The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground

Executive summary The January 2026 seizure of RAMP disrupted a major ransomware coordination hub, but it did not dismantle the ecosystem behind it. Instead, it destabilized trust and accelerated fragmentation across the underground. Rather than consolidating around a single successor, ransomware...

How Security Tool Misuse Is Reshaping Cloud Compromise

Key Takeaways Legitimate secret-scanning tools such as TruffleHog have been operationalized in real-world cloud attack campaigns. Attack progression commonly follows a repeatable sequence: credential discovery, live validation, permission enumeration, and data access. Exposed long-lived access ke...

New: AI-Powered Patch Reliability Scoring—Predict Patch Impact Before You Deploy

What do advisory USN-7545-1 and Windows updates KB5065426 , KB5063878 , KB5055523 , and KB5066835 have in common? Based on anonymized Qualys telemetry from 2025, they were among the most frequently rolled-back patches , in other words, patches that had to be undone after deployment. Rollbacks...

[SECURITY] Fedora 42 Update: bustle-0.12.0-4.fc42

Bustle draws sequence diagrams of D-Bus activity, showing signal emissions, method calls and their corresponding returns, with timestamps for each individual event and the duration of each method call. This can help you check for unwanted D-Bus traffic, and pinpoint why your D-Bus-based applicati...

Following Dragons: Code Review-Guided Fuzzing

Modern fuzzers scale to large, real-world software but often fail to exercise the program states developers consider most fragile or security-critical. Such states are typically deep in the execution space, gated by preconditions, or overshadowed by lower-value paths that consume limited fuzzing...

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models LLMs and improve the overall trust in artificial intelligence AI systems. The tech giant's AI Security team said the scanner leverages three observable signals that ca...

AZL-75536 CVE-2026-24116 affecting package rust 1.90.0-3

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

CVE-2026-24116 Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

EUVD-2026-4773

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

Ubuntu 22.04 LTS / 24.04 LTS : GNU Screen vulnerabilities (USN-7978-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7978-1 advisory. It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in...

USN-7978-1: GNU Screen vulnerabilities

It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS...

USN-7978-1 screen vulnerabilities

It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS...

Azure Linux 3.0 Security Update: glib (CVE-2024-34397)

The version of glib installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34397 advisory. - An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus- based...

Unbreakable Enterprise kernel security update

5.4.17-2136.351.3.2 - tipc: Fix use-after-free in tipcmonreinitself. Kuniyuki Iwashima Orabug: 38855323 CVE-2025-40280 - tipc: simplify the finalize work queue Xin Long Orabug: 38855323 - vsock: Ignore signal/timeout on connect if already established Michal Luczaj Orabug: 38855319 CVE-2025-40248 ...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003874)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003874 advisory. A flaw was found in the way memory resources were freed in the unixstreamrecvmsg function in the Linux kernel when a signal was pending. This flaw allows an...

Why Serverless Risk Demands Identity-Aware Security at Cloud Scale

Key Takeaways Serverless shifts security risk from infrastructure to identity, permissions, and configuration, where small design choices can have an outsized impact. Short-lived cloud credentials reduce persistence but remain powerful; when exposed, they enable authenticated access, escalation,...

Memory Re-orderings as a Timerless Side-channel

Summary Researchers have provided AMD with a paper titled “MEMORY DISORDER: Memory Re-orderings as a Timerless Side-channel” In this work, the authors introduced MEMORY DISORDER, a timerless side-channel attack that exploits memory re-orderings to infer activity on other processes. They showed th...

Operational Runtime Behavior Mining for Open-Source Supply Chain Security

Open-source software OSS is a critical component of modern software systems, yet supply chain security remains challenging in practice due to unavailable or obfuscated source code. Consequently, security teams often rely on runtime observations collected from sandboxed executions to investigate...