Critical Flaws in Linux and Windows Exploited, GitHub RCE, and Major Data Breaches at Medtronic &amp; Udemy

'Copy Fail' (CVE-2026-31431): Critical Linux Kernel Flaw Since 2017 Allows Reliable Local Privilege Escalation

A critical logic flaw in the Linux kernel, dubbed 'Copy Fail' and tracked as CVE-2026-31431, has been disclosed, affecting nearly all major distributions since 2017. Discovered by Theori, the vulnerability allows any unprivileged local user to gain full root privileges with a simple, highly reliable exploit that does not depend on race conditions. This poses a severe risk to multi-tenant environments like cloud hosting, Kubernetes, and CI/CD pipelines. A public proof-of-concept exists, and major Linux vendors are rushing to release patches.

LPEPrivilege EscalationLinux KernelAF_ALGMulti-tenant +1 more

Critical GitHub RCE Flaw (CVE-2026-3854) Allowed Full Server Compromise via Single 'git push'

Critical Command Injection Vulnerability in GitHub (CVE-2026-3854) Exposed Millions of Repositories to RCE

A critical remote code execution (RCE) vulnerability in GitHub, tracked as CVE-2026-3854, has been disclosed by security firm Wiz. The flaw allowed any authenticated user with push access to a repository to execute arbitrary commands on GitHub's backend servers using a specially crafted `git push` command. The bug affected both GitHub.com and self-hosted GitHub Enterprise Server (GHES) instances, potentially leading to the compromise of millions of repositories or full server takeovers. Patches are available, but a high percentage of internet-facing GHES instances remain vulnerable.

GitHubRCECommand InjectionWizSupply Chain +1 more

Critical GitHub RCE Flaw (CVE-2026-3854) Allowed Full Server Compromise via Single 'git push'

Medtronic Confirms Data Breach After ShinyHunters Claims Theft of 9 Million Records and Corporate Data

Medical Tech Giant Medtronic Confirms Security Incident Following Data Theft Claims by ShinyHunters

Medical device manufacturer Medtronic has confirmed it sustained a cybersecurity incident following claims by the ShinyHunters threat group. The group alleged it stole over 9 million records and terabytes of corporate data, issuing a 'pay or leak' ultimatum. Medtronic stated the breach was contained to its corporate IT systems and, due to network segmentation, had no impact on medical products, patient safety, or manufacturing operations. An investigation into the scope of the data access is ongoing.

ShinyHuntersMedtronicData ExtortionHealthcareNetwork Segmentation

Medtronic Confirms Data Breach After ShinyHunters Claims Theft of 9 Million Records and Corporate Data

CISA and Partners Release Joint Guidance for Applying Zero Trust Principles to OT Environments

INFORMATIONAL

US Government Publishes Guide for Zero Trust Adoption in Operational Technology (OT)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Department of War, DOE, FBI, and DOS, has published a comprehensive guide for implementing Zero Trust security principles within Operational Technology (OT) environments. The guidance provides a roadmap for securing critical infrastructure, addressing the unique challenges of OT such as legacy systems, uptime requirements, and the paramount need for physical process safety, especially in the face of threats like Volt Typhoon.

Zero TrustOT SecurityICSCISACritical Infrastructure +1 more

4 min read

CISA and Partners Release Joint Guidance for Applying Zero Trust Principles to OT Environments

Europol IOCTA Report: AI, Encryption, and Data Theft are Fueling an Industrialized Cybercrime Wave

INFORMATIONAL

Europol's 2026 IOCTA Report Highlights Industrialized Cybercrime Driven by AI and Data Extortion

Europol's 2026 Internet Organised Crime Threat Assessment (IOCTA) report warns of an industrialized cybercrime landscape where AI, encryption, and proxies are making attacks faster and more sophisticated. The report highlights a significant shift in ransomware tactics towards data theft and extortion, moving away from pure encryption. It also notes a concerning trend of state-sponsored actors using cybercriminal groups as proxies, blurring the lines between espionage and financially motivated crime.

EuropolIOCTACybercrimeAIRansomware +1 more

4 min read

Europol IOCTA Report: AI, Encryption, and Data Theft are Fueling an Industrialized Cybercrime Wave

ShinyHunters Leaks 1.4 Million Udemy User Records, Including Financial Data, After Failed Extortion

ShinyHunters Leaks Database of 1.4 Million Udemy Users and Instructors Following Failed Ransom Demand

The ShinyHunters cybercrime group has publicly leaked a database containing 1.4 million records from the online learning platform Udemy after a 'pay or leak' extortion attempt failed. The compromised data is extensive, including user and instructor PII, contact information, and sensitive financial payout details like PayPal accounts and bank information. The breach places affected individuals at a high risk of phishing, fraud, and identity theft. Users are advised to reset passwords and enable 2FA.

