Latest Internet & Cybersecurity News
Palo Alto PAN-OS authentication bypass is being actively exploited
CISA added CVE-2026-0257 affecting PAN-OS and Prisma Access to its Known Exploited Vulnerabilities catalog after reports of active exploitation. The flaw can let attackers forge authentication override cookies and establish unauthorized VPN access, and vendors have already issued patched versions.
Trump Mobile confirms customer data exposure
Trump Mobile said customer names, addresses, email addresses, phone numbers, and other data were exposed online through a third-party platform provider. The incident adds to a growing set of consumer-facing data breaches highlighted this week.
FIFA World Cup phishing campaigns are ramping up
Security researchers reported phishers impersonating FIFA and related organizations ahead of the 2026 FIFA World Cup. Group-IB said it found more than 4,300 fraudulent domains and a sophisticated campaign attributed to a Chinese-speaking group dubbed Ghost Stadium.
CISA expands its catalog with supply-chain attack vulnerabilities
CISA added three vulnerabilities tied to recent software supply-chain attacks involving Daemon Tools Lite, TanStack, and Nx Console. The agency’s move signals continued concern over package and developer-tool compromise paths that can spread quickly across organizations.
Sonatype warns of a malicious npm package campaign
Sonatype reported 176 malicious npm packages carrying postinstall scripts designed to install information-stealing malware. The campaign underscores how open-source package ecosystems remain a major distribution channel for credential theft and endpoint compromise.
UK Visa Portal exposed more than 100,000 documents
TechCrunch reported that the UK Visa Portal publicly exposed over 100,000 documents belonging to visa applicants. The exposure reportedly involved sensitive applicant records, raising privacy and identity-risk concerns.
LinkedIn-themed phishing uses fake business inquiry attachments
A phishing campaign is impersonating LinkedIn with emails that look like business inquiries and include fake PDF contract attachments. According to SecurityWeek, the attachments are actually HTML files that redirect victims through the Adobe Target A/B testing platform.
SolarWinds-era Russian hackers reportedly had deep Treasury access
Documents submitted in a Freedom of Information Act lawsuit reportedly show the Russian state-sponsored group behind the 2019-2020 SolarWinds attack had deep access to Treasury emails. The filing says the attackers focused on eight email accounts tied to about 300 other addresses.
VS Code Remote-SSH extension vulnerability could enable remote code execution
Security researcher Suman Kumar Chakraborty warned that a flaw in the VS Code Remote-SSH extension could let an attacker modify a bootstrap script and pivot to remote systems. The issue stems from the way the extension writes the script to a temp directory before transmission and execution.
Veeam patches two high-severity Backup & Replication flaws
Veeam resolved two high-severity vulnerabilities that could lead to privilege escalation and arbitrary file writes. Backup platforms are frequent high-value targets because compromising them can expose backups and accelerate ransomware impact.