Geek-Guy.com

Category: Network Security

Auto Added by WPeMatico

[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)

This is a Guest Diary by Gokul Prema Thangavel, an ISC intern as part of the SANS.edu Bachelor Degree Program. Introduction The SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 is one of the most-observed Outlaw / Shellbot artifacts on the public internet. VirusTotal first ingested it on 5 July 2018 [2]. It is the SHA-256 of the authorized_keys file written…

New infosec products of the week: May 15, 2026

Here’s a look at the most interesting products from the past week Alation, Apricorn, Versa Networks, and TrustCloud. The questionnaire-based TPRM model is broken, and TrustCloud has a fix TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every…

AI agent finds 18-year-old remote code execution flaw in Nginx

Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE-2026-42945, the vulnerability is one of 4 bugs found…

The Massive Canvas Cyberattack That Allegedly Ended in a Secret Deal With Hackers

The cyberattacks targeting Instructure’s Canvas learning management system unfolded as at least two distinct but likely connected operational phases that exposed the fragility of browser-based SaaS trust models inside modern educational infrastructure. What began in late April as a suspected cloud-platform compromise involving large-scale data exfiltration evolved by early May into a far more aggressive…

Regional routing for AWS access portals: Implementing custom vanity domains for IAM Identity Center

AWS IAM Identity Center provides a web-based access portal that gives your workforce a single place to view their AWS accounts and applications. With the recent launch of IAM Identity Center multi-Region replication, customers can replicate their IAM Identity Center instance across multiple AWS Regions to improve resilience and reduce latency for a globally distributed…

Meet Fragnesia, the third Linux kernel vulnerability in a month

Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs, head of incident response firm DigitalDefence, told CSO. “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by…

White House cyber official: identity security matters more than ever in the age of AI

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI…

U.S. CISA adds a flaw in Cisco Catalyst SD-WAN  to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Cisco fixed CVE-2026-20182, a flaw in SD-WAN control…

Linux Kernel bug Fragnesia allows local root access attacks

Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The flaw affects the XFRM ESP-in-TCP subsystem and could allow local attackers to gain full root access…

Automating post-quantum cryptography readiness using AWS Config

Migrating your TLS endpoints to Post-quantum cryptography (PQC) starts with understanding your current TLS endpoint inventory and posture. This post introduces the PQC Readiness Scanner — an automated tool that inventories your Application Load Balancer (ALB), Network Load Balancer (NLB), and Amazon API Gateway endpoints and continuously monitors their TLS configurations for PQC readiness. The…

CVE-2026-46300: Fragnesia Linux Kernel Flaw Grants Root via Page Cache Corruption

Local privilege-escalation bugs remain especially dangerous when they turn an ordinary user foothold into immediate root access. The CVE-2026-46300 vulnerability, nicknamed Fragnesia, is a high-severity Linux kernel flaw in the XFRM ESP-in-TCP subsystem that allows an unprivileged local attacker to write arbitrary bytes into the page cache of read-only files and escalate privileges. Public reporting…

LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises

Credential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especially dangerous because they target the operational arteries of organizations, harvesting credentials that enable deeper compromise, business email compromise (BEC), financial fraud, cloud account takeover, and long-term…

PraisonAI vulnerability gets scanned within 4 hours of disclosure

A newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory dropped, a scanner identifying itself as “CVE-Detector/1.0” was already looking through the exposed PraisonAI instances…

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign

Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compromised entry point three separate times between late December 2025…

Vector embedding security gap exposes enterprise AI pipelines

Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to embedding services and vector databases over ordinary HTTPS connections. Data loss prevention products scan documents and network traffic, and…

Reinvent Debuts REVIVE Command Center for Partners

Reinvent Telecom, a technology ecosystem platform provider, has announced the launch of REVIVE, a unified command center for partners to manage their Reinvent-powered technology businesses. Platform centralizes customer accounts, services records, and more REVIVE provides partners with a centralized way to manage customer accounts, access solution information, monitor services, and support ongoing customer needs through…

