Dirty Frag Turns Linux Footholds Into Root: What Defenders Should Do Now
Microsoft is tracking active Dirty Frag Linux privilege escalation activity. Here is what SMB and gov-contractor defenders should prioritize now.
Prompt Injection Just Became an RCE Problem for AI Agents
Microsoft disclosed Semantic Kernel vulnerabilities showing how prompt injection can cross into code execution when AI agents are connected to unsafe tools. Here is what defenders should review now.
NASA Put a Geospatial AI Foundation Model in Orbit — That Should Make You Think
NASA and IBM’s open-source Prithvi geospatial AI model has now been demonstrated in orbit. The milestone points toward a future where satellites analyze data before sending it home — and where security has to follow AI into operational environments.
PAN-OS Captive Portal Zero-Day Shows Why Internet-Facing Edge Devices Need Immediate Review
Unit 42 reports limited exploitation of CVE-2026-0300, a PAN-OS Captive Portal zero-day. Here is what SMB and government-contractor defenders should check now.
PCPJack Shows Cloud Malware Is Moving From Cryptomining to Credential Theft
SentinelLabs reported PCPJack, a cloud-focused worm that evicts TeamPCP artifacts, steals credentials from exposed infrastructure, and spreads across cloud systems.
Critical Cisco IMC Authentication Bypass Enables Unauthenticated Admin Access
Cisco has released urgent security patches addressing multiple critical and high-severity vulnerabilities, including a maximum-severity authentication bypass in the Integrated Management Controller (IMC) that allows unauthenticated attackers to gain administrative access to affected systems. CVE-2026-20093: The Core Vulnerability Tracked as CVE-2026-20093, this critical vulnerability exists in the Cisco IMC password change functionality. The flaw enables…
Critical Cisco IMC Authentication Bypass Grants Remote Attackers Admin Privileges
Cisco has released emergency security updates to patch a critical authentication bypass vulnerability in its Integrated Management Controller (IMC), a critical component embedded on the motherboard of Cisco UCS C-Series and E-Series servers that provides out-of-band management capabilities. The Vulnerability: CVE-2026-20093 Tracked as CVE-2026-20093, this maximum-severity flaw exists in the password change functionality of Cisco…
CrystalX RAT: New Malware-as-a-Service Combines Spyware, Stealer, and Prankware Capabilities
Kaspersky researchers have uncovered CrystalX RAT, a sophisticated new malware-as-a-service (MaaS) platform that combines remote access trojan capabilities with data theft, keylogging, and uniquely disturbing prankware features designed to psychologically torment victims. From Webcrystal to CrystalX: The Evolution First observed in January 2026 as Webcrystal RAT, the malware was initially promoted through private Telegram groups….
CL-STA-1087: Chinese APT Targets Southeast Asian Militaries with AppleChris and MemFun Backdoors
Unit 42 researchers have uncovered a sophisticated Chinese espionage campaign, designated CL-STA-1087, that has been systematically targeting military organizations across Southeast Asia since at least 2020. The state-sponsored operation demonstrates exceptional operational patience and deploys previously undocumented malware tools designed for long-term intelligence collection against regional defense forces. Executive Summary The investigation reveals a methodical…
UAT-10608: NEXUS Listener Framework Compromises 766 Next.js Hosts in 24-Hour Credential Harvesting Blitz
Cisco Talos has disclosed a large-scale automated credential harvesting campaign carried out by a threat cluster they are tracking as “UAT-10608.” The systematic exploitation campaign leverages a custom framework called “NEXUS Listener” to target Next.js applications vulnerable to React2Shell (CVE-2025-55182), resulting in the compromise of at least 766 hosts within a 24-hour period. Key Findings…