Cisco on Thursday warned of a zero-day vulnerability in its Catalyst SD-WAN product that could allow an attacker to execute arbitrary commands as root. The vulnerability, tracked as CVE-2026-20245, is the result of insufficient validation of user-supplied input. The flaw, which has a severity score of 7.8, could allow an attacker to conduct command-injection attacks and elevate privileges as the root user. READ MORE...
The hunt is on to find protections against the coming generation of adaptive AI worm malware in order to head off a global incident on the scale of other famous worm events, such as NotPetya, Stuxnet, MSBlast, or the SQL Slammer worm. AI adaptive worms will be autonomous agents that rapidly self-propagate by searching for zero-day bugs, known but unpatched software flaws, and unprotected secrets - and they will be able to do this across multiple environments, morphing dynamically as they go. READ MORE...
The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. This platform is also used by other UK educational organizations, such as King's College London and the University of Manchester, to run their institution-specific career hubs. Founded in 1096, Oxford is a collegiate research university comprising 43 autonomous colleges with more than 26,000 students. READ MORE...
Lansing Community College (LCC) is notifying over 174,000 people that their personal information was compromised in a data breach more than one year ago. The incident was identified in February 2025, roughly one week after hackers gained access to some of its systems using compromised credentials, the Lansing, Michigan public community college says in notification letters sent to the impacted individuals. READ MORE...
Meta has revealed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company's AI-assisted account recovery system. According to the company, a vulnerability in High Touch Support (HTS) allowed unauthorized parties to perform password resets on Instagram accounts. HTS is an AI-assisted account recovery system for Instagram designed to help users regain access to locked accounts. READ MORE...
A new Windows malware campaign hides inside pirated PC games and modified installers for franchises like Far Cry, Need for Speed, FIFA, and Assassin's Creed. Researchers estimate that more than 400,000 devices worldwide have been infected, with around 30,000 users in the US. The infection method is simple and effective. Users are lured into installing a fully functional free game. While the cracked and repacked game appears to work, the malware installs silently in the background. READ MORE...
Meta-owned communications app WhatsApp says it recently detected and disrupted a spear-phishing attempt linked to spyware company NSO Group. The attack is allegedly in defiance of a court order that bars the spyware maker from targeting WhatsApp. WhatsApp filed a lawsuit against NSO in 2019, after it came to light that a zero-day vulnerability had been exploited to deliver spyware to users. READ MORE...
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. The security issue affects versions 1.9.12 and earlier of the plugin and can be leveraged without authentication to execute arbitrary code on the server. Everest Forms Pro is a commercial add-on for the WordPress form builder plugin Everest Forms. READ MORE...
Operating system makers take many steps to prevent their wares from accepting commands from remote devices. The safeguards, designed to thwart malicious attacks, typically require hackers to jump through all kinds of hoops to bypass the measures. But what if remote code execution were as simple as being within Bluetooth range of a speaker connected to the targeted device? It turns out it can, at least when the speaker is a Sound Blaster Katana V2X sold by Singapore-based Creative Technologies. READ MORE...