Cybersecurity
Curated coverage and analysis in this editorial area.
Google Gemini Hijacked via Messaging Notifications: The 'Dual Illusion' Attack
SafeBreach researchers have demonstrated how the Google Gemini voice assistant on Android can be hijacked through indirect prompt inje…
CVE-2026-20230: Public PoC for Cisco Unified CM Vulnerability Risks Remote Root Access
Cisco disclosed on June 3, 2026, that proof-of-concept code is available for CVE-2026-20230, a critical SSRF vulnerability in Unified…
SI-CERT: How a 13-Person Team Manages 6,000 Annual Incidents
Slovenia’s national CSIRT, SI-CERT, processes 6,000 cyber incidents annually with a core staff of just 13. By deploying a specialized…
Tuskira Unveils Quell: AI Agent Designed to Mitigate Zero-Days Before Patches Exist
Tuskira has launched Quell, an AI agent that maps attack paths and orchestrates compensating controls to neutralize zero-day threats a…
Gamaredon APT Weaponizes WinRAR Path Traversal Bug for Ukrainian Espionage
The Gamaredon APT group is exploiting CVE-2025-8088, a path traversal vulnerability in WinRAR, to deploy a modular malware suite again…
Gitea Bug Exposed Private Container Images for Four Years
CVE-2026-27771: A critical flaw in Gitea’s container registry left approximately 31,750 instances vulnerable for nearly four years. Di…
Tina Peters Released: Election Insider Threat Becomes Political Flashpoint
Colorado Governor Jared Polis commutes the sentence of former clerk Tina Peters. CyberScoop and The Independent detail her release, th…
Audit Slams NIST Over NVD Collapse: 27,000 CVE Backlog and $200,000 in Wasted Funds
A Department of Commerce OIG audit documents the systemic failure of the National Vulnerability Database pipeline, revealing a backlog…
Cyber Brief: Trump Mobile Breach, FIFA Phishing Surge, and CISA Supply Chain Alerts
Three major security incidents converge ahead of the 2026 World Cup: Trump Mobile confirms a third-party data breach, Group-IB uncover…
Carnival Confirms Social Engineering Breach Impacting 6 Million People
Carnival Corporation has confirmed a data breach affecting 5.99 million individuals following a social engineering attack on an employ…
BTMOB: The Malware-as-a-Service Erasing Technical Barriers to Android Takeover
ESET researchers have detailed BTMOB, an Android RAT sold as a service featuring a no-code builder. For a $5,000 lifetime fee, even lo…
7-Zip CVE-2026-48095: NTFS Heap Overflow Enables Vtable Hijacking
A critical heap buffer overflow in 7-Zip 26.00 allows for Remote Code Execution (RCE) via specially crafted NTFS files, regardless of…