❌

Reading view

↗️

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

βœ‡The Hacker News
By: Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an

  •  
  • ↗️
↗️

Trellix Confirms Source Code Breach With Unauthorized Repository Access

βœ‡The Hacker News
By: Ravie Lakshmanan
Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to resolve the matter immediately. It also said it has notified law enforcement of the matter. Trellix did not disclose the

  •  
  • ↗️
↗️

For vulnerability research, smaller models run repeatedly can outperform larger frontier models on cost-to-recall.

βœ‡/r/netsec - Information Security News & Discussion
By: /u/EliteRaids

TL;DR: If a large model finds a 0-day with 90% probability, and a small model with 50% probability, but the small model costs 10x less, it is better to use the small model.

We compared the cost and recall of various models in finding real, recent zero-days and found that for most applications, smaller models run repeatedly can significantly outperform larger frontier models on cost-to-recall.

Disclaimer: I'm involved with Hacktron, the company that produced this research. This is a factual presentation of our benchmarks, which we hope the community can use to make informed decisions about models like Mythos.

submitted by /u/EliteRaids
[link] [comments]
  •  
  • ↗️
↗️

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

βœ‡The Hacker News
By: Ravie Lakshmanan
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000 Facebook accounts are

  •  
  • ↗️
↗️

How we test AI at ZDNET

βœ‡ZDNet | security RSS
AI is the hottest topic in tech with new models and products launching daily. Here's how we test the latest AI developments at ZDNET.
  •  
  • ↗️
↗️

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

βœ‡The Hacker News
By: Ravie Lakshmanan
Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and

  •  
  • ↗️
↗️

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

βœ‡The Hacker News
By: Ravie Lakshmanan
Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster it tracks under the temporary designation SHADOW-EARTH-053. The adversarial collective is assessed to

  •  
  • ↗️
❌