The discovery of Typhlichthys styx shows that cave-adapted species can continue evolving and splitting into new species, with underground aquifers playing a crucial role in that process.
Get the latest international news and world events from around the world.
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
A RoguePlanet PoC exploit targets a Microsoft Defender zero-day race condition and can produce a SYSTEM-level shell when successful.
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released.
The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025–8088, a path traversal flaw that allows an attacker to write files outside the extraction directory via NTFS Alternate Data Streams (ADS). It was patched by WinRAR in July 2025.
The findings show “how unmanaged software keeps an exploited entry point open long after the fix ships,” Trend Micro researchers Hiroyuki Kakara and Feike Hacquebord said in an analysis published Monday.
Chrome V8 Zero-Day CVE-2026–11645 Exploited in the Wild — Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2026–11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine.
“Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page,” reads a description of the flaw in the NIST’s National Vulnerability Database (NVD).
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines.
The incident occurred on June 5, and it was contained within just 105 seconds. The company told BleepingComputer that the repositories were removed due to concerns that they distributed “potential malicious content.”
Multiple researchers confirmed that the repos were pulled after a compromise during a Miasma/Shai-Hulud supply-chain campaign.