Researchers say AI just broke every benchmark for autonomous cyber capability

Two of the most advanced artificial intelligence models — Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 — have significantly surpassed the already-accelerating pace at which AI systems are completing autonomous cybersecurity tasks, according to separate findings published Wednesday by the United Kingdom’s AI Security Institute (AISI) and Palo Alto Networks. The AISI, which conducts pre-deployment…

Nearly every enterprise is investing in AI, but only 5% say their data is ready

Nearly halfway into 2026, enterprises are beginning to see tangible returns on their AI investments. Yet many are discovering that scaling requires something far less glamorous than flashy frontier models and state-of-the-art benchmarking: Clean, interoperable, governed data. According to a new AI Momentum Survey from Dun & Bradstreet, 97% of organizations report active AI initiatives,…

Detecting and preventing crypto mining in your AWS environment

This article guides you on how to use Amazon GuardDuty to identify and mitigate cryptocurrency mining threats in your Amazon Web Services (AWS) environment. You’ll learn about the specialized detection capabilities of GuardDuty and best practices to build a multi-layered defense strategy that protects your infrastructure costs and security posture. Understanding the crypto mining challenge…

Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming

Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft…

Weaponized AI: The new frontier of fraud and identity spoofing

Today’s enterprise executives are navigating a complex landscape of AI-driven challenges, but none is more urgent than the rapid escalation of AI-generated fraud. Fraudsters are weaponizing generative AI to automate impersonation and mass-produce synthetic identities at a scale and pace that is rendering enterprises’ long-standing defenses obsolete. This is no longer a slow-moving game of…

Cyberattack: First they come for Foxconn, then they come for you

Apple’s key manufacturing partner Foxconn has confirmed its US factories suffered a ransomware attack in recent days after the gang responsible claimed to have stolen 8TB of data from the company — including confidential Apple information. This isn’t the first attack to hit Foxconn, and such is the scale and value of the company that it is unlikely…

NVIDIA NemoClaw Research Highlights AI Sandbox Exfiltration Risks

Researchers at Lasso have found that sandboxing autonomous AI agents may not be enough to stop sensitive data theft after demonstrating multiple exfiltration techniques against NVIDIA’s NemoClaw and OpenShell environments.  The findings show how attackers can abuse trusted tools and approved outbound connections to quietly steal credentials, manipulate agent behavior, and maintain persistence inside AI…

Daybreak is OpenAI’s answer to the AI arms race in cybersecurity

OpenAI has unveiled Daybreak, a cybersecurity initiative that combines the company’s large language models with its Codex agentic framework to help organizations identify, patch, and validate software vulnerabilities across the development lifecycle. The platform is built around three model tiers: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive security workflows,…

Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations

CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. Quest KACE SMA is an on-premises endpoint management platform…

LW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push back

By design. Two words that have done an awful lot of heavy lifting in the cybersecurity industry over the years. They tend to surface whenever a vendor wants to wave off a serious finding without fixing it. Related: The unending password problem Microsoft just deployed them again. This time in response to a Norwegian researcher…

Palo Alto bets on identity security for autonomous AI with Idira launch

Palo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security platform that goes beyond traditional privileged access management (PAM) systems by applying dynamic privilege…

CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory

The US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 cyber agency partners have released a list of minimum elements for an AI software bill of materials, a move that could help CISOs assess the security and provenance of AI systems entering enterprise environments. The guidance extends traditional SBOM concepts into AI by calling…

Microsoft’s agentic security system found four critical Windows RCE flaws

Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH architecture diagram (Source: Microsoft) Two of the four flaws — CVE-2026-40361 and CVE-2026-40364 — were deemed by…

[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)

[This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor’s degree in Applied Cybersecurity (BACS) program.]   Introduction One day at work, a friend messaged me, “How do you check a website to see if it’s legit?” This friend recently received a phishing text message from a “bank”,…

Researchers open-source a Wi-Fi cyber range for security training

Wireless security training programs lean heavily on generic network labs, with Wi-Fi appearing as a checkbox alongside Bluetooth, Zigbee, and cellular. Hands-on environments dedicated to IEEE 802.11 are uncommon, even as Wi-Fi remains the default on-ramp to corporate networks and a recurring entry point for attackers. A new paper from researchers at the Norwegian University…

