Security news.
Critical Linux kernel vulnerabilities and AI-driven attacks dominate today's threat landscape. A proof-of-concept exploit for the "Bad Epoll" root escalation flaw has been released, while researchers demonstrate how prompt injection attacks can manipulate AI agents into making unauthorized crypto payments. Major infrastructure disruptions continue with the NetNut proxy network seizure affecting millions of compromised devices.
PoC Released for Linux 'Bad Epoll' Root Escalation (CVE-2026-46242)
A proof-of-concept exploit for the critical Linux kernel vulnerability enabling unprivileged users to gain root access is now public, affecting Linux desktops, servers, and Android systems.
Prompt Injection Attacks Exploit Autonomous AI Agents for Crypto Theft
Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to trick AI agents browsing the web into making unauthorized cryptocurrency payments.
Google and FBI Disrupt NetNut Proxy Network, Affecting 2 Million Devices
A joint operation seized hundreds of domains associated with NetNut, a residential proxy service that provided access to millions of compromised Android devices including smart TVs and streaming boxes used for fraud and cyberattacks.
China-Nexus Hackers Deploy DcRAT via Fake Indian Tax Filing Utility
Operation DragonReturn targets Indian taxpayers and finance professionals with spear-phishing emails impersonating the Income Tax Department to deliver a remote access trojan for data theft.
TrojPix Attack Exfiltrates Data from Air-Gapped Systems via Video Cable Emissions
Researchers demonstrated a novel technique that modulates on-screen pixels to create radio signals detectable by nearby receivers, enabling data theft from isolated systems once malware is present.
Critical Cursor AI Code Editor Flaws Enable OS-Level Remote Code Execution
The DuneSlide vulnerabilities allow zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.
CitrixBleed Vulnerability Actively Exploited Post-Disclosure
Hackers are targeting NetScaler appliances using public proof-of-concept code to retrieve arbitrary memory content in HTTP responses.
CISA Adds CVE-2026-45659 (Microsoft SharePoint) to Known Exploited Vulnerabilities
Microsoft SharePoint Server deserialization vulnerability is now confirmed as actively exploited in the wild.