Blog – Page 14 – Cyber Mike

One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container.

The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June 8, and it is not even

WhatsApp says it disrupted new NSO spyware phishing attacks

WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. […]

A Security Raises $37 Million for Autonomous Offensive Security Platform

The company founded by Yossi Torati, Omer Gull, and Yuval Itzchakov has emerged from stealth mode.

The post A Security Raises $37 Million for Autonomous Offensive Security Platform appeared first on SecurityWeek.

Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order

Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group.

In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users.

“They tried to trick people into clicking on malicious links to drive them to external websites

Gogs patches critical zero-day enabling remote code execution

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). […]

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. […]

Everybody Is Vibe Coding But Nobody Told the Security Team

AI-driven development is not something organizations can or should block. But it must be governed.

The post Everybody Is Vibe Coding But Nobody Told the Security Team appeared first on SecurityWeek.

Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.

The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user

Reducing security operations complexity with Wazuh Cloud

Security teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM/XDR operations through managed infrastructure, automated scaling, and AI-driven security analysis. […]

WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order

The Meta-owned communications app is filing a federal court contempt order against NSO.

The post WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order appeared first on SecurityWeek.

Cyber News