May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA

Critical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company. Some in cloud-based services like Azure and Microsoft Teams have already been fixed, so no admin…

‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack

A rapidly spreading malware campaign has infected hundreds of software packages across major open-source registries, embedding credential-stealing code into development tools downloaded millions of times a week. The attack, referred to as “mini Shai-Hulud,” targeted prominent software libraries, including TanStack, UiPath, and MistralAI. TanStack’s React Router package alone accounts for more than 12 million weekly…

AWS Security Agent full repository code scanning feature now available in preview

Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent can now find vulnerabilities and build working exploits across your entire code base at a…

Hackers accessed BWH Hotels reservation system for months

BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH…

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a routing library hugely popular among React web application developers. Multiple…

Over 1 Million Baby Monitors and Security Cameras Exposed Through Meari Flaws

More than one million internet-connected baby monitors and security cameras were reportedly exposed through multiple vulnerabilities tied to Meari Technology.  The flaws potentially allowed attackers to access sensitive images, device data, and real-time household activity from around the world.  “What makes this story especially frustrating is that it highlights one of the hardest problems in…

What works against Mythos today is what worked against ransomware 5 years ago, and malware 10-15 years ago

Mythos completely changed the game, except, in most ways, it didn’t. It isn’t creating entirely new security problems, it simply makes existing problems much easier to exploit at scale. Yes, AI will increase breaches by making attacks faster and cheaper, but the way companies defend themselves hasn’t fundamentally changed. The organizations best prepared for AI-driven…

Banks Face a Growing AI Risk at the Database Layer

Financial institutions are rapidly deploying AI, but new research suggests many banks may be securing the wrong layer of the stack.  Liquibase researchers warn that while organizations focus heavily on AI models and APIs, the database layer may be one of the most exposed parts of modern financial infrastructure.  “Governance for agents has to move…

Enabling AI sovereignty on AWS

Cloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing business processes and enriching public services. At Amazon Web Services (AWS), we believe that for the cloud and AI to reach their full potential, customers need control over their data and choices for how and…

Palo Alto Networks Targets AI Identity Risks with Idira

Palo Alto Networks is expanding its identity security business with the launch of Idira, a platform designed to secure human users, machine identities, and autonomous AI agents as enterprises face growing identity-related cyber risk.  The company also named Oracle veteran Sonny Singh to lead the business, signaling a broader push around identity security for AI-driven…

OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos

OpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise security ecosystem. The company said Daybreak is focused on accelerating cyber defense operations and enabling organizations to secure software…

OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos

OpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise security ecosystem. The company said Daybreak is focused on accelerating cyber defense operations and enabling organizations to secure software…

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria. “TrickMo relies on a runtime-loaded APK  (dex.module),

SonicWall Expands Security Platform With Cloud-Focused NSv XS

SonicWall is expanding its Gen 8 security platform beyond physical appliances with the launch of the NSv XS, a new virtual firewall designed for managed service providers (MSPs) and managed security service providers (MSSPs). Gen 8 security platform expands to virtual environments Announced Tuesday, the NSv XS brings SonicWall’s Gen 8 protections into cloud and…

Fake Claude Code takes the IElevator to your browser secrets

Developers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is designed to evade detection, recover browser encryption material, and steal sensitive data from developer systems. “Developers…

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among the issues. Taken together, the security flaws open the door to various attacks: poisoning cached DNS entries,…

Developer workstations are the new beachhead

I spent the first week of April reading three separate threat intelligence reports that, on the surface, had nothing in common. One covered a North Korean campaign that had published over 1,700 malicious packages across five open-source ecosystems. Another detailed a malware operation using a Zig-compiled binary to silently infect every IDE on a developer’s…

AI is separating the companies built to scale from the ones built to sell

If you had time to walk the expo floor at this year’s RSA Conference, it was impossible to miss the shift in our industry. Artificial intelligence has moved from an emerging layer to the foundation of what powers cybersecurity companies. But from our vantage point as investors who work closely with founders and operators, the bigger…