ShinyHuntersUdemyData BreachExtortionPII +1 more

4 min read

ShinyHunters Leaks 1.4 Million Udemy User Records, Including Financial Data, After Failed Extortion

New Stealthy Python Backdoor 'DEEP#DOOR' Steals Credentials Using Legitimate Tunneling Service

Researchers Uncover 'DEEP#DOOR', a Stealthy Python Backdoor Stealing Credentials

Security researchers from Securonix have discovered a sophisticated, multi-stage Python backdoor named DEEP#DOOR. The malware operates as a full-featured Remote Access Trojan (RAT), beginning with an obfuscated batch script that embeds the Python payload. It disables Windows security controls, establishes persistence through multiple methods (Startup folder, Run keys, Scheduled Tasks, WMI), and uses the legitimate 'bore.pub' tunneling service for stealthy command-and-control and data exfiltration, focusing on browser and cloud credentials.

DEEP#DOORPythonBackdoorRATSecuronix +2 more

New Stealthy Python Backdoor 'DEEP#DOOR' Steals Credentials Using Legitimate Tunneling Service

Updated Articles (4)

Patching Windows Collapse as Time-to-Exploit for Vulnerabilities Shrinks Dramatically

INFORMATIONAL

Time-to-Exploit Shrinks by Half as AI and Cybercrime Industrialization Accelerate Attacks

Fortinet's 2026 Global Threat Landscape Report reveals a dramatic escalation in cyber threats, with a 389% year-over-year increase in ransomware victims in 2025, totaling 7,831 incidents. The report attributes this surge to AI-enabled cybercrime, highlighting tools like WormGPT and FraudGPT. Crucially, the average time-to-exploit for critical vulnerabilities has further compressed to a mere 24-48 hours, down from 4.76 days, demanding an 'industrialized defense' posture. This update reinforces the accelerating threat landscape previously reported by Rapid7, emphasizing the urgent need for rapid patching and AI-driven security solutions to counter sophisticated, fast-moving attacks.

April 10, 2026

patch managementvulnerability managementthreat intelligencen-dayzero-day +2 more

Patching Windows Collapse as Time-to-Exploit for Vulnerabilities Shrinks Dramatically

Unit 42: Frontier AI Models Can Autonomously Find Zero-Days, Posing Major Threat to Software Security

Fracturing Software Security With Frontier AI Models

A Q1 2026 analysis by HITRUST confirms the predicted surge in AI-enabled cyberattacks, moving from theoretical threats to observed reality. Adversaries are leveraging AI for advanced social engineering, including deepfakes and audio impersonation, and exploiting AI systems directly through malicious packages or poisoned models. This trend is significantly compressing the vulnerability-to-exploitation timeline, underscoring the urgent need for adaptive security frameworks to counter these rapidly evolving, sophisticated threats.

April 20, 2026

AIArtificial IntelligenceZero-DayN-DayVulnerability Research +4 more

8 min read

Unit 42: Frontier AI Models Can Autonomously Find Zero-Days, Posing Major Threat to Software Security

Decade-Old OpenSSH Flaw (CVE-2026-35414) Allows Full Root Access, Exploits Hard to Detect

Critical OpenSSH Vulnerability CVE-2026-35414 Grants Root Access Due to Principal Parsing Error

The critical 15-year-old OpenSSH vulnerability, CVE-2026-35414, has now been formally named 'SplitSSHell'. New reports continue to emphasize the severe impact of this flaw, which allows an authenticated attacker to gain stealthy root access via specially crafted SSH certificates. Organizations are strongly urged to update to OpenSSH 10.3 or newer immediately to mitigate this high-severity threat. The core exploitation mechanism and its implications remain consistent with initial disclosures.

April 27, 2026

CVE-2026-35414OpenSSHVulnerabilityRoot AccessRCE +3 more

Decade-Old OpenSSH Flaw (CVE-2026-35414) Allows Full Root Access, Exploits Hard to Detect

CISA Adds Actively Exploited Windows Flaw to KEV Catalog After Botched Patch for APT28 Zero-Day

CISA Adds Actively Exploited Windows Flaw (CVE-2026-32202) to KEV Catalog

New reports from Microsoft and CISA reiterate the active exploitation of CVE-2026-32202, a Windows Shell spoofing vulnerability. The flaw enables NTLM relay attacks by stealing Net-NTLMv2 hashes when a user simply views a folder containing a malicious file. This update clarifies the attack vector and explicitly lists affected systems including Windows 10, 11, and Server. A critical new mitigation recommendation is to enable SMB Signing across the domain to prevent NTLM relay attacks, in addition to patching and blocking outbound SMB traffic.

April 29, 2026