New Fragnesia Linux flaw lets attackers gain root privileges
…Known as Fragnasia and tracked as CVE-2026-46300 , this security flaw stems from a logic bug in the Linux XFRM ESP-in-TCP subsystem that can enable unprivileged local attackers to…
Search
GitHub links repo breach to TanStack npm supply-chain attack
…Wakes added that GitHub has since secured the compromised device and has yet to find evidence that customer data stored outside the affected repos has been stolen. "We rotated critical secrets Monday…
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
…Application security company StepSecurity notes that the threat actor published the infected packages via the legitimate CI/CD pipeline, carrying valid SLSA provenance attestations issued by npm's signing infrastructure and "tied…
Fake Claude AI website delivers new 'Beagle' Windows malware
…According to the researchers, NOVupdate.exe is a signed updater for G Data security solutions that the hacker uses to sideload the malicious avk.dll and the encrypted NOVupdate.exe.dat file…
Dutch govt disrupts malware botnet with 17 million infected devices
…a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Previous Article Next Article…
Palo Alto Networks firewall zero-day exploited for nearly a month
…Cybersecurity and Infrastructure Security Agency (CISA) also added the CVE-2026-0300 zero-day to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable…
New critical Exim mailer flaw allows remote code execution
…a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Previous Article Next Article…
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
…The same outlet alleges that Danish authorities and infrastructure providers linked WorkTitans to attacks by the pro-Russian hacktivist group NoName057(16), which has previously targeted key organizations with distributed denial-of…
Max-severity flaw in ChromaDB for AI apps allows server hijacking
…However, it remains unclear if the security issue has been fixed. Since February 17, HiddenLayer researchers have attempted to contact the developer multiple times over email and social media, but received no…
Google Chrome adds session cookie theft protection for all users
…hackers from using such stolen cookies to bypass multi-factor authentication (MFA) and hijack users' accounts. DBSC works by cryptographically linking user sessions to the hardware, such as their computer's security…