Security news.
Critical vulnerabilities in enterprise communications and development tools are under active exploitation, with CISA issuing urgent patching deadlines. Russian intelligence continues targeting messaging apps with sophisticated account takeover techniques, while supply-chain attacks persist across npm packages and third
CISA Sets Urgent Deadline to Patch Cisco CUCM Flaw Under Active Exploitation
CISA mandated federal agencies patch CVE-2026-20230, a critical SSRF vulnerability in Cisco Unified Communications Manager Server being actively exploited, by Sunday.
FBI Warns Russian Intelligence Now Stealing Signal Backup Recovery Keys
Russian state hackers have escalated phishing campaigns targeting Signal accounts by coercing victims to surrender their Backup Recovery Keys, enabling permanent account takeover and access to all message history.
Amazon Q Developer Flaw (CVE-2026-12957) Allowed Cloud Credential Theft via Malicious Repos
A high-severity vulnerability in Amazon Q Developer's Model Context Protocol handling let attackers steal AWS credentials when developers opened malicious repositories; Amazon has patched the CVSS 8.5 flaw.
CISA Adds PTC Windchill RCE (CVE-2026-12569) to KEV as Web Shell Attacks Continue
CISA added the critical remote code execution flaw in PTC Windchill PDMlink and FlexPLM to its Known Exploited Vulnerabilities catalog following evidence of active exploitation and web shell deployment.
Polymarket Customers Lose $3 Million in Third-Party Vendor Supply-Chain Attack
Hackers injected malicious scripts into Polymarket's frontend after breaching a third-party vendor, stealing approximately $3 million; the platform committed to full reimbursement.
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Campaign
Kaspersky discovered a previously undocumented malware family, SharkLoader, delivering Cobalt Strike Beacon to diplomatic and government targets in Indonesia and Taiwan.
Linux Kernel Privilege Escalation (CVE-2026-46331 "pedit COW") Exploited in the Wild
A critical out-of-bounds write vulnerability in the Linux kernel's packet-editing action (act_pedit) allows local unprivileged users to gain root access; public exploits appeared within a day of CVE assignment.
Miasma Malware Compromises npm Packages and GitHub Actions in Ongoing Supply-Chain Campaign
The Mini Shai-Hulud/Miasma/Hades malware family has compromised new npm packages including LeoPlatform and RStreams, abusing GitHub Actions workflows and expanding into the Go ecosystem.