Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431,… Read More »Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431,… Read More »Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. “The toolset… Read More »PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is… Read More »Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
The hardest part of cybersecurity isn’t the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one… Read More »One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches
Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question… Read More »PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the… Read More »Day Zero Readiness: The Operational Gaps That Break Incident Response
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins… Read More »ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems.… Read More »PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code… Read More »vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution