Security news.
Today's cybersecurity landscape is marked by active exploitation of critical vulnerabilities in Gitea, Adobe ColdFusion, and a 16-year-old Linux kernel flaw, allowing for authentication bypass, code execution, and VM escapes. Additionally, CISA has added several actively exploited vulnerabilities to its KEV catalog, while new malware campaigns target routers and Android banking users.
Critical Gitea Flaw Under Active Exploitation
Attackers are exploiting CVE-2026-20896 in Gitea to bypass authentication with a single HTTP header, gaining access to repositories and secrets.
Critical Adobe ColdFusion Vulnerability Exploited
A recently patched critical vulnerability (CVE-2026-48282) in Adobe ColdFusion, with a CVSS score of 10/10, is actively being exploited by hackers.
Januscape Linux Flaw Allows VM Escape on Intel, AMD Devices
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added CVE-2026-48908 (JoomShaper SP Page Builder), CVE-2026-55255 (Langflow), and CVE-2026-56290 (Joomlack Page Builder) to its KEV Catalog, based on evidence of active exploitation.
Hidden Backdoor in Tenda Router Firmware Grants Admin Access
Multiple Tenda router firmware versions contain an undocumented authentication backdoor (CVE-2026-11405) that could allow attackers to gain administrative access to the device's web management panel.
Chinese Hackers Develop LONGLEASH Malware to Expand ORB Network
Chinese hacking group 'UAT-7810' is using new LONGLEASH malware to compromise internet-facing networking devices, primarily unpatched Ruckus routers, to expand their Operational Relay Box (ORB) network.
RedWing MaaS Packages Android Bank Fraud as Telegram Rental Service
A new Android malware operation called RedWing, a variant of Oblivion, is being rented on Telegram to low-skill criminals to take over phones, steal banking logins, and capture one-time codes.
BeyondTrust Warns of Critical Flaws in Remote Access Software
BeyondTrust has patched two critical vulnerabilities (CVE-2026-40138 and CVE-2026-40139) in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to bypass authentication.