Skip to content
Security News, Assessments & Alerts Page 15

Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

Swati KhandelwalJun 26, 2026Linux / Vulnerability A flaw in the Linux kernel’s traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed “pedit COW,” is an out-of-bounds write in the… 

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

Ravie LakshmananJun 26, 2026Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management… 

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

Swati KhandelwalJun 26, 2026Linux / Vulnerability DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for… 

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Swati KhandelwalJun 26, 2026Phishing / Malware An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and… 

Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff

Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff

Russian authorities used Cellebrite’s UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to… 

Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an… 

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than…