Security news.
Critical vulnerabilities dominate today's security landscape, with a 15-year-old OpenSSH flaw enabling root access, multiple actively exploited CVEs added to CISA's KEV catalog, and widespread malware campaigns targeting developers and critical infrastructure. Organizations face mounting pressure from both sophisticated threat actors and the emerging risks posed by AI-powered attack tools.
OpenSSH Flaw Enabling Full Root Access Lurked for 15 Years
A code reuse vulnerability in OpenSSH allowed comma characters in certificate principals to be interpreted as list separators, granting attackers root shell access. This critical flaw went undetected since its introduction.
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog
CISA added CVE-2024-57726 (SimpleHelp missing authorization), CVE-2024-57728 (SimpleHelp path traversal), CVE-2024-7399 (Samsung MagicINFO path traversal), and CVE-2025-29635 (D-Link DIR-823X) to its Known Exploited Vulnerabilities catalog with evidence of active exploitation.
73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Researchers discovered 73 malicious Visual Studio Code extensions on the Open VSX repository cloned from legitimate counterparts, with at least six confirmed to deliver the GlassWorm information-stealing malware.
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
Pro-Ukrainian hacktivist group PhantomCore has actively targeted TrueConf video conferencing servers in Russia since September 2025 using an exploit chain of three vulnerabilities for remote code execution.
Energy and Water Management Firm Itron Breached
Itron, which serves utilities and cities globally, disclosed unauthorized access to internal IT systems discovered on April 13, 2026. The breach impacts critical infrastructure operations.
Pack2TheRoot Linux Vulnerability Enables Privilege Escalation
A race condition in PackageKit allows unprivileged users to escalate privileges and gain root access when installing packages on Linux systems.
UNC6692 Deploys Snow Malware Suite via Microsoft Teams
Threat group UNC6692 uses social engineering and email bombing to deploy the Snow malware family (Snowbelt, Snowglaze, Snowbasin) for persistent access, including browser extensions and backdoors.
FIRESTARTER Backdoor Persists on Cisco Firewall Devices
CISA and UK NCSC warn that FIRESTARTER malware compromised a federal Cisco Firepower device in September 2025 and survives security patches, enabling persistent remote access on critical infrastructure.