Cybersecurity Newsfeed - 11/05/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 11/05/26
🛡️ Vulnerabilities
Ollama Out-of-Bounds Read: A high-severity flaw was discovered in Ollama, a framework for running LLMs locally. The bug involves improper handling of input tensors during inference, which could lead to system crashes or memory leaks. More info
“Dirty Frag” Linux Kernel Exploit: Qualys researchers detailed a technique that exploits the Linux kernel’s page cache. By manipulating memory fragmentation, attackers can achieve unauthorized data access or privilege escalation. More info
CISA KEV Update (CVE-2026-42208): CISA added a new vulnerability to its Known Exploited Vulnerabilities catalog. This flaw allows for remote code execution and is being actively leveraged by advanced persistent threat actors. More info
Edge Plaintext Password Storage: Security researchers found that Microsoft Edge stores passwords in plaintext within system memory. Microsoft stated this is “by design,” leading to debates regarding defense-in-depth strategies. More info
Analysis of CVE-2025-68670: Kaspersky provided a deep dive into this vulnerability, which is used in targeted attacks to bypass Windows security mitigations and achieve kernel-level execution. More info
🎯 Adversaries
CrateStealer Targets macOS via Google Ads: Cybercriminals are using fraudulent Google Ads for “Claude AI” to lure macOS users to phishing domains that deliver Python-based CrateStealer malware. More info
Fake OpenAI Repository on Hugging Face: A typosquatted repository impersonating OpenAI was found distributing infostealers. It targets AI developers to exfiltrate session tokens and environment variables. More info
RansomHouse Claims Trellix Breach: The extortion group claims to have breached cybersecurity firm Trellix, sharing screenshots of internal systems as proof of data exfiltration. More info
TCLBanker Hits Financial Institutions: A new banking trojan is using sophisticated redirection and script injection to capture multi-factor authentication codes and banking credentials in real-time. More info
Pamdoora Linux Backdoor: This new malware utilizes Pluggable Authentication Modules (PAM) to maintain stealthy persistence and intercept login credentials on Linux servers. More info
📈 Trends
ClickFix “Troubleshooting” Scams: A new social engineering tactic uses fake macOS troubleshooting sites to trick users into running malicious terminal commands that steal iCloud session tokens. More info
AI Supply Chain Risks: A security incident at Braintrust has raised significant alarms regarding the integrity of the AI software supply chain and the potential for downstream client impact. More info
Abuse of Software Distribution Hubs: The hijacking of the JDownloader site to bundle malware with legitimate installers highlights the growing threat of web-based supply-chain attacks. More info
💥 Breaches & Leaks
Zara Data Breach: Fashion retailer Zara disclosed a breach affecting 197,000 individuals. The exposure originated from a third-party marketing database and included contact details and transaction history. More info
NVIDIA GeForce NOW Exposure: NVIDIA confirmed a localized data breach affecting users in Armenia due to a regional service provider’s infrastructure compromise. More info
ClickUp API Key Leak: Improperly secured environment files and public repositories led to the exposure of ClickUp API keys, potentially allowing unauthorized access to private project data. More info
📚 Others
- CrimeNetwork Marketplace Dismantled: International law enforcement successfully shut down a rebooted version of the CrimeNetwork underground market and arrested its primary administrator. More info