WannaCry, the ransomware attack that changed the history of cybersecurity

WannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant events in recent cybersecurity history, not only for its global scale but also…

Why patching SLAs should be the floor, not the strategy

I’ve been a CISO for two separate companies, know several CISOs personally, and interact with many others through various cybersecurity forums. We all have one thing in common. We can tell you our patching SLA numbers off the top of our heads. Ninety-five percent of criticals closed in 14 days. Eighty-something on highs. The board…

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it “reached an agreement with the unauthorized…

Android banking Trojan TrickMo evolves using TON network for C2

ThreatFabric found a new TrickMo Android trojan focused on stealth and persistence, moving its command-and-control traffic to the TON network. Security researchers at ThreatFabric have recently identified a new version of TrickMo, a dangerous Android banking trojan that shows how malware operators are focusing less on flashy new features and more on improving stealth, flexibility,…

Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched

Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community. The idea of a kill switch for privileged operators has been suggested by…

Best RMM Software for MSPs in 2026: Features & Pricing

Remote monitoring and management (RMM) software is an IT management solution that allows MSPs to remotely monitor, manage, and maintain client IT environments. They provide visibility into device health and performance, help teams identify and proactively address issues, and streamline day-to-day IT operations. The best RMM software platforms typically include core features such as remote…

Claude Code MCP Attack Enables Persistent Token Theft

AI coding assistants are becoming deeply integrated with enterprise SaaS platforms, but new research shows those connections may introduce hard-to-detect credential theft risks.   Researchers demonstrated a MitM attack targeting Anthropic’s Claude Code that abuses MCP integrations to steal OAuth tokens and maintain persistent access to connected SaaS platforms and APIs.  “AI agents used for code…

CVE-2026-43500 and CVE-2026-43284: Dirty Frag Linux Privilege Escalation Flaw Raises Post-Compromise Risk

Linux local privilege escalation bugs remain especially dangerous when they turn a limited foothold into full root access. The CVE-2026-43500 vulnerability is the RxRPC half of the Dirty Frag exploit chain, which Microsoft says is already linked to limited in-the-wild post-compromise abuse, while Qualys describes it as a page-cache write issue that can let an…

Complimentary virtual training: Get hands-on with AWS Security Services

If you’re looking to strengthen your organization’s security posture on Amazon Web Services (AWS) but aren’t sure where to start, then we’re here to help. Security Activation Days are complimentary, virtual, hands-on workshops designed to help you get practical experience with AWS security services in a single session. What to expect Each Security Activation Day…

TD SYNNEX Adds BCM One Voice and UCaaS Services

TD SYNNEX is adding more communications firepower to its partner ecosystem through a new partnership with BCM One, bringing voice, network services, and white-label UCaaS into the mix. Through the agreement, partners can now offer Pure IP’s global voice and network services alongside SkySwitch’s white-label UCaaS platform. It makes it much easier to integrate communications…

Poor security left hackers inside water company network for nearly two years

The UK’s data protection regulator, the Information Commissioner’s Office (ICO), fined South Staffordshire Water’s parent company £963,900 over security failures linked to a cyberattack that exposed the personal data of 633,887 people. According to the ICO, the South Staffordshire breach began in September 2020 with a phishing email that tricked an employee into opening a…

Google warns artificial intelligence is accelerating cyberattacks and zero-day exploits

Google says hackers now use AI to create exploits, automate attacks, evade defenses, and target AI supply chains at scale. Artificial intelligence is rapidly changing the cyber threat landscape, and a new report from the Google Cloud Threat Intelligence team highlights how attackers already use AI to improve vulnerability exploitation and gain initial access to…

Google discovers weaponized zero-day exploits created with AI

The Google Threat Intelligence Group (GTIG) today released evidence of a zero-day exploit developed by a cybercriminal group with the help of AI. It marks the first time the security research group has identified what it believes to be an AI-crafted zero-day exploit in the wild. While evidence of threat actors using AI models for…

Virtuozzo Targets AI Infrastructure Costs With New Platform

As companies race to build AI services without drowning in infrastructure costs, Virtuozzo says it wants to make the process leaner, faster, and far less complicated. The infrastructure software company on Monday unveiled its new vision for AI infrastructure, introducing what it calls a fully integrated system designed to help businesses run AI workloads more…

Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue

German authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A special unit of the Spanish National Police arrested the suspected 35-year-old German operator at his residence in Mallorca under a European Arrest Warrant. The suspect is accused of operating criminal trading…

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

A malicious Hugging Face repository posing as an OpenAI release delivered infostealer malware to Windows systems and logged 244,000 downloads before being removed, raising fresh concerns about how enterprises source and validate AI models from public repositories. The repository, named Open-OSS/privacy-filter, impersonated OpenAI’s legitimate Privacy Filter release, copied its model card almost word-for-word, and included…

New ‘Dirty Frag’ exploit targets Linux kernel for root access

A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerabilities constituting the issue, affecting Linux kernel networking and memory-fragment handling components, are already seeing active exploitation in the wild. The exploitation attempts look indistinguishable from the…

Crimenetwork returns after takedown, dismantled again by German authorities

German police shut down a revived Crimenetwork marketplace with 22,000 users and 100+ sellers months after the original takedown. German police dismantled a resurrected version of the German-language cybercrime marketplace Crimenetwork, just months after the original platform was taken down. The second iteration of the site had already attracted more than 22,000 users and over…

AI security is repeating endpoint security’s biggest mistake

The security industry is experiencing déjà vu, and most teams haven’t recognized it yet. If you were in the trenches during the early 2000s, you remember the antivirus arms race. IT teams buried under signature updates. Configuration baselines checked obsessively. Patch cycles treated as the primary defense. Meanwhile, attackers pivoted. They wrote malware that matched…

U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. At the end of April, attackers rapidly exploited the critical…

1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution

We find ourselves teetering upon a precipice of our own unwitting construction, and the vertiginous depth of our collective negligence ought to give every security practitioner profound pause. In our headlong rush to deploy AI agents across enterprise environments, we have erected an infrastructure so thoroughly unfortified that it beggars belief. The Model Context Protocol,…

Security Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence Braintrust security incident…

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malicious code can steal credentials, log keystrokes, manipulate files, monitor clipboard activity, and create network tunnels…

How Inefficient MSP Service Desks Drive Burnout

As MSP service desk operations become increasingly complex, inefficiency has emerged as a major contributor to technician burnout. Fragmented ticketing systems, overloaded inboxes, and overly complex workflows can demoralize teams and ultimately lead to burnout. At the same time, MSP teams are managing growing ticket volumes and alert fatigue as businesses become more interconnected and…

GTT Channel Exec on 2026 Platform Strategy & Market Trends

GTT says growing AI and security demands are pushing enterprise customers to seek simpler technology strategies and closer partner relationships.  Sara Seegers, GTT’s channel chief, spoke with Channel Insider about the company’s platform-based approach to technology and how channel partners remain a core face of GTT’s growth strategy. GTT continues to serve partners seeking simplicity …

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

Nearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromised following a cyberattack on a former technology provider used by Inditex, the Spanish fashion giant behind some of the world’s most recognized retail brands…

Cisco Reveals Security Gaps in Vision Language Models

Vision language models (VLMs) continue to expand the capabilities of artificial intelligence by combining image and text understanding into a single system.  However, recent research from Cisco into typographic prompt injection attacks highlights significant weaknesses in how these models interpret and secure visual information.  The second installment of Reading Between the Pixels explores how small…

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. “QLNX targets developers and DevOps credentials across the software supply chain,”

Your CTEM program is probably ignoring MCP. Here’s how to fix it

Model Context Protocol (MCP) is the connective tissue of modern AI tooling and has quietly become one of the most significant blind spots in modern security programs. Like shadow IT before it, shadow AI — especially as it relates to MCP risk — introduces a new class of exposures that security teams lack adequate tooling…

Pen tests show AI security flaws far more severe than legacy software bugs

Penetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems. Security consultancy Cobalt’s annual State of Pentesting Report reveals that 32% of all AI and large language model (LLM) findings are rated as high risk — nearly 2.5 times the rate (13%) of severe flaws found…