News
AI-as-a-Service Botnet Routes Malicious Workloads Across Compromised Windows and Linux Hosts
7+ hour, 48+ min ago (404+ words) Those building blocks are not new. What makes Mycelium notable is its advertised purpose to treat compromised endpoints not as disposable bots but as a capability'aware. AI compute platform that dynamically routes workloads (inference, cracking, reconnaissance, exploit development, and social…...
Fancy Bear Uses LSB Steganography and Reflective Loading to Run C# Remote-Control Trojan
5+ hour, 2+ min ago (518+ words) A new intrusion campaign attributed to APT'C'20 (aka Fancy Bear, APT28) demonstrates the group's continued refinement of stealthy, fileless techniques: weaponized Office documents that deploy a COM'hijacking DLL. Extract shellcode hidden via LSB steganography in a PNG, and use reflective loading to…...
Git Lost Vulnerability Lets Attackers Trick Git Hub AI Agent Into Leaking Private Repos
13+ hour, 51+ min ago (427+ words) A critical vulnerability known as "Git Lost" has been discovered in Git Hub's newly introduced Agentic Workflows by Noma Labs. This flaw allows unauthenticated attackers to exfiltrate sensitive data from private repositories. Git Hub Agentic Workflows combine Git Hub Actions…...
PHP PDO Emulated Prepares Expose pdo_pgsql to NULL Pointer Dereference Crash
1+ day, 9+ hour ago (563+ words) A recent security audit of PHP's PDO ecosystem uncovered a denial-of-service vector in the pdo_pgsql driver that can crash PHP processes when emulated prepared statements are enabled. PDO's parser assumes a valid zend_string and dereferences it, triggering a NULL pointer dereference (SIGSEGV)....
16-Year-Old Januscape KVM Escape Vulnerability Lets Attackers Compromise Linux Hosts
1+ day, 9+ hour ago (576+ words) A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2026-53359 and named "Januscape," reveals a 16-year-old flaw in KVM/x86 virtualization. This vulnerability allows guest virtual machines (VMs) to escape to the host under specific conditions, raising significant concerns for…...
Insignary Closes SBOM Accuracy Gap With Binary-Level Clarity for Regulatory Risk
2+ day, 3+ hour ago (453+ words) Toronto, Canada, July 6th, 2026, Cyber Newswire Most software composition analysis tools read what developers declare. Insignary Clarity's patented binary-first platform analyzes what is actually built, shipped, and deployed " including the open-source components that never appear in any manifest. Insignary, Inc. , whose…...
Critical Opera GX Vulnerability Lets Attackers Inject CSS Across Every Webpage
2+ day, 6+ hour ago (544+ words) A critical security vulnerability in Opera GX has been disclosed, revealing that attackers could exploit the browser's GX Mods feature to inject malicious CSS across every webpage visited by a victim. This could enable cross-site data exfiltration and have a…...
PHP TLS Flaw Lets Remote Server Trigger Do S and Crash Entire FPM Process
2+ day, 8+ hour ago (409+ words) A newly disclosed high-severity vulnerability in PHP, tracked as CVE-2026-12184, poses a significant risk to web applications by allowing a remotely triggerable denial-of-service (Do S) condition. This vulnerability can cause entire PHP-FPM process pools to crash. Details of the issue are…...
Malicious Agent Skills Can Steal Credentials, Exfiltrate Source Code, and Install Backdoors
2+ day, 10+ hour ago (509+ words) Malicious AI agent skills can be packaged to steal credentials, exfiltrate source code, and install backdoors while still bypassing many current skill-auditing systems. The paper finds that static scanners are especially weak against payload-preserving evasions, while runtime behavior auditing is…...
Fat Fs Vulnerabilities Let Attackers Execute Code via Crafted USB and SD Card Images
2+ day, 12+ hour ago (405+ words) A newly disclosed set of vulnerabilities in the widely used Fat Fs file system library is raising significant concerns across the embedded systems ecosystem. Researchers are warning that specially crafted USB drives and SD card images can trigger memory corruption…...