CSO Online

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to ...

New Fragnesia Linux flaw lets attackers gain root privileges

Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
The Hacker News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...
Infosecurity Magazine

Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities

Two new high-severity vulnerabilities, dubbed ’Dirty Frag’ when chained, have been found in the Linux kernel, affecting most ...

Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...
The Hacker News

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

PamDOORa Linux backdoor abuses PAM modules for SSH persistence and credential theft, increasing Linux server compromise risks ...
SecurityWeek

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...

Ars Asks: Share your shell and show us your tricked-out terminals!

Exposure therapy to the bash shell brought me to the tipping point, and I jumped ship to the Macintosh side of the house. It ...
SecurityWeek

Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Threat actors have started to exploit Copy Fail (CVE-2026-31431), a Linux kernel vulnerability leading to root shell access.