Originally reported by The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates
TL;DR
Google confirms active exploitation of Chrome zero-day CVE-2026-3909 affecting Skia rendering. Meanwhile, North Korean Konni group leverages KakaoTalk for malware distribution and GlassWorm campaign injects malware into hundreds of Python repositories using stolen GitHub tokens.
Google confirms active exploitation of Chrome zero-day CVE-2026-3909, making this critical. Combined with North Korean APT campaigns and widespread Python supply chain attacks targeting developer infrastructure.
Google has confirmed active exploitation of CVE-2026-3909, an out-of-bounds write vulnerability in Chrome's Skia graphics library. Microsoft's security update guide notes that "Google is aware that an exploit for CVE-2026-3909 exists in the wild," indicating immediate patching priority for organizations running Chromium-based browsers.
South Korean threat intelligence firm Genians has attributed a sophisticated campaign to the North Korean Konni group, which combines spear-phishing with abuse of legitimate messaging infrastructure. The operation begins with phishing emails designed to compromise targets, then leverages access to victims' KakaoTalk desktop applications to distribute malicious payloads to specific contacts. This technique transforms compromised users into unwitting distribution nodes, amplifying the campaign's reach through trusted communication channels.
StepSecurity researchers have documented the GlassWorm campaign, which exploits stolen GitHub authentication tokens to inject malware into hundreds of Python repositories. The attack targets critical files including setup.py, main.py, and app.py across Django applications, machine learning research code, Streamlit dashboards, and PyPI packages. The malware uses obfuscated code appended to legitimate files, creating a supply chain risk for any developer or system executing the compromised code.
Pentera's AI and Adversarial Testing Benchmark Report 2026 reveals a critical gap between AI adoption and security preparedness among 300 surveyed US CISOs and senior security leaders. The research highlights that organizations are deploying AI systems faster than they can develop appropriate security controls, creating potential attack vectors in enterprise environments.
Microsoft's Detection and Response Team (DART) has documented a sophisticated voice phishing campaign targeting Microsoft Teams users. The attack demonstrates how threat actors exploit trusted communication platforms and social engineering techniques to achieve identity-based compromises, bypassing traditional email security controls.
SANS researchers have identified attackers using IPv4-mapped IPv6 addresses to potentially obfuscate proxy scanning activities. These addresses, defined in RFC 4038, serve as transition mechanisms for IPv6 deployment but can be abused to complicate detection and attribution efforts in network security monitoring.
Several notable CVEs have been disclosed:
CVE-2026-23943: Pre-authentication SSH denial of service through unbounded zlib inflationCVE-2026-4105: Systemd privilege escalation via improper access control in RegisterMachine D-Bus methodCVE-2026-2673: OpenSSL TLS 1.3 server key agreement group selection issueCVE-2026-32249: Vim null pointer dereference in NFA regex engine affecting versions prior to 9.2.0137CVE-2026-23941: HTTP request smuggling vulnerability in Erlang/OTP inets httpdCVE-2026-1703: Limited path traversal vulnerability when installing wheel archivesOriginally reported by The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates