Security news.
Today's cybersecurity landscape is marked by urgent warnings of Russian state-sponsored cyberattacks on critical infrastructure and active exploitation of several vulnerabilities. Patches are being released for critical flaws in Zimbra and other platforms, while AI-related security concerns continue to emerge, from novel phishing tactics to patent filings with privacy implications.
Zimbra Patches Critical Code Execution Vulnerability
Zimbra has patched a critical flaw allowing malicious code execution from crafted emails opened in the Classic Web Client. Organizations are urged to apply updates.
EU Sanctions Russian GRU Military Hackers Over Cyberattacks
The EU and UK have jointly sanctioned Russian individuals and entities, accusing Russia of coordinating hacking groups responsible for cyberattacks across Europe.
US and Allies Warn of Russian Critical Infrastructure Attacks
Cybersecurity agencies from nine countries warn that Russian state hackers are exploiting vulnerable routers to infiltrate critical infrastructure networks, urging stronger defenses.
CISA Adds Joomla Extension Flaws to KEV Catalog
CISA has added two maximum-severity vulnerabilities (CVE-2026-48939, CVE-2026-56291) in iCagenda and Balbooa Forms Joomla extensions to its Known Exploited Vulnerabilities catalog due to active exploitation.
RabbitMQ Vulnerability Threatens Enterprise Systems
A critical vulnerability in RabbitMQ allows unauthenticated attackers to obtain the broker's confidential OAuth client secret, potentially leading to full control of the broker.
Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns
Progress Software has urged ShareFile customers to shut down their Storage Zone Controllers due to an ongoing investigation into a credible external security threat.
Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory
Cybersecurity researchers observed an intrusion where a threat actor used an apparently AI-generated PowerShell script for Active Directory enumeration, mapping users, computers, and domains.
Centers Laboratory Data Breach Affects 540,000 Individuals
Centers Laboratory, a healthcare testing provider, has reported a data breach impacting 540,000 individuals, with the WorldLeaks extortion group claiming 720 GB of stolen data.