Security news.
Today's cybersecurity landscape is marked by critical vulnerabilities across widely used software and active exploitation. Zimbra and U-Boot users are urged to patch immediately, while AI systems face novel injection and hallucination attacks. Authorities are also making strides in prosecuting ransomware operators and disrupting cybercrime infrastructure.
Critical Zimbra Flaw Allows Malicious Code via Crafted Emails
A critical stored XSS vulnerability in the Zimbra Classic Web Client allows specially crafted emails to execute arbitrary code in a user's session. Users are urged to apply updates immediately.
'Ghostcommit' Hides Prompt Injection in Images to Fool AI Agents
Researchers demonstrated a technique dubbed 'Ghostcommit' where a PNG image containing a prompt injection could trick AI code reviewers and agents into exfiltrating repository secrets.
New U-Boot Flaws Enable Stealthy Firmware Attacks
Six vulnerabilities have been found in the U-Boot bootloader, allowing attackers to execute malicious code during device boot, potentially leading to persistent malware and compromised security.
Progress Software Urges ShareFile Customers to Shut Down Servers
Progress Software has issued an urgent advisory for ShareFile customers using Storage Zone Controllers to immediately shut down their Windows servers due to a "credible external security threat."
CISA Adds Two Known Exploited Vulnerabilities to KEV Catalog
CISA has added CVE-2026-48939 (iCagenda Unrestricted File Upload) and CVE-2026-56291 (Balbooa Forms Unrestricted File Upload) to its KEV Catalog, indicating active exploitation.
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Threat actors compromised Injective Labs SDK's GitHub to publish a malicious npm package (@injectivelabs/[email protected]) designed to steal cryptocurrency wallet private keys and mnemonic seed phrases.
Hackers Exploit Critical Auth Bypass in Gitea Docker Image
A critical vulnerability in the official Gitea self-hosted Git service Docker image is being actively exploited, allowing attackers to impersonate any user, including administrators.
Ryuk Ransomware Member Pleads Guilty in the US
A 34-year-old Armenian man has pleaded guilty to hacking U.S. companies and deploying the Ryuk ransomware, facing up to 15 years in prison.