Security insights, vulnerability roundups, and updates from the Agent Breach team.
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.
CISA has added a critical remote code execution vulnerability affecting PTC Windchill PDMlink and FlexPLM to its Known Exploited Vulnerabilities catalog, with evidence of active exploitation in the wild. Organizations using these enterprise PDM and PLM platforms face immediate risk from attackers deploying web shells.
OpenAI has launched three variants of GPT-5.6—Sol, Terra, and Luna—with limited access to select companies under U.S. government coordination. The flagship Sol model prioritizes enhanced cybersecurity safeguards alongside advanced capabilities.
Ukrainian and U.S. authorities uncovered a sustained campaign by Russian intelligence using SMS-based social engineering to steal credentials from government, military, and activist messaging accounts. The operation targeted officials across Ukraine, Europe, and the United States.
A high-severity vulnerability in Amazon Q Developer allowed attackers to execute arbitrary code and steal cloud credentials through malicious Model Context Protocol configurations. Amazon has patched CVE-2026-12957 (CVSS 8.5) following responsible disclosure.
CVE-2026-46331, a critical out-of-bounds write vulnerability in the Linux kernel's packet-editing subsystem, allows unprivileged local users to escalate privileges to root. A working exploit was publicly released within 24 hours of CVE assignment, putting unpatched systems at immediate risk.
A Chinese-speaking APT group has deployed a new custom backdoor called TinyRCT to compromise government entities and critical infrastructure operators across Southeast Asia. The campaign, attributed to threat actor CL-STA-1062, primarily targets energy and government sectors in the region.
Security researchers have identified a new malware loader called SharkLoader being used in targeted attacks against diplomatic and government organizations. The campaign, tracked as StrikeShark, deploys Cobalt Strike Beacon for post-compromise command and control.
Russian intelligence operatives are escalating phishing campaigns against Signal users by stealing backup recovery keys to hijack accounts and access encrypted message histories. The FBI and CISA warn that compromised keys grant persistent access to private communications and account takeover.
Security researchers discovered that Adblock for YouTube, a Chrome extension with over 10 million installations and a Chrome Web Store Featured badge, contains dormant arbitrary JavaScript execution capabilities. The vulnerability exposes users to potential malicious code injection despite the extension's benign stated purpose.