10 Jul, 2026

Telco giant KDDI says data breach affects over 12 million people

Japanese telecommunications giant KDDI revealed that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country. KDDI is the second-largest mobile telecommunications provider in Japan, with 45,000 employees and annual revenue of $32.4 billion. The company disclosed last month that it blocked […]

2 mins read

CISA orders feds to prioritize patching Langflow auth bypass flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Friday to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents. Langflow is an attractive target for hackers since it’s a popular tool in the AI development ecosystem, offering a drag-and-drop interface to connect nodes into executable pipelines […]

2 mins read

Ubiquiti warns of new max severity UniFi OS vulnerability

Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw tracked as CVE-2026-50746 that can be exploited in command injection attacks. The CVE-2026-50746 vulnerability affects UniFi Connect Application (versions 3.4.16 and earlier), a management software suite that Ubiquiti customers can use to automate and manage commercial building operations (including smart […]

2 mins read

CISA orders feds to patch max severity ColdFusion flaw by Friday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to patch an actively exploited maximum-severity flaw in the Adobe ColdFusion commercial web app development platform by Friday. The vulnerability (CVE-2026-48282) affects ColdFusion versions 2025.9, 2023.20, and earlier, and can be exploited by remote threat actors without privileges in low-complexity attacks to gain […]

2 mins read

Accenture confirms breach after hacker offers stolen data for sale

IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. “We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery,” Accenture told […]

2 mins read

Chinese hackers develop LONGLEASH malware to expand ORB network

Chinese hackers tracked as ‘UAT-7810’ are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers. According to Cisco Talos researchers, the ORB network serves as a secure relay infrastructure for other China-aligned advanced persistent threats (APTs), including UAT-5918. This type of infrastructure, which […]

2 mins read

Hidden backdoor in Tenda router firmware grants admin access

A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain administrative access to the device’s web management panel. According to a security bulletin from the CERT Coordination Center, the issue remains unfixed because the Chinese maker of the networking equipment couldn’t be reached. CERT/CC says the […]

2 mins read

Spain arrests suspected member of pro-Russian hacktivist groups

Spain’s National Police have arrested a man who is suspected of being an active member of the CyberArmy of Russia Reborn (CARR) and Z-Pentest, both pro-Russian hacktivist groups. Although hacktivism typically refers to cyberattacks intended to promote a political or ideological message rather than cause widespread damage, the two groups have been linked to multiple attacks […]

2 mins read

New Januscape Linux flaw allows VM escape on Intel, AMD devices

A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. According to Hyunwoo Kim, the security researcher who discovered it, this guest-to-host escape flaw (tracked as CVE-2026-53359) stems from a use-after-free weakness in the shadow MMU emulation of KVM/x86, the kernel-based virtual machine built for x86 and […]

2 mins read