A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug…
U.S. CISA adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its…
WhatsApp Discovers NSO Group-Linked Spearphishing Attempts
Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing This article has been indexed from www.infosecurity-magazine.com Read the original article: WhatsApp Discovers NSO Group-Linked Spearphishing Attempts
WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group
WhatsApp has disrupted a new spyware campaign linked to the NSO Group, the controversial surveillance vendor behind Pegasus, while simultaneously seeking legal action against the company for allegedly violating a U.S. court injunction. The disclosure highlights NSO’s continued efforts to…
Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026
In 2026, the traditional network perimeter is obsolete. With the widespread adoption of remote and hybrid work models, multi-cloud environments, and a proliferation of IoT devices, the old “castle-and-moat” security model where everything inside the network is trusted by default…
Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges
A newly disclosed Linux kernel vulnerability tracked as CVE-2026-23111 allows local attackers to escalate privileges to root by exploiting a use-after-free flaw in the nftables subsystem. The vulnerability, patched upstream on February 5, 2026, affects the netfilter framework, specifically nftables,…
UK Start-Ups Raise $11bn In Six Months
Start-ups in UK surge past last year’s record fundraise in first half of year, with 32 percent going to AI companies This article has been indexed from Silicon UK Read the original article: UK Start-Ups Raise $11bn In Six Months
Essex NHS Trust Alerts Patients Over Stolen Data
Attack on provider Synnovis breaches patient records from one of England’s largest NHS trusts, in latest fallout from 2024 incident This article has been indexed from Silicon UK Read the original article: Essex NHS Trust Alerts Patients Over Stolen Data
Weedhack MaaS Targets Minecraft Players to Steal Credentials and Hijack Accounts
Weedhack, a Malware-as-a-Service (MaaS) operation specifically engineered to prey on Minecraft players, that has been active since at least January 2026. The service packages credential theft, cryptocurrency wallet extraction, account hijacking and full remote-access capabilities into a low-cost, subscription-based offering…
Claude & Gemini malware, Mythos sneaky flaws, Instagram AI abuse
Microsoft malware hits Claude and Gemini users Mythos can exploit new flaws in hours AI tool abuse behind Instagram hacks Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-gemini-malware-mythos-sneaky-flaws-instagram-ai-abuse/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine…
IT Security News Hourly Summary 2026-06-09 09h : 3 posts
3 posts were published in the last hour 7:4 : LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE 6:34 : NFCShare Android Malware Spreads via Weaponized Banking Apps 6:34 : The architecture of subtraction: Why it’s time…
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command…
NFCShare Android Malware Spreads via Weaponized Banking Apps
A renewed and operationally refined wave of the NFCShare Android banking trojan that delivers NFC card-data theft by masquerading as legitimate banking applications. First documented in January 2026, NFCShare continues to rely on a social‑engineering phishing flow that coerces victims…
The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic
The advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism. Patching is, by definition, a reactive approach to…
Top 10 Best Software Composition Analysis (SCA) Services 2026
In 2026, the foundation of nearly every modern application is built on open-source components. While this accelerates development and fosters innovation, it also introduces a significant attack surface. A single vulnerability in a widely-used open-source library can expose countless applications…
Google Patches 5th Chrome Zero-Day Exploited in 2026
The vulnerability is tracked as CVE-2026-11645 and it was reported in late April by an anonymous researcher. The post Google Patches 5th Chrome Zero-Day Exploited in 2026 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Treating AI agents like service accounts for federated query security
In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than 200…
Hackers Exploit ChatGPT, Claude, DeepSeek Brands in Credential Phishing Attacks
Threat actors are increasingly weaponizing the global fascination with large language models and generative AI by impersonating major AI brands ChatGPT, Anthropic’s Claude, DeepSeek, and others to trick users into revealing credentials, payment information, and to install malware. These campaigns…
Shai-Hulud Malware Campaign Abuses 23 PyPI Packages in Developer-Focused Attack
A rapidly evolving supply chain campaign dubbed “Shai-Hulud” is targeting developers through malicious Python packages. Researchers have identified 23 newly weaponised PyPI artefacts, expanding the scope of the ongoing Mini Shai-Hulud, Miasma, and Hades malware operations. The latest findings highlight…
Check Point VPN Zero-Day Under Active Exploitation by Ransomware Operators
Check Point has disclosed active in-the-wild exploitation of a critical authentication bypass vulnerability, tracked as CVE-2026-50751, impacting Remote Access VPN and Mobile Access deployments configured with the deprecated IKEv1 key exchange protocol. The flaw, assigned a CVSS score of 9.3,…
Malware ships with bugs that defenders could use against it
Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a steady supply of its own bugs. Researchers ran four of these tools…
Apache HTTP Server 2.4.68 Patches Multiple Security Vulnerabilities
Apache has released HTTP Server version 2.4.68, addressing multiple security vulnerabilities across core modules and widely deployed components, reinforcing the importance of timely patching in internet-facing infrastructure. The update resolves a mix of memory safety issues, privilege escalation flaws, denial-of-service…
The security questions around Chinese AI coding models in U.S. software
Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according to a…
Cybersecurity jobs available right now: June 9, 2026
Application Security Architect INTENSITY Global Group | Israel | Hybrid – View job details As an Application Security Architect, you will design secure application architectures, perform threat modeling and security assessments, define security standards and controls, integrate security into the…