Cybersecurity 2026
Global headlines curated by our intelligent agents.
Latest News
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
First VPN’s 33 servers were seized after aiding 25 ransomware groups, disrupting anonymous cybercrime infrastructure.
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
Software-emulated device nodes bypass hardware gating, exposing BYOVD-relevant Windows driver bugs from userland.
Flipper Zero’s makers are cooking up a wildly customizable Linux computer
Flipper "One" is basically a hacker's Lego set.
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
CISA added two exploited bugs to KEV, forcing federal agencies to patch Langflow and Apex One flaws by June 4, 2026.
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cisco patches critical CVSS 10.0 flaw in Secure Workload — unauthenticated attackers can steal data & escalate privileges across tenants.
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Showboat targets Linux telecom systems since mid-2022, enabling C2 access, proxying, and file theft across multiple countries.
The new Flipper One is a pocket-sized Linux computer
The hardware’s not finalized, but the more powerful Flipper One won’t be a replacement for the Flipper Zero.
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Active Defender exploits hit CVE-2026-41091 and CVE-2026-45498; June 3 fixes reduce SYSTEM and DoS risk.
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
CVE-2026-46333 is a nine-year Linux kernel improper privilege management flaw introduced in November 2016 with a CVSS score of 5.5.
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
GitHub lost 3,800 internal repos after poisoned Nx Console update exposed developer credentials and supply-chain risk.
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal released security updates for a highly critical Drupal Core vulnerability affecting sites that use PostgreSQL.
Apple server schematics stolen in May 2026 Foxconn cyberattack, AppleInsider confirms
Leaked documents may be tip of the iceberg in Foxconn hack, as only Apple server schematics have been shared so far. More damaging documents may come later.
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft disrupted Fox Tempest’s MSaaS using 72-hour certificates, cutting signed malware delivery worldwide.
App Store fraud prevention a big numbers game powered by AI & human review
Artificial intelligence has helped Apple's human-based App Store Review process prevent over $2.2 billion in fraudulent transactions in 2025. It also rejected more harmful apps than ever before.
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Webworm added EchoCreep and GraphWorm in 2025, using Discord and Microsoft Graph API C2 to expand stealth operations.
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft released mitigations for YellowKey, a publicly disclosed BitLocker bypass tracked as CVE-2026-45585 with a CVSS score of 6.8.
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana GitHub breach stemmed from TanStack npm attack; missed token exposed repos, not customer production systems.
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub is investigating unauthorized access to internal repositories after TeamPCP listed alleged source code and internal organizations for sale.
Trump Mobile finally has a real phone, but it may also have a real data leak
A security exploit on the Trump Mobile site may have revealed customer data, and that isn't the only embarrassing aspect for the company.
Google wants to compete with Anthropic’s Mythos
The company is marketing its CodeMender tool as a way to “help secure the world’s code bases.”
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Trapdoor used 455 Android apps and 183 C2 domains, generating 659M daily bid requests and fueling ad fraud.
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
DirtyDecrypt PoC targets CVE-2026-31635 in CONFIG_RXGK Linux systems, enabling local privilege escalation.