Cybersecurity, vulnerabilities, threats, and defense
NFCShare Android malware has expanded from targeting a single German bank to hitting financial institutions across Italy and Spain, using fake banking app updates hosted on GitHub to steal credit card data via NFC.
A bipartisan House bill would force frontier AI developers to submit to independent audits, fund open-source security grants, and create AI security testbeds — but its preemption of state AI laws has sparked fierce opposition from both sides of the aisle.
A breach at Nelnet Servicing exposed names, addresses, and Social Security numbers for 2.5 million student loan borrowers — and the timing couldn’t be worse with loan forgiveness scams already circulating.
The Shai-Hulud supply-chain campaign compromised 19 scientific PyPI packages (Dynamo, Spateo, CoolBox, U-FISH, and more) with malware that steals developer secrets — cloud keys, publishing tokens, SSH keys, and AI tool configs. The payload triggers on any Python invocation.
A single-character typo in the Linux kernel’s nf_tables code (CVE-2026-23111) turns any unprivileged local account into root — and working exploits are now public. Full technical write-ups from Exodus Intelligence and FuzzingLabs detail Debian, Ubuntu, and RHEL exploitation paths.
Vibe-coded apps built by non-developers are exposing medical records, financial data, and corporate secrets on the open internet — and most security teams have zero visibility into what’s been deployed.
Meta detected a new NSO Group spear-phishing campaign targeting WhatsApp users, took down the infrastructure, and filed a contempt order — the spyware vendor was already under a permanent injunction.
Bishop Fox researchers have confirmed that three patched Ubiquiti UniFi OS Server vulnerabilities (CVE-2026-34908/34909/34910) chain into an unauthenticated root RCE. No credentials or user interaction required — and there’s no authentication log trail to detect it.
A critical Check Point VPN flaw (CVE-2026-50751) lets attackers bypass passwords entirely by exploiting the deprecated IKEv1 protocol. Active exploitation is underway against dozens of organizations, with at least one Qilin ransomware affiliate already leveraging the access.
Check Point’s VPN zero-day CVE-2026-50751 is being actively exploited by the Qilin ransomware gang. Only affects deprecated IKEv1 setups, but patching can’t wait.
