Aggregator

You must login to view this content

BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day (CVE-2024-12356) that was flagged after having been exploited by China-nexus threat actors to breach the US Treasury Department in late 2024, this newest vulnerability was discovered and privately disclosed by a security researcher. About CVE-2026-1731 BeyondTrust Privileged … More →

The post BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) appeared first on Help Net Security.

Roundcube, one of the world’s most popular open-source webmail solutions, has released critical security updates to address a privacy bypass vulnerability. The flaw detailed by NULL CATHEDRAL allowed attackers to load remote images and track email opens, even when users had explicitly configured their settings to “Block remote images.” The vulnerability affects Roundcube Webmail versions […]

The post Roundcube Webmail Vulnerability Let Attackers Track Email Opens appeared first on Cyber Security News.

Development activity on the Linux kernel continues into early 2026 with the stable release of version 6.19. Kernel maintainers have completed the pre-release cycle and merged the final set of changes into the mainline tree. The release follows the ongoing weekly rhythm of code submission and testing that supports Linux’s widespread use across servers, desktops, and embedded systems. In his announcement, Linus Torvalds noted that there were no significant disruptions in the final week of … More →

The post Linux kernel 6.19 reaches stable release, kernel 7.0 work is already underway appeared first on Help Net Security.

A sophisticated new malware strain dubbed “LTX Stealer” has emerged in the cyber threat landscape, utilizing a unique Node.js-based architecture to compromise Windows systems. First surfacing in early 2026, this malicious tool is designed to harvest sensitive user information, including login credentials, browser cookies, and cryptocurrency wallet data. The malware distinguishes itself by packaging a […]

The post New Node.js Based LTX Stealer Attack Users to Exfiltrate Login Credentials appeared first on Cyber Security News.