Security news.
Today's cybersecurity landscape highlights the growing sophistication of AI in attacks, with the first documented case of an LLM-driven ransomware operation. Meanwhile, critical vulnerabilities in widely used software and embedded devices demand immediate attention, alongside ongoing efforts to disrupt major botnets and combat nation-state hacking campaigns.
JadePuffer Ransomware Leverages AI Agent for Automated Attacks
Researchers have identified JadePuffer as the first ransomware operation believed to be conducted entirely by a large language model (LLM) agent, automating the entire attack chain.
U.S. Government Entity Paid $1 Million in Data-Theft Extortion
A U.S. government entity reportedly paid approximately $1 million to a group named Kairos to prevent the leak of stolen files, raising questions about the nature of the threat actor.
New "Bad Epoll" Linux Kernel Flaw Grants Root Access, Affects Android
A newly disclosed Linux kernel vulnerability, CVE-2026-46242 (Bad Epoll), allows unprivileged users to gain root control on Linux desktops, servers, and Android devices; a fix is now available.
NetNut Proxy Network Disrupted, 2 Million Infected Devices Cut Off
A joint operation, including Google and the FBI, has significantly disrupted NetNut, a residential proxy network that leveraged millions of compromised Android devices, including smart TVs and streaming boxes.
North Korean Hackers Publish 108 Malicious Packages in PolinRider Campaign
North Korean threat actors, linked to the Contagious Interview campaign, have published 108 malicious packages and web browser extensions across npm, Packagist, Go, and Chrome as part of the ongoing PolinRider operation.
Unpatched Flaws in FatFs Filesystem Affect Millions of Embedded Devices
Seven vulnerabilities have been disclosed in FatFs, a widely used filesystem library found in millions of embedded devices like security cameras, drones, and industrial controllers, allowing for potential exploitation.
CISA Adds Microsoft SharePoint RCE Flaw to KEV Catalog
CISA has added a high-severity Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability (CVE-2026-45659) to its Known Exploited Vulnerabilities Catalog, urging immediate patching.
Critical Cursor AI Code Editor Flaws Lead to OS-Level RCE
The DuneSlide vulnerabilities in the Cursor AI code editor allow for zero-click prompt injection attacks that can escape the sandbox and execute arbitrary code on the underlying operating system.