A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System.
The post No Patch for New PhantomRPC Privilege Escalation Technique in Windows appeared first on SecurityWeek.
Category Added in a WPeMatico Campaign
Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
Federal prosecutors have been conducting a preliminary investigation since mid-February 2026 into alleged cyberattacks on Signal accounts.
The post Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials appeared first on SecurityWeek.
Spectrum Security Emerges From Stealth Mode With $19 Million
The threat detection startup will invest in accelerating its engineering and go-to-market efforts.
The post Spectrum Security Emerges From Stealth Mode With $19 Million appeared first on SecurityWeek.
Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak
The ShinyHunters cybercrime group claimed to have stolen 9 million records containing personal information from Medtronic.
The post Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak appeared first on SecurityWeek.
Incomplete Windows Patch Opens Door to Zero-Click Attacks
The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries.
The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on SecurityWeek.
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators.
The post OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years appeared first on SecurityWeek.
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
The tech giant found that many indirect prompt injection attempts are harmless, but some malicious exploits have also been identified.
The post Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google appeared first on SecurityWeek.
Energy and Water Management Firm Itron Hacked
Itron, which serves utilities and cities around the world, discovered unauthorized access to its systems on April 13.
The post Energy and Water Management Firm Itron Hacked appeared first on SecurityWeek.
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access.
The post UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware appeared first on SecurityWeek.
Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages.
The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared first on SecurityWeek.