CISA orders feds to patch max severity ColdFusion flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to patch an actively exploited maximum-severity flaw in the Adobe ColdFusion commercial web app development platform by Friday. The vulnerability (CVE-2026-48282) affects ColdFusion versions 2025.9, 2023.20, and earlier, and can be exploited by remote threat actors without privileges in low-complexity attacks to gain […]
Accenture confirms breach after hacker offers stolen data for sale
IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. “We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery,” Accenture told […]
Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese hackers tracked as ‘UAT-7810’ are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers. According to Cisco Talos researchers, the ORB network serves as a secure relay infrastructure for other China-aligned advanced persistent threats (APTs), including UAT-5918. This type of infrastructure, which […]
Hidden backdoor in Tenda router firmware grants admin access
A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain administrative access to the device’s web management panel. According to a security bulletin from the CERT Coordination Center, the issue remains unfixed because the Chinese maker of the networking equipment couldn’t be reached. CERT/CC says the […]
Spain arrests suspected member of pro-Russian hacktivist groups
Spain’s National Police have arrested a man who is suspected of being an active member of the CyberArmy of Russia Reborn (CARR) and Z-Pentest, both pro-Russian hacktivist groups. Although hacktivism typically refers to cyberattacks intended to promote a political or ideological message rather than cause widespread damage, the two groups have been linked to multiple attacks […]
New Januscape Linux flaw allows VM escape on Intel, AMD devices
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. According to Hyunwoo Kim, the security researcher who discovered it, this guest-to-host escape flaw (tracked as CVE-2026-53359) stems from a use-after-free weakness in the shadow MMU emulation of KVM/x86, the kernel-based virtual machine built for x86 and […]
Microsoft to enable Windows settings backup by default for orgs
Microsoft says the Windows settings backup and restore tool will be enabled by default on Microsoft Entra-joined or Microsoft Entra hybrid-joined enterprise systems after upgrading to Windows 11 26H2. Formerly known as Windows Backup for Organizations, this backup tool helps back up and restore enterprise users’ Windows settings after a device is reset, replaced, upgraded, or […]
BeyondTrust warns of critical flaws in remote access software
BeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication. The first vulnerability, tracked as CVE-2026-40138, affects the company’s RS remote desktop and assistance platform (versions 25.3.2 or earlier) and the PRA enterprise cybersecurity solution (versions 25.3.2 or earlier). […]
Microsoft testing new Cloud Rebuild Windows 11 recovery feature
Microsoft has begun testing the Cloud Rebuild recovery feature in the latest Windows 11 Insider Preview builds released for users in the Experimental channel. First introduced at the Ignite developer conference in November 2025, Cloud Rebuild is a tool that can remotely trigger a complete system reinstall from the cloud for Windows 11 devices experiencing persistent […]
Phishing poses as big-brand job interview to steal Google accounts
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. The operation is abusing the legitimate cloud-based PeopleForce human resources platform and a domain associated with the Salesforce Marketing Cloud service before redirecting the recipient to a […]