A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators.
The post OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years appeared first on SecurityWeek.
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
The tech giant found that many indirect prompt injection attempts are harmless, but some malicious exploits have also been identified.
The post Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google appeared first on SecurityWeek.
Energy and Water Management Firm Itron Hacked
Itron, which serves utilities and cities around the world, discovered unauthorized access to its systems on April 13.
The post Energy and Water Management Firm Itron Hacked appeared first on SecurityWeek.
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access.
The post UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware appeared first on SecurityWeek.
Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages.
The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared first on SecurityWeek.
US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator
US conducts sweeping crackdown on Southeast Asian cyberscam operations as part of what officials say is a “new theater of war”.
The post US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator appeared first on SecurityWeek.
Firefox Vulnerability Allows Tor User Fingerprinting
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10.
The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first on SecurityWeek.
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
Dubbed GopherWhisper, the group relies on multiple Go-based backdoors alongside custom loaders and injectors.
The post China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks appeared first on SecurityWeek.
Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions
It targeted high-precision calculation software to tamper with results and packed a self-propagation mechanism.
The post Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions appeared first on SecurityWeek.
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device
Other noteworthy stories that might have slipped under the radar: Supreme Court hacker sentenced, Lovable exposed user data, Google expands enterprise security.
The post In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device appeared first on SecurityWeek.
