Security news.
Today's security news is dominated by critical vulnerabilities and ongoing cyberattacks. Multiple Linux kernel flaws, including a new "Dirty Frag" zero-day, pose significant privilege escalation risks, while the education sector faces widespread disruption from the ShinyHunters group targeting Instructure's Canvas plat
cPanel, WHM Release Fixes for Three New Vulnerabilities
cPanel has issued updates to address three vulnerabilities (CVE-2026-29201 among others) that could lead to privilege escalation, code execution, and denial-of-service.
ShinyHunters Claims Second Attack Against Instructure
The ShinyHunters group has launched another attack on edtech company Instructure, impacting the Canvas learning management system and potentially exposing PII for hundreds of millions.
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
A new Brazilian banking trojan, TCLBANKER (tracked as REF3076), is targeting 59 banking, fintech, and cryptocurrency platforms, spreading via WhatsApp and Outlook worms.
NVIDIA confirms GeForce NOW data breach affecting Armenian users
NVIDIA has confirmed a data breach affecting GeForce NOW users in Armenia, exposing user information.
Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag
A new Linux kernel local privilege escalation vulnerability, "Dirty Frag," has been disclosed, allowing local attackers to gain root privileges on most major Linux distributions.
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
CISA has mandated federal agencies patch a high-severity Ivanti Endpoint Manager Mobile (EPMM) vulnerability (CVE-2026-6973) within four days due to active zero-day exploitation.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added CVE-2026-42208, a BerriAI LiteLLM SQL Injection Vulnerability, to its KEV Catalog based on evidence of active exploitation.
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
Hackers gained access to Industrial Control Systems at five Polish water treatment plants, enabling them to modify operational parameters and posing a direct risk to public water supply.