Security news.
Today's threat landscape is dominated by active exploitation campaigns, AI-driven attacks, and critical infrastructure vulnerabilities. From LLM-powered ransomware to zero-day probes and supply chain compromises, defenders face an accelerating threat environment requiring immediate patching and vigilance.
JadePuffer: First Complete LLM-Driven Ransomware Attack
An agentic AI threat actor exploited a Langflow flaw to steal data and encrypt systems, demonstrating how LLM agents can automate complex multi-stage intrusions.
Max Severity Adobe ColdFusion Flaw Now Exploited in Attacks
CVE-2026-48282 is actively being exploited in the wild, according to KEVIntel.
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host
CVE-2026-53359 (Januscape), a use-after-free bug in KVM's shadow MMU, allows guest VMs to corrupt host kernel state on Intel and AMD systems; PoC available.
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Attackers are actively exploiting CVE-2026-20896 (CVSS 9.8), which allows unauthenticated users to bypass authentication via the X-WEBAUTH-USER header.
North Korean Hackers Target Open Source Developers in Supply Chain Attacks
The PolinRider campaign has compromised over 100 legitimate open source packages to deliver backdoors and information stealers to developers.
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
An MOIS-affiliated group is deploying the previously undocumented Cavern (Cav3rn) modular C2 framework against Israeli IT providers and government sectors.
Blogspot-Hosted Payloads Delivered in 'Veil#Drop' Attacks
Securonix identified a sophisticated framework abusing compromised websites, Blogspot, and fileless techniques to deploy the PureLog information stealer.
Proof-of-Concept Exploit Released for Linux 'Bad Epoll' Root Access Vulnerability
Public PoC code now available for the Linux root escalation flaw, increasing exploitation risk.