Security news.
Today's security news highlights persistent threats from Russian intelligence targeting messaging apps and critical infrastructure. Additionally, new vulnerabilities in Linux and AI coding agents pose significant risks, alongside ongoing supply-chain attacks impacting various sectors.
Ukraine Alleges Russian Intelligence Used Fake Texts to Steal Messaging Credentials
The SSU and FBI uncovered a long-running campaign by Russian intelligence to compromise messaging accounts of officials and military personnel in Ukraine, Europe, and the U.S.
Clean GitHub Repo Tricks AI Coding Agents into Running Malware
Researchers demonstrated how a seemingly benign GitHub repository could trick agentic coding tools into executing malicious payloads, evading detection by security scanners and AI.
FBI: Russian Hackers Now Target Signal Backup Recovery Keys
The FBI and CISA warn that Russian intelligence phishing campaigns against Signal users have evolved to steal backup recovery keys, granting attackers access to historical messages.
CISA Sets Urgent Deadline to Fix Exploited Cisco Flaw
CISA has mandated federal agencies patch a actively exploited vulnerability in Cisco Unified Communications Manager Server (CVE-2026-20230) by Sunday.
Chinese Framework Powers 200,000 Scam Sites
Threat actors are leveraging investment scam templates created with the legitimate DCloud Uni-App toolkit to operate hundreds of thousands of fraudulent websites.
Polymarket Customers Lose $3 Million in Supply-Chain Attack
Polymarket will reimburse customers after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor.
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
A new Linux kernel privilege escalation vulnerability, DirtyClone (CVE-2026-43503), allows local users to corrupt file-backed memory and gain root access.
CISA Adds Exploited PTC Windchill RCE Flaw to KEV
CISA has added a critical remote code execution vulnerability in PTC Windchill PDMlink and FlexPLM (CVE-2026-12569) to its Known Exploited Vulnerabilities catalog due to active exploitation.