Cybersecurity, vulnerabilities, threats, and defense
Microsoft removed 73 GitHub repositories after the Miasma supply-chain worm compromised them to distribute password-stealing malware. All repos are restored, but the worm’s targeting of AI coding tools signals a new phase in supply-chain attacks.
CVE-2026-44963 lets any low-privilege domain user execute code as root on Veeam Backup & Replication servers. With ransomware gangs actively targeting Veeam infrastructure, patching to version 12.3.2.4854 isn’t optional — it’s urgent.
Cisco’s SD-WAN platform has its seventh actively exploited zero-day of 2026 — CVE-2026-20245 lets attackers run commands as root, and there’s still no patch available.
A malware campaign targeting South Korea uses GitHub repositories as command-and-control servers, with malicious LNK files fetching PowerShell payloads and exfiltrating data through the developer platform.
Google patched CVE-2026-11645, a fifth Chrome zero-day this year, involving a V8 out-of-bounds read/write that can bypass ASLR. The exploit is already in the wild — here’s what to do.
CISA ordered federal agencies to patch Check Point VPN flaw CVE-2026-50751 within 3 days. Ransomware gangs, including Qilin affiliates, have been exploiting it as a zero-day since May.
A Booz Allen Hamilton study found that three of four Chinese AI coding models produced more vulnerable code when prompts identified the user as a U.S. government developer, with Qwen3-Coder showing a 130% increase in vulnerabilities. The report raises urgent questions about AI supply chain security.
Researchers ran static analysis tools on 658 leaked malware projects and found nearly 90% contained recognizable code weaknesses — including disabled TLS validation and shared vulnerable code fragments that defenders could exploit across multiple threat families.
NFCShare Android malware has expanded from targeting a single German bank to hitting financial institutions across Italy and Spain, using fake banking app updates hosted on GitHub to steal credit card data via NFC.
A bipartisan House bill would force frontier AI developers to submit to independent audits, fund open-source security grants, and create AI security testbeds — but its preemption of state AI laws has sparked fierce opposition from both sides of the aisle.
