Gitea, Zimbra Exploited; AI Dev Secrets Targeted in New Attacks
X Composer Copy Block
Use Plain Text first. If your posting workflow supports markdown, use Markdown.
Suggested hashtags (5): #Vulnerability #CyberSecurity #SupplyChainSecurity #Malware #Ransomware
Summary
This daily cybersecurity summary highlights critical vulnerabilities and emerging threats impacting software development and enterprise systems. **Gitea** is under active exploitation for unauthorized access, with an update to version 1.26.3 recommended to address CVE-2026-20896. Similarly, **Zimbra** has released version 10.1.19 to patch a critical stored XSS flaw (CVE-2026-20896) allowing account takeover via email, a vulnerability of concern due to potential nation-state actor involvement.
Supply chain attacks remain a significant concern. The **jscrambler** npm package was hijacked, deploying an infostealer targeting cloud and AI development secrets. A new multi-stage Trojan is also compromising **Visual Studio** projects, turning development workflows into attack vectors. A novel 'Ghostcommit' attack embeds malicious prompts in PNG files to fool AI agents, posing a threat to AI-assisted development. Australia has warned of a global campaign targeting unpatched **CMS platforms** with webshells, while CISA has added two actively exploited **Joomla** plugin flaws to its KEV catalog.
Hardware security is also in focus, with a critical **Dell BIOS** flaw (CVE-2026-40639) allowing plaintext password recovery and multiple critical vulnerabilities in **U-Boot** potentially bypassing Secure Boot on millions of devices.
On the regulatory front, the **European Central Bank** has ordered banks to submit AI cyber-defense plans by October 31st. In response to rising threats, **Canada** has deployed national cybersecurity sensors to protect its northern governments. Meanwhile, the **'The Gentlemen' ransomware group** has claimed an attack on Czech energy firm Energon, continuing its active campaign.
Today New Articles
A supply chain attack hit the popular `jscrambler` npm package, with malicious versions published to the registry using a compromised maintainer credential. These versions contained a Rust-based infostealer designed to steal developer credentials from cloud se...
Australia Warns of Global Campaign Targeting Unpatched CMS Platforms with Webshells
The Australian Cyber Security Centre (ACSC) has issued a high-priority alert about a large-scale global campaign exploiting at least 17 known vulnerabilities in popular Content Management Systems (CMS) like WordPress and Joomla, and their plugins. Attackers ar...
Novel 'Ghostcommit' Attack Hides Malicious Prompts in PNG Files to Fool AI Agents
Researchers have unveiled 'Ghostcommit,' a novel proof-of-concept supply chain attack that embeds malicious prompt-injection instructions inside PNG image files. This technique bypasses text-based AI code reviewers, tricking automated AI coding agents into rea...
Critical Dell BIOS Flaw Allows Plaintext Password Recovery in Milliseconds
A critical vulnerability, **CVE-2026-40639**, has been disclosed in the BIOS of numerous Dell client platforms, including Latitude, XPS, and Wyse devices. A weak XOR encryption scheme allows attackers with physical access to read the SPI flash chip and recover...
ECB Orders Banks to Submit AI Cyber-Defense Plans by October 31
The European Central Bank (ECB) has ordered all major banks under its supervision to create and submit formal action plans detailing how they will mitigate cyber risks from advanced AI models. Citing the threat of AI-accelerated attacks that can discover and e...
'The Gentlemen' Ransomware Group Claims Attack on Czech Energy Firm Energon
The ransomware group known as 'The Gentlemen' has claimed responsibility for a cyberattack on Energon, a major energy services and sustainable technology company in the Czech Republic. The group listed the firm on its data leak site on July 10, 2026, threateni...
CISA Adds Two Actively Exploited Joomla Plugin Flaws to KEV Catalog
On July 10, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities affecting Joomla components to its Known Exploited Vulnerabilities (KEV) catalog, signaling they are under active exploitation. The flaws, CVE-2026-489...
Canada Deploys National Cybersecurity Sensors to Protect Northern Governments
Canada's Communications Security Establishment (CSE) is now operating cybersecurity sensors across the IT systems of all three of its northern territories—Yukon, Northwest Territories, and Nunavut. The deployment, completed in 2024, aims to block malicious act...
New Multi-Stage Trojan Targets Visual Studio Projects in Supply Chain Attack
A new multi-stage Trojan is targeting software developers by embedding itself within Microsoft Visual Studio projects. According to reports from July 11, 2026, the malware turns the development workflow itself into a vector for a software supply chain attack....
Multiple Critical Vulnerabilities in U-Boot Weaken Secure Boot on Millions of Devices
Security researchers have disclosed six vulnerabilities in the widely used Das U-Boot bootloader, some of which are critical and could allow attackers to bypass Secure Boot and execute arbitrary code before the main operating system loads. The flaws, which inc...
Article Updates
Critical Gitea Docker Flaw Actively Exploited for Unauthorized Access
Update:Sysdig researchers have independently confirmed active exploitation of the critical Gitea authentication bypass (CVE-2026-20896), detected just 13 days post-disclosure. The new report specifies that users must update to Gitea Docker image version 1.26.3 or new...
Urgent Patch Advisory: Critical Stored XSS Flaw in Zimbra Allows Account Takeover via Email
Update:Zimbra has released version 10.1.19 of its Collaboration Suite, providing a critical patch for the previously reported stored XSS vulnerability in the Classic Web Client. The flaw, which allows account takeover via a crafted email, was discovered by Google's T...