Critical Flaws in Linux and Windows Exploited, GitHub RCE, and Major Data Breaches at Medtronic & Udemy

Critical 'Copy Fail' Linux Flaw (CVE-2026-31431) Gives Instant Root on Major Distros

A critical logic flaw in the Linux kernel, dubbed 'Copy Fail' and tracked as CVE-2026-31431, has been disclosed, affecting nearly all major distributions since 2017. Discovered by Theori, the vulnerability allows any unprivileged local user to gain full root p...

Critical GitHub RCE Flaw (CVE-2026-3854) Allowed Full Server Compromise via Single 'git push'

A critical remote code execution (RCE) vulnerability in GitHub, tracked as CVE-2026-3854, has been disclosed by security firm Wiz. The flaw allowed any authenticated user with push access to a repository to execute arbitrary commands on GitHub's backend server...

CISA and Partners Release Joint Guidance for Applying Zero Trust Principles to OT Environments

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Department of War, DOE, FBI, and DOS, has published a comprehensive guide for implementing Zero Trust security principles within Operational Technology (OT) environments....

Europol IOCTA Report: AI, Encryption, and Data Theft are Fueling an Industrialized Cybercrime Wave

Europol's 2026 Internet Organised Crime Threat Assessment (IOCTA) report warns of an industrialized cybercrime landscape where AI, encryption, and proxies are making attacks faster and more sophisticated. The report highlights a significant shift in ransomware...

ShinyHunters Leaks 1.4 Million Udemy User Records, Including Financial Data, After Failed Extortion

The ShinyHunters cybercrime group has publicly leaked a database containing 1.4 million records from the online learning platform Udemy after a 'pay or leak' extortion attempt failed. The compromised data is extensive, including user and instructor PII, contac...

New Stealthy Python Backdoor 'DEEP#DOOR' Steals Credentials Using Legitimate Tunneling Service

Security researchers from Securonix have discovered a sophisticated, multi-stage Python backdoor named DEEP#DOOR. The malware operates as a full-featured Remote Access Trojan (RAT), beginning with an obfuscated batch script that embeds the Python payload. It d...

Patching Windows Collapse as Time-to-Exploit for Vulnerabilities Shrinks Dramatically

Update:Fortinet's 2026 Global Threat Landscape Report reveals a dramatic escalation in cyber threats, with a 389% year-over-year increase in ransomware victims in 2025, totaling 7,831 incidents. The report attributes this surge to AI-enabled cybercrime, highlighting...

Unit 42: Frontier AI Models Can Autonomously Find Zero-Days, Posing Major Threat to Software Security

Update:A Q1 2026 analysis by HITRUST confirms the predicted surge in AI-enabled cyberattacks, moving from theoretical threats to observed reality. Adversaries are leveraging AI for advanced social engineering, including deepfakes and audio impersonation, and exploiti...

Decade-Old OpenSSH Flaw (CVE-2026-35414) Allows Full Root Access, Exploits Hard to Detect

Update:The critical 15-year-old OpenSSH vulnerability, CVE-2026-35414, has now been formally named 'SplitSSHell'. New reports continue to emphasize the severe impact of this flaw, which allows an authenticated attacker to gain stealthy root access via specially craft...

CISA Adds Actively Exploited Windows Flaw to KEV Catalog After Botched Patch for APT28 Zero-Day

Update:New reports from Microsoft and CISA reiterate the active exploitation of CVE-2026-32202, a Windows Shell spoofing vulnerability. The flaw enables NTLM relay attacks by stealing Net-NTLMv2 hashes when a user simply views a folder containing a malicious file. Th...