These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional —
let us know and we'll correct or remove it.
Trend Micro researchers have documented QLNX, a previously undisclosed Linux implant designed specifically to infiltrate developer workstations and DevOps pipelines. The malware combines a userland LD_PRELOAD rootkit with a kernel-level eBPF component to evade detection, then harvests credentials from more than 20 high-value configuration files including AWS, Kubernetes, GitHub, Docker, npm, PyPI, Vault and Terraform. Only four security tools detected the binary at the time of publication.
At AWS Summit New York 2026, Amazon unveiled the three pillars of its agentic AI infrastructure: Amazon Bedrock AgentCore, a seven-service runtime for deploying enterprise AI agents securely; Kiro, a spec-driven agentic IDE that replaces Amazon Q Developer; and Amazon Quick, the enterprise answer agent replacing Q Business. Together they represent AWS’s most complete statement yet on how it expects organisations to build, run, and govern AI agents in production.
A security researcher known as Nightmare Eclipse has published a new zero-day exploit named GreatXML that bypasses BitLocker encryption on Windows systems by abusing the Windows Recovery Environment and an unattend.xml configuration file left behind by Windows Defender Offline Scan. The exploit requires no login, works on fully patched Windows 11 and Windows Server 2025, and was released publicly with no coordinated disclosure to Microsoft. It is the second zero-day from the same researcher in three days.
The ShinyHunters extortion group has claimed responsibility for a breach of the Council of Europe, alleging the theft of 297 GB of data covering more than 429,000 files and payslips from approximately 10,000 current and former employees. The claimed data includes salary records, bank account details, tax and social security information, CVs, and internal HR documents from the Secretariat, Parliamentary Assembly, and the European Directorate for the Quality of Medicines. The Council of Europe has confirmed it is investigating.
Google Cloud’s H1 2026 Threat Horizons report marks a structural shift in cloud attacks: for the first time, exploiting software vulnerabilities (44.5%) has overtaken credential theft (27.2%) as the primary method attackers use to gain initial access to cloud environments. Worse, threat actors now weaponise newly disclosed cloud vulnerabilities within 48 hours of public disclosure, collapsing the window that patch management processes were designed for.
Security researcher Justin O’Leary disclosed that a critical privilege escalation vulnerability in Azure Backup for AKS allows a user with only the Azure-level ‘Backup Contributor’ role and zero Kubernetes permissions to obtain cluster-admin access on any AKS cluster. Microsoft rejected the vulnerability report, blocked CVE assignment through MITRE, and then silently deployed a fix while publicly stating that ’no product changes were made.’ The vulnerability is tracked as VU#284781 by CERT/CC.
CERT-EU has confirmed that the European Commission’s March 2026 AWS cloud breach, which resulted in 350 GB of stolen data published by ShinyHunters, began with CVE-2026-33634, a supply chain compromise of the Trivy open-source vulnerability scanner. The threat actor group TeamPCP tampered with Trivy’s GitHub Actions workflow, injecting a credential-stealing payload into over 10,000 CI/CD pipelines worldwide. Any organisation whose pipelines used Trivy between 19 and 24 March 2026 should treat all secrets harvested during that window as compromised.
A security researcher known as Nightmare Eclipse published a new Windows Defender zero-day exploit named RoguePlanet just hours after Microsoft’s June 2026 Patch Tuesday, granting SYSTEM-level privileges on fully patched Windows 10 and 11. The disclosure is the third in three consecutive months and arrives without a patch available, leaving all Windows environments with Microsoft Defender enabled currently exposed.
Splunk has released emergency patches for CVE-2026-20253, a critical vulnerability in Splunk Enterprise rated CVSS 9.8, that allows any network-reachable attacker to create or truncate arbitrary files without authentication through an exposed PostgreSQL sidecar service endpoint. Internet-facing Splunk deployments are at immediate risk of full system compromise, and the fix requires upgrading to versions 10.4.0, 10.2.4, or 10.0.7 or later.
Tenet Security’s Threat Labs have published research demonstrating a novel attack class called Agentjacking, in which attackers inject malicious instructions into Sentry error event payloads to trick AI coding agents into executing attacker-controlled code on developer machines. Tested against Claude Code, Cursor, and other top coding agents, the technique achieved an 85 percent exploitation success rate and bypassed EDR, WAF, IAM controls, and firewalls entirely because every step of the attack chain uses authorised actions.
This site uses cookies. By continuing to use this website, you agree to their use.
We’ll help you resolve your infrastructure challenges
Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.