Security news.
Today's cybersecurity landscape is marked by critical vulnerabilities and widespread breaches. A new Linux kernel zero-day, "Dirty Frag," allows local privilege escalation, while CISA has added an Ivanti EPMM flaw to its Known Exploited Vulnerabilities Catalog, urging federal agencies to patch immediately. Several data
New Linux 'Dirty Frag' Zero-Day Gives Root on All Major Distros
A new Linux kernel zero-day exploit, "Dirty Frag," allows local attackers to gain root privileges on most major Linux distributions with a single command.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added CVE-2026-42208, a BerriAI LiteLLM SQL Injection Vulnerability, to its KEV Catalog, citing evidence of active exploitation.
CISA Gives Feds Four Days to Patch Ivanti Flaw Exploited as Zero-Day
CISA has mandated U.S. federal agencies patch a high-severity Ivanti Endpoint Manager Mobile (EPMM) vulnerability (CVE-2026-6973) within four days, as it is being actively exploited as a zero-day.
Canvas Breach Disrupts Schools & Colleges Nationwide
The ShinyHunters extortion group defaced Canvas login portals for thousands of educational institutions, threatening to leak data from 275 million students and faculty.
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
Hackers gained the ability to modify operational parameters at five water treatment plants, posing a direct risk to public water supply.
Trellix Source Code Breach Claimed by RansomHouse Hackers
The RansomHouse threat group has claimed responsibility for the Trellix source code repository breach, leaking images as proof of intrusion.
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
A new Brazilian banking trojan, TCLBANKER (REF3076), is targeting 59 banking, fintech, and cryptocurrency platforms and spreads via WhatsApp and Outlook worms.
Zara Data Breach Exposed Personal Information of 197,000 People
Hackers accessed Zara's databases, stealing data belonging to over 197,000 customers, according to Have I Been Pwned.