Risk & Resilience

Ivanti warns of CVE-2026-6973 in EPMM being actively exploited in limited attacks, enabling admin authenticated remote code execution, alongside multiple patched vulnerabilities.

Dirty Frag Linux kernel vulnerability enables local privilege escalation to root across major distributions including Ubuntu, RHEL, Fedora, and CentOS, with active exploitation risk.

China linked group Silver Fox targets organizations in India and Russia using phishing emails with tax themed lures to distribute ValleyRAT and newly identified ABCDoor malware, according to Kaspersky analysis.

A critical cPanel vulnerability CVE 2026 41940 is being actively exploited to target government, military, and MSP networks globally, enabling authentication bypass and remote control, with thousands of systems impacted.

A critical Weaver E-cology vulnerability CVE 2026 22679 is being actively exploited, enabling unauthenticated remote code execution through debug API endpoints affecting enterprise systems globally.

AI assisted cyber attacks are rising sharply in 2026, lowering barriers for attackers, accelerating exploit timelines, and increasing phishing, malware, and supply chain threats globally.

A global operation led by U.S., China, and UAE authorities dismantled nine crypto scam centers, arrested 276 suspects, and seized $701 million while exposing large scale cryptocurrency fraud and human trafficking linked cyber operations.

A large scale phishing campaign dubbed AccountDumpling has compromised 30000 Facebook accounts by abusing Google AppSheet Netlify and Telegram for credential theft and monetization.

PwC partners with Google Cloud to introduce an AI powered managed security service using agentic workflows, targeting mid sized and smaller enterprises with unified detection and response capabilities.

A critical SQL injection flaw in LiteLLM tracked as CVE 2026 42208 was exploited within 36 hours of disclosure, exposing AI gateway credentials and database access risks.

Security researchers identified 73 fake Microsoft VS Code extensions on Open VSX tied to GlassWorm v2 malware campaign targeting developers through supply chain attacks and sleeper packages.

Chinese national Xu Zewei linked to Silk Typhoon hacking group has been sacked and extradited from Italy to United States over cyberattacks targeting COVID research systems and Microsoft Exchange vulnerabilities.