Today's security news highlights critical vulnerabilities and ongoing cybercrime operations. Several reports detail active exploitation of flaws in popular software, alongside widespread phishing and malware campaigns by various threat groups. Law enforcement also announced significant disruptions to cybercriminal infrastructure.

Google Gemini Voice Assistant Vulnerability — A flaw allowed attackers to hijack Google Gemini's voice assistant via messaging notifications, potentially controlling smart home devices or initiating calls. Read more →
Mirasvit Magento Vulnerability Exploited — A critical vulnerability (CVE-2026-45247) in the Mirasvit Full Page Cache Warmer extension for Magento is being actively exploited to execute code without authentication. CISA has added this to its KEV catalog. Read more →
Cisco Warns of Critical Unified CM Flaw with PoC — Cisco has issued updates for a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges, with proof-of-concept exploit code now available. Read more →
VS Code Vulnerability Allows GitHub Token Theft — A one-click vulnerability in Microsoft Visual Studio Code (VS Code) could allow attackers to steal GitHub OAuth tokens, granting read and write access to repositories. Read more →
China-Linked TA4922 Expands Phishing Attacks — The China-linked cybercrime group TA4922 is expanding its phishing and malware distribution campaigns, now targeting organizations in the UK, Germany, Italy, and South Africa with tools like ValleyRAT and Atlas RAT. Read more →
FlutterShell Backdoor Spreads to macOS via Malicious Ads — A malvertising campaign, "Operation FlutterBridge," is distributing the new FlutterShell backdoor to macOS users through malicious Google and YouTube ads. Read more →
1.4 Million Accounts Disrupted in Cybercrime Crackdown — Law enforcement and tech companies have disrupted infrastructure linked to scammers operating across Southeast Asia, impacting over 1.4 million accounts. Read more →
Hackers Spied on Stock Exchange Executive's Mailbox — Attackers maintained access to a senior executive's Outlook mailbox at a major global stock exchange for five months, exfiltrating data through cloud services like Dropbox and OneDrive. Read more →