Security news.
Today's threat landscape is dominated by AI-powered attacks and critical infrastructure vulnerabilities. Ransomware gangs are now automating intrusions with LLM agents, while major proxy networks enabling cybercrime have been disrupted. Multiple zero-days and actively exploited flaws demand immediate patching across enterprise systems.
JadePuffer ransomware conducted entirely by LLM agent
Researchers identified the first documented ransomware operation fully automated by a large language model, marking a significant escalation in AI-driven cyber threats.
North Korean actors publish 108 malicious packages in PolinRider campaign
Threat actors linked to Contagious Interview distributed malicious npm, Packagist, Go packages and Chrome extensions; the campaign remains active with new packages appearing regularly.
Bad Epoll Linux kernel flaw (CVE-2026-46242) enables unprivileged root access
A critical vulnerability in Linux kernel code allows ordinary users to gain full system control; affects desktops, servers, and Android with patches available.
NetNut residential proxy network disrupted, 2 million devices disconnected
Google and FBI joint operation significantly degraded the Popa/NetNut botnet that provided access to millions of compromised Android devices for cybercriminals and nation-state actors.
Seven unpatched vulnerabilities in FatFs filesystem affect millions of embedded devices
runZero disclosed critical flaws in FatFs library bundled into security cameras, drones, industrial controllers, and crypto wallets with no patches available.
ConsentFix and ClickFix attacks hijack Microsoft 365 accounts in seconds
New MFA bypass techniques using fake OAuth prompts steal M365 tokens rapidly, bypassing traditional security controls.
Cisco confirms active exploitation of Unified CM vulnerability
Attackers are now exploiting a Unified Communications Manager flaw patched in early June.
CISA: Microsoft SharePoint RCE flaw (CVE-2026-45659) actively exploited
High-severity deserialization vulnerability patched in May is now under active attack; added to CISA's Known Exploited Vulnerabilities catalog.