the need for regular updates and security practices to mitigate such risks.
A serious security vulnerability in LMDeploy, a toolkit for managing large language models, has been actively exploited less than 13 hours after being made public. This flaw, designated as CVE-2026-33626, has a CVSS score of 7.5 and involves a Server-Side Request Forgery (SSRF) issue, which attackers can use to gain access to sensitive data. This incident poses significant risks for users and organizations that rely on LMDeploy for deploying and serving machine learning models. Given the rapid exploitation of this vulnerability, companies using LMDeploy should take immediate action to safeguard their systems. The swift response from attackers emphasizes the need for stringent monitoring and prompt patching of critical vulnerabilities.
A critical vulnerability in Microsoft SharePoint, identified as CVE-2026-32201, is currently being exploited by attackers. Over 1,300 SharePoint servers exposed to the internet remain at risk, with fewer than 200 instances patched since the last Patch Tuesday. This zero-day spoofing flaw allows unauthorized access, which could lead to significant data breaches or further intrusions. Organizations using SharePoint should prioritize applying available updates to mitigate the risk and secure their systems against ongoing attacks. The situation underscores the urgency for users to remain vigilant and proactive in patch management.
Apple has addressed a significant flaw in iOS that allowed deleted notifications to linger and expose message content. This vulnerability could potentially let others view sensitive information even after users thought they had deleted it. Affected users include anyone running iOS versions prior to the fix, which was rolled out in a recent update. The issue raises concerns about privacy, as it could lead to unintended sharing of personal messages. Apple has encouraged users to update their devices to ensure their information remains secure.
Recent research from Abnormal AI indicates a shift in how cyber attackers operate. Instead of relying on technical exploits, they are now targeting established workflows and the trust that exists within organizations. This means that attackers are using social engineering tactics to manipulate employees into compromise, effectively weaponizing the very relationships that businesses rely on. This trend raises concerns for companies as it highlights the vulnerability of internal processes and trust dynamics. Organizations need to reassess their security measures to address this evolving threat, as traditional defenses may not be sufficient to combat these new tactics.