Security news.
Today's security news highlights critical vulnerabilities and ongoing cybercrime operations. Several reports detail active exploitation of flaws in popular software, alongside widespread phishing and malware campaigns by various threat groups. Law enforcement also announced significant disruptions to cybercriminal infrastructure.
Google Gemini Voice Assistant Vulnerability
A flaw allowed attackers to hijack Google Gemini's voice assistant via messaging notifications, potentially controlling smart home devices or initiating calls.
Mirasvit Magento Vulnerability Exploited
A critical vulnerability (CVE-2026-45247) in the Mirasvit Full Page Cache Warmer extension for Magento is being actively exploited to execute code without authentication. CISA has added this to its KEV catalog.
Cisco Warns of Critical Unified CM Flaw with PoC
Cisco has issued updates for a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges, with proof-of-concept exploit code now available.
VS Code Vulnerability Allows GitHub Token Theft
A one-click vulnerability in Microsoft Visual Studio Code (VS Code) could allow attackers to steal GitHub OAuth tokens, granting read and write access to repositories.
China-Linked TA4922 Expands Phishing Attacks
The China-linked cybercrime group TA4922 is expanding its phishing and malware distribution campaigns, now targeting organizations in the UK, Germany, Italy, and South Africa with tools like ValleyRAT and Atlas RAT.
FlutterShell Backdoor Spreads to macOS via Malicious Ads
A malvertising campaign, "Operation FlutterBridge," is distributing the new FlutterShell backdoor to macOS users through malicious Google and YouTube ads.
1.4 Million Accounts Disrupted in Cybercrime Crackdown
Law enforcement and tech companies have disrupted infrastructure linked to scammers operating across Southeast Asia, impacting over 1.4 million accounts.
Hackers Spied on Stock Exchange Executive's Mailbox
Attackers maintained access to a senior executive's Outlook mailbox at a major global stock exchange for five months, exfiltrating data through cloud services like Dropbox and OneDrive.