Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards.

The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built on

The Hacker News – ​Read More

New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out.

Bad Epoll sits in the same small stretch of kernel code where Anthropic’s most powerful AI model, Mythos, recently found a different bug.

The AI caught one flaw and missed

The Hacker News – ​Read More

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that’s distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls.

Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one

The Hacker News – ​Read More

FBI Seizes NetNut Domains as Google Disrupts 2M Device Proxy Network

FBI and Google disrupt NetNut after domains linked to its residential proxy network are seized, exposing abuse of 2 million TVs and streaming devices worldwide.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

This GoPro Hero13 Black Action bundle is $100 off (and it’s perfect for documenting summer adventures)

You can pick up a GoPro camera bundle for under $400 at Best Buy during the July 4th weekend.

Latest news – ​Read More

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft.

According to JFrog, the packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” mimic the legitimate “rollup-plugin-polyfill-node” project, down to the description, repository metadata, and

The Hacker News – ​Read More

My canvas art TV gets endless compliments, and it’s cheaper than Samsung’s Frame TV

The Hisense Canvas Art TV is on sale for $350 off during July 4th weekend.

Latest news – ​Read More

In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting

Noteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting.

The post In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting appeared first on SecurityWeek.

SecurityWeek – ​Read More

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan.

“Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations,” Kaspersky said in a technical analysis published today. ”

The Hacker News – ​Read More

This E Ink tablet replaced my iPad and Kindle – and it’s 30% off on Amazon right now

If you’re in the market for a tablet, look no further than the TCL Nxtpaper 11 Plus, especially at this price for the Fourth of July.

Latest news – ​Read More