Security news.
Today's security landscape is marked by critical zero-day exploits and state-sponsored cyber activity. A Windows privilege escalation zero-day has been publicly leaked, while Microsoft links a Medusa ransomware affiliate to zero-day attacks, and Iran-linked groups target Israeli organizations.
Windows "BlueHammer" Zero-Day Exploit Leaked
A researcher has publicly released exploit code for an unpatched Windows privilege escalation flaw, allowing attackers to gain SYSTEM or elevated administrator permissions.
Microsoft Links Medusa Ransomware Affiliate to Zero-Day Attacks
Microsoft reports that Storm-1175, a China-based cybercriminal group deploying Medusa ransomware, is actively using n-day and zero-day exploits in high-velocity attacks.
Iran-Linked Group Targets 300+ Israeli Microsoft 365 Orgs
An Iran-nexus threat actor is suspected of conducting a password-spraying campaign against over 300 Microsoft 365 environments in Israel and the U.A.E.
Fortinet Rushes Emergency Fix for Exploited Zero-Day
Fortinet has released emergency fixes for an improper access control bug in FortiClient EMS (CVE-2026-35616) that allows unauthenticated attackers to execute arbitrary code remotely, which CISA has added to its KEV catalog.
DPRK-Linked Hackers Use GitHub as C2 in South Korea Attacks
Threat actors likely associated with North Korea are using GitHub as command-and-control infrastructure in multi-stage attacks targeting organizations in South Korea, starting with obfuscated LNK files.
Drift Protocol's $280M Crypto Theft Linked to 6-Month In-Person Operation
The recent $280+ million hack of Drift Protocol was reportedly the result of a meticulously planned, long-term operation that included establishing an "operational presence inside the Drift ecosystem."
Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials from Guardarian users.
Google DeepMind Maps Web Attacks Against AI Agents
Google DeepMind researchers have identified "AI Agent Traps," a vulnerability allowing attackers to manipulate, deceive, and exploit visiting AI agents via malicious web content.