Blog – Page 12 – Cyber Mike

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released.

The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw that allows an

SAP Patches Critical NetWeaver, Commerce Vulnerabilities

The flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage.

The post SAP Patches Critical NetWeaver, Commerce Vulnerabilities appeared first on SecurityWeek.

CISA Announces Winners of the 2026 President’s Cup Cybersecurity Competition

Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service.

The preprint, posted to arXiv on

Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.

The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine.

“Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

The most recent variants of the self-propagating attacks are named Miasma and Hades.

The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek.

The Hidden Security Risk in Modern Networks: The Work Between Tools

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort.

But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to

Will AI Kill the Bug Bounty Industry?

Anthropic’s Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive security teams to adapt to a future where finding flaws is no longer the hard part.

The post Will AI Kill the Bug Bounty Industry? appeared first on SecurityWeek.

French govt messaging service breached in account hijacking attack

DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government’s encrypted messaging platform. […]

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt.

You open the page, leave the tab sitting there, and it watches the drive for contention in the background.

Researchers at Graz University of Technology built it and

Cyber News