Security news.
Today's security landscape is marked by critical zero-day exploits and significant data breaches. CISA has issued an urgent directive for federal agencies to patch an Ivanti vulnerability, while a new Linux zero-day, "Dirty Frag," poses a widespread privilege escalation risk.
CISA Orders Urgent Patch for Ivanti Zero-Day
CISA has mandated U.S. federal agencies patch a high-severity Ivanti Endpoint Manager Mobile (EPMM) vulnerability (CVE-2026-6973) within four days, as it is actively exploited in zero-day attacks.
New Linux 'Dirty Frag' Zero-Day Grants Root Privileges
A newly disclosed Linux zero-day vulnerability, dubbed "Dirty Frag," allows local attackers to gain root privileges on most major Linux distributions with a single command.
Canvas System Hit by Cyberattack, Disrupting Schools
A cyberattack targeting the Canvas learning management system, used by thousands of schools and universities, caused widespread disruption as students prepared for finals.
Polish Water Treatment Plants Suffer ICS Breaches
The Polish Security Agency reported that hackers breached the Industrial Control Systems (ICS) of five water treatment plants, gaining the ability to modify operational parameters and posing a direct risk to public water supply.
Zara Data Breach Exposes 197,000 Customer Records
Hackers accessed databases of fast-fashion retailer Zara, stealing personal information belonging to over 197,000 customers.
Quasar Linux RAT Targets Developer Credentials
A new Linux implant, Quasar Linux RAT (QLNX), is actively targeting developers' systems to steal credentials, keylog, and perform other post-compromise activities across the software supply chain.
AI Firm Braintrust Suffers Data Breach, Prompts API Key Rotation
AI firm Braintrust experienced a data breach where hackers accessed one of its AWS accounts and compromised AI provider secrets, leading to a recommendation for API key rotation.
Former Govt Contractor Convicted for Wiping Federal Databases
A former federal contractor was found guilty of conspiring to destroy dozens of government databases after being fired from his position.