Gitea, Zimbra Exploited; AI Dev Secrets Targeted in New Attacks

Publication Date: July 12, 2026

Summary

This daily cybersecurity summary highlights critical vulnerabilities and emerging threats impacting software development and enterprise systems. **Gitea** is under active exploitation for unauthorized access, with an update to version 1.26.3 recommended to address CVE-2026-20896. Similarly, **Zimbra** has released version 10.1.19 to patch a critical stored XSS flaw (CVE-2026-20896) allowing account takeover via email, a vulnerability of concern due to potential nation-state actor involvement.

Supply chain attacks remain a significant concern. The **jscrambler** npm package was hijacked, deploying an infostealer targeting cloud and AI development secrets. A new multi-stage Trojan is also compromising **Visual Studio** projects, turning development workflows into attack vectors. A novel 'Ghostcommit' attack embeds malicious prompts in PNG files to fool AI agents, posing a threat to AI-assisted development. Australia has warned of a global campaign targeting unpatched **CMS platforms** with webshells, while CISA has added two actively exploited **Joomla** plugin flaws to its KEV catalog.

Hardware security is also in focus, with a critical **Dell BIOS** flaw (CVE-2026-40639) allowing plaintext password recovery and multiple critical vulnerabilities in **U-Boot** potentially bypassing Secure Boot on millions of devices.

On the regulatory front, the **European Central Bank** has ordered banks to submit AI cyber-defense plans by October 31st. In response to rising threats, **Canada** has deployed national cybersecurity sensors to protect its northern governments. Meanwhile, the **'The Gentlemen' ransomware group** has claimed an attack on Czech energy firm Energon, continuing its active campaign.

Today New Articles

Jscrambler NPM Package Hijacked in Supply Chain Attack, Deploys Infostealer Targeting Cloud & AI Dev Secrets

A supply chain attack hit the popular `jscrambler` npm package, with malicious versions published to the registry using a compromised maintainer credential. These versions contained a Rust-based infostealer designed to steal developer credentials from cloud se...


Australia Warns of Global Campaign Targeting Unpatched CMS Platforms with Webshells

The Australian Cyber Security Centre (ACSC) has issued a high-priority alert about a large-scale global campaign exploiting at least 17 known vulnerabilities in popular Content Management Systems (CMS) like WordPress and Joomla, and their plugins. Attackers ar...


Novel 'Ghostcommit' Attack Hides Malicious Prompts in PNG Files to Fool AI Agents

Researchers have unveiled 'Ghostcommit,' a novel proof-of-concept supply chain attack that embeds malicious prompt-injection instructions inside PNG image files. This technique bypasses text-based AI code reviewers, tricking automated AI coding agents into rea...


Critical Dell BIOS Flaw Allows Plaintext Password Recovery in Milliseconds

A critical vulnerability, **CVE-2026-40639**, has been disclosed in the BIOS of numerous Dell client platforms, including Latitude, XPS, and Wyse devices. A weak XOR encryption scheme allows attackers with physical access to read the SPI flash chip and recover...


ECB Orders Banks to Submit AI Cyber-Defense Plans by October 31

The European Central Bank (ECB) has ordered all major banks under its supervision to create and submit formal action plans detailing how they will mitigate cyber risks from advanced AI models. Citing the threat of AI-accelerated attacks that can discover and e...


'The Gentlemen' Ransomware Group Claims Attack on Czech Energy Firm Energon

The ransomware group known as 'The Gentlemen' has claimed responsibility for a cyberattack on Energon, a major energy services and sustainable technology company in the Czech Republic. The group listed the firm on its data leak site on July 10, 2026, threateni...


CISA Adds Two Actively Exploited Joomla Plugin Flaws to KEV Catalog

On July 10, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities affecting Joomla components to its Known Exploited Vulnerabilities (KEV) catalog, signaling they are under active exploitation. The flaws, CVE-2026-489...


Canada Deploys National Cybersecurity Sensors to Protect Northern Governments

Canada's Communications Security Establishment (CSE) is now operating cybersecurity sensors across the IT systems of all three of its northern territories—Yukon, Northwest Territories, and Nunavut. The deployment, completed in 2024, aims to block malicious act...


New Multi-Stage Trojan Targets Visual Studio Projects in Supply Chain Attack

A new multi-stage Trojan is targeting software developers by embedding itself within Microsoft Visual Studio projects. According to reports from July 11, 2026, the malware turns the development workflow itself into a vector for a software supply chain attack....


Multiple Critical Vulnerabilities in U-Boot Weaken Secure Boot on Millions of Devices

Security researchers have disclosed six vulnerabilities in the widely used Das U-Boot bootloader, some of which are critical and could allow attackers to bypass Secure Boot and execute arbitrary code before the main operating system loads. The flaws, which inc...

Article Updates

Critical Gitea Docker Flaw Actively Exploited for Unauthorized Access

Update:Sysdig researchers have independently confirmed active exploitation of the critical Gitea authentication bypass (CVE-2026-20896), detected just 13 days post-disclosure. The new report specifies that users must update to Gitea Docker image version 1.26.3 or new...


Urgent Patch Advisory: Critical Stored XSS Flaw in Zimbra Allows Account Takeover via Email

Update:Zimbra has released version 10.1.19 of its Collaboration Suite, providing a critical patch for the previously reported stored XSS vulnerability in the Classic Web Client. The flaw, which allows account takeover via a crafted email, was discovered by Google's T...