šŸ” IT News Analyzer

// AI-powered news analysis

Latest Top 10 Articles

1
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero hasĀ disclosed seven vulnerabilitiesĀ inĀ  FatFs , a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built on real-time operating systems. On the worst-affected systems, an attacker who gets a booby-trapped USB drive, SD card, or update file onto a device can corrupt its memory and run their own code. Many embedded devices lack the memory protections found on phones and desktops, which is why runZero says "any physical access leads to a jailbreak." A public kiosk, a camera with an SD slot, an ATM, or a voting machine with a USB port should not hand over full control after a moment of physical access, but here it can. All seven bugs work the same basic way. The device tries to read a storage vo...

ī ‚Jul 03, 2026
3
New

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos , recently found a different bug. The AI caught one flaw and missed this one. A researcher, Jaeyoung Chung, found it and built a working attack. How the Bug Works Epoll is a standard Linux feature that lets a program watch many files or network connections at once. Servers, network services, and web browsers all lean on it. You cannot simply switch it off. Bad Epoll is a "use-after-free" bug. Two parts of the kernel try to clean up the same internal object at the same time. One frees the memory while the other is still writing into it. That brief collision lets an attacker corrupt kernel memory, then climb from a normal account up to root...

ī ‚Jul 03, 2026
4
New Avalon Malware Framework Packs CrownX Ransomware Capabilities

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one umbrella. The ransomware component has been internally named CrownX.Ā  "The attack began with a spoofed legal document email directing recipients to a password protected archive on Proton Drive," Blackpoint Cyber researchers Nevan Beal and Sam Decker said . "Malicious content was embedded inside an ISO image rather than attached directly, reducing the likelihood of detection at the email layer." Should the email recipient interact with a document-themed Windows Shortcut ("Secure Document CA-283505.pdf.lnk") inside the mounted image, it triggers a staged malware s...

ī ‚Jul 03, 2026
5
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legitimate " rollup-plugin-polyfill-node " project, down to the description, repository metadata, and package shape. "The lookalike packages place themselves in the same rollup, polyfill, core, and node naming space, which can look plausible during a quick dependency review," JFrog said in a technical write-up of the campaign. The campaign also involves four other packages, all of which have since been removed from the npm registry - quirky-token react-icon-svgs rollup-plugin-polyfill-connect swift-parse-stream What's noteworthy here is that "rollup-packages-polyfill-core" installs and loads "swift-parse-stream,...

ī ‚Jul 03, 2026
6
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations," Kaspersky said in a technical analysis published today. "Their toolkit features obfuscated, modular RATs and infostealers specifically engineered to bypass dynamic analysis." The attacks are also characterized by the use of tools like Go2Tunnel for remote access and network tunneling. The wide variety of tools in its arsenal allows the threat actor to maintain persistent access to compromised hosts, steal credentials and sensitive data, and dynamically deliver modules tailored to the victim's profile. The Russian cybersecurity vendor said Armored Likho shares possible overlaps with a threat cluster tracked by BI.ZONE under...

ī ‚Jul 03, 2026
8
European Parliament Member Investigating Spyware Was Hacked With Pegasus

European Parliament Member Investigating Spyware Was Hacked With Pegasus

A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial surveillance tools in the bloc. "Through forensic analysis of his device, we found that the attackers could have had access to confidential documents and committee deliberations," the Citizen Lab researchers John Scott-Railton, Bill Marczak, Bahr Abdul Razzak, Kate Pundyk, Siena Anstis, and Ron Deibert said . The infections have not been attributed to a particular government at this time, and there is no evidence that the Greek government is behind the activity. However, the Canadian interdisciplinary research laboratory noted that it identified an overlap between the first infection and a previous campaign targeting Russian and Belarusian-speaking exiled journalists and activists in Europe. ...

ī ‚Jul 03, 2026
9
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to validate the victim's login password through the macOS Pluggable Authentication Modules ( PAM ) before capturing it. The malware is delivered in two stages: A compiled AppleScript distributed inside a disk image that's designed to download and stage a follow-on payload. The secondary artifact is a Rust-based infostealer capable of credential theft, browser data collection, persistence, and exfiltration. The initial access vector for the malware is a lookalike site ("maccyapp[.]com") that mimics Maccy ("maccy[.]app"). The AppleScript ("Maccy.scpt") pres...

ī ‚Jul 03, 2026
10
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

Google has significantly degraded NetNut , one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG)Ā  said this week Ā it had reduced the network's pool of usable devices by millions. Google identifies NetNut, also tracked as Popa , as a network spread across home devices worldwide, including smart TVs and streaming boxes , and GTIG estimates the network holds at least 2 million devices. If one of those devices is in your home, strangers can route their own traffic through your internet connection, and your address gets the blame for whatever they do with it. How It Works A residential proxy network sells access to real home internet addresses. Attackers pay to route their traffic through your connection so it looks like ordinary home browsing, not the datacenter traffic that security tools tend to block. To build that pool, operators nee...

ī ‚Jul 02, 2026