Security Spotlight

Cybersecurity
Cisco Talos Exposes UAT-7810 LONGLEASH Backdoor on Ruckus Routers
Cisco Talos disclosed UAT-7810, a China-linked APT building the LapDogs ORB relay network using LONGLEASH malware on compromised Ruckus and ASUS routers.
Application Security
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Adobe ColdFusion CVE-2026-48282 (CVSS 10) moved from PoC release to confirmed in-the-wild exploitation in under two hours, according to KEVIntel honeypot data.
Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the sandbox and execute system commands.
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
Check Point researchers showed DeepSeek generated InfernoGrabber 9000, near-functional browser ransomware using Chrome's File System Access API to encrypt files across four OS platforms.
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Citrix patched six NetScaler ADC and Gateway vulnerabilities including a new HTTP/2 Bomb denial-of-service vector and information disclosure flaws similar to the CitrixBleed session token ...
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Apple's iOS 26.2 and macOS Tahoe 26.2 updates patch 30-plus flaws, including four WebKit vulnerabilities co-discovered by OpenAI and Anthropic AI systems.
Application Security
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
CISPA researchers disclosed six vulnerabilities in Apple AirDrop and Android Quick Share exposing more than five billion active devices to proximity attacks.
CVE Vulnerability Alerts
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
Attackers exploited SimpleHelp's OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure.
Cybersecurity
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
A threat actor compromised a Gizmodo account to serve ClickFix malware prompts to readers, exploiting brand trust to push PowerShell-based attacks at scale.
Application Security
Anthropic’s Mythos AI Found Flaws in Classified US Government Systems
Anthropic's Mythos AI found real vulnerabilities in classified US government systems during Project Glasswing testing, prompting federal access restrictions.