Security news.
Today's cybersecurity news highlights critical vulnerabilities, ongoing state-sponsored attacks, and the evolving landscape of AI in security. A critical SSH client-side flaw has a public PoC, while Russian APTs continue to target Ukraine and messaging apps. Microsoft also removed over 100 malicious Edge extensions.
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
A critical flaw in libssh2 (CVE-2026-55200, CVSS 9.2) allows a malicious SSH server to trigger memory corruption and potential code execution on connecting clients without user interaction.
‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access
A variant of DirtyFrag, the 'DirtyClone' flaw allows unprivileged local users to manipulate the Linux page cache and gain root privileges.
Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
Microsoft has shut down a malicious operation, dubbed "StegoAd," that used 119 Edge extensions to hide payloads in image and font files, later stealing credentials and conducting ad fraud.
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
The Russian APT group Gamaredon has evolved its malware arsenal, launching 35 distinct spear-phishing campaigns against new targets in Ukraine throughout 2025.
US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve
The US has offered a $10 million bounty for information on Russian state hackers UNC5792 and UNC4221, who are targeting US government officials and military personnel via evolving messaging app attacks.
FBI: Russian hackers now target Signal backup recovery keys
Russian intelligence services are now targeting Signal users to steal backup recovery keys, allowing them to access historical messages and take over accounts.
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
CISA has mandated federal agencies patch a Cisco Unified Communications Manager Server vulnerability (CVE-2026-20230) by Sunday, as it is actively being exploited.
Polymarket customers lose $3 million in supply-chain attack
Polymarket is reimbursing customers for an estimated $3 million loss after a supply-chain attack injected a malicious script into the platform's frontend.