Security news.
Today's security news highlights several critical vulnerabilities and ongoing threats. Microsoft has confirmed active exploitation of a Windows Shell flaw, while an unpatched privilege escalation technique in Windows, PhantomRPC, remains a concern. Additionally, a critical RCE flaw affects Hugging Face's LeRobot platform, and malicious "sleeper" extensions are being used to distribute GlassWorm malware via Open VSX.
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Microsoft has revised its advisory to confirm active exploitation of CVE-2026-32202, a high-severity spoofing vulnerability in Windows Shell that could allow access to sensitive information.
No Patch for New PhantomRPC Privilege Escalation Technique in Windows
A newly discovered unpatched technique, PhantomRPC, allows a fake RPC server to impersonate target services and elevate privileges to System in Windows.
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
A critical untrusted data deserialization flaw, CVE-2026-25874 (CVSS 9.3), in Hugging Face's LeRobot platform could lead to unauthenticated remote code execution.
Dozens of Open VSX Extension Clones Linked to GlassWorm Malware
Over 70 cloned Open VSX extensions, including six confirmed malicious, are acting as "sleeper" extensions designed to distribute GlassWorm malware.
Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety
Vulnerabilities in Zero Motorcycles and Yadea electric scooters pose physical security and safety risks, including potential for vehicle theft.
Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
German federal prosecutors are investigating alleged cyberattacks on Signal accounts of top officials, with Russia suspected as the perpetrator.
Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak
The ShinyHunters cybercrime group claimed to have stolen 9 million records containing personal information from Medtronic, which the company has now confirmed.
Inside an OPSEC Playbook: How Threat Actors Evade Detection
Threat actors are increasingly publishing structured OPSEC playbooks detailing layered infrastructure, identity separation, and long-term evasion strategies to stay undetected.