Security news.
Today's cybersecurity landscape highlights critical vulnerabilities and ongoing threat actor activity. Researchers demonstrated new GPU Rowhammer attacks for privilege escalation, while CISA added another actively exploited vulnerability to its catalog. Law enforcement also made strides in identifying ransomware leaders, underscoring the persistent fight against cybercrime.
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
An active campaign is targeting internet-exposed ComfyUI instances to enlist them into a cryptocurrency mining and proxy botnet, using a Python scanner to install malicious nodes.
GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack
Researchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges, with GPUBreach enabling full CPU privilege escalation via GDDR6 bit-flips.
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
The Medusa ransomware group, linked to China-based threat actor Storm-1175, is rapidly exploiting zero-day and N-day vulnerabilities to exfiltrate and encrypt data within days of initial access.
German Police Unmask REvil Ransomware Leader
German authorities have identified Daniil Maksimovich Shchukin, known as "UNKN," as the leader of the GandCrab and REvil ransomware operations, accused of extorting over $2 million.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added CVE-2026-35616, a Fortinet FortiClient EMS Improper Access Control Vulnerability, to its KEV Catalog due to active exploitation.
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw, allowing attackers to gain SYSTEM or elevated administrator permissions.