Today's security brief highlights a critical Linux kernel flaw, active exploitation of a PTC Windchill vulnerability, and a new supply chain attack targeting npm packages and GitHub Actions. Additionally, Russian APT groups continue to deploy new backdoors against Ukrainian targets.

New DirtyClone Linux Kernel Flaw Grants Root Access — A new Linux kernel privilege escalation vulnerability, CVE-2026-43503 (CVSS 8.8), allows local users to gain root privileges by corrupting file-backed memory through cloned network packets. Read more →
PTC Windchill Vulnerability Exploited in the Wild — CISA has added CVE-2026-12569, a remote code execution flaw in PTC Windchill and FlexPLM, to its Known Exploited Vulnerabilities catalog due to active exploitation. Read more →
Miasma Malware Targets npm Packages and GitHub Actions — Researchers have identified an evolution of the Mini Shai-Hulud, Miasma, and Hades malware family, now compromising npm packages and abusing GitHub Actions workflows in a supply chain attack. Read more →
$3 Million Stolen in Polymarket Hack via Third-Party Vendor — Decentralized prediction market Polymarket reported that hackers stole approximately $3 million by compromising a third-party vendor, targeting some of its users. Read more →
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels — An active phishing campaign since April 2026 is targeting hospitality organizations in Europe and Asia, using photo-themed ZIP files to deploy a Node.js implant on front-desk machines. Read more →
Russian APT Turla Deploys 'StockStay' Backdoor Against Ukraine — The Russian state-sponsored threat actor Turla is using a new .NET backdoor, dubbed 'STOCKSTAY,' for espionage against government and military organizations in Ukraine and entities interested in Italian foreign policy. Read more →
Cisco CUCM Flaw Weaponized Within 24 Hours — Attackers quickly weaponized a Cisco Unified CM and Unified CM SME flaw (CVE-2026-20230) that enables server-side request forgery (SSRF) and privilege escalation to root. Read more →
Lantronix Serial-to-IP Converter Flaw Exploited — The Lantronix serial-to-IP converter vulnerability, CVE-2025-67038, part of the BRIDGE:BREAK research project, is now being actively exploited in attacks. Read more →