Aggregator

You must login to view this content

BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day (CVE-2024-12356) that was flagged after having been exploited by China-nexus threat actors to breach the US Treasury Department in late 2024, this newest vulnerability was discovered and privately disclosed by a security researcher. About CVE-2026-1731 BeyondTrust Privileged … More →

The post BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) appeared first on Help Net Security.

Roundcube, one of the world’s most popular open-source webmail solutions, has released critical security updates to address a privacy bypass vulnerability. The flaw detailed by NULL CATHEDRAL allowed attackers to load remote images and track email opens, even when users had explicitly configured their settings to “Block remote images.” The vulnerability affects Roundcube Webmail versions […]

The post Roundcube Webmail Vulnerability Let Attackers Track Email Opens appeared first on Cyber Security News.

Development activity on the Linux kernel continues into early 2026 with the stable release of version 6.19. Kernel maintainers have completed the pre-release cycle and merged the final set of changes into the mainline tree. The release follows the ongoing weekly rhythm of code submission and testing that supports Linux’s widespread use across servers, desktops, and embedded systems. In his announcement, Linus Torvalds noted that there were no significant disruptions in the final week of … More →

The post Linux kernel 6.19 reaches stable release, kernel 7.0 work is already underway appeared first on Help Net Security.

A sophisticated new malware strain dubbed “LTX Stealer” has emerged in the cyber threat landscape, utilizing a unique Node.js-based architecture to compromise Windows systems. First surfacing in early 2026, this malicious tool is designed to harvest sensitive user information, including login credentials, browser cookies, and cryptocurrency wallet data. The malware distinguishes itself by packaging a […]

The post New Node.js Based LTX Stealer Attack Users to Exfiltrate Login Credentials appeared first on Cyber Security News.

OpenAI has updated its Europe-facing privacy policy following the November 2024 EU revision, clarifying scope, expanding coverage, and detailing user controls. The updated document is longer, with dedicated sections for data controls and practical resources. It explains key controls and settings within the text, making available choices easier to understand without moving between documents. “This Privacy Policy describes our practices with respect to personal data that we collect from or about you, and how we … More →

The post OpenAI updates Europe privacy policy, adding new data categories appeared first on Help Net Security.

The European Commission has issued preliminary findings that say TikTok breaches the Digital Services Act due to its addictive design. The Commission opened a formal investigation into TikTok in February 2024. The probe examined whether the platform meets its obligations as a very large online platform under the Digital Services Act. These obligations include identifying risks linked to the service and taking steps to reduce them. According to the Commission, “TikTok did not properly assess … More →

The post TikTok under EU pressure to change its addictive algorithm appeared first on Help Net Security.

ScarCruft, a prolific North Korean-backed advanced persistent threat (APT) group, has significantly refined its cyberespionage capabilities in a newly identified campaign distributing the ROKRAT malware. This recent activity marks a strategic deviation from their traditional reliance on LNK-based attack chains, pivoting instead to a complex infection method utilizing Object Linking and Embedding (OLE) objects embedded […]

The post ScarCruft Abuses Legitimate Cloud Services for C2 and OLE-based Chain to Drop Malware appeared first on Cyber Security News.