NCI Warns of Increased Threats to Critical Infrastructure Amid Middle East Conflict
A joint advisory from NCI highlights that the ongoing conflict in the Middle East raises risks for critical infrastructure globally. Organizations may face increased cyberattacks from Iranian state actors, hacktivists, and aligned cybercriminal groups. There is also a risk of physical attacks targeting public spaces and critical infrastructure. Organizations are advised to increase preparedness and monitoring.
Source: NCI Advisory

Poisoned Typeface Shows How Fonts Can Compromise AI Systems
Researchers demonstrated how custom fonts and CSS can embed malicious instructions visible to users while AI systems process benign content. This technique enables prompt injection and could lead to data leakage or execution of malicious code, affecting all tested AI assistants.
Source: LayerX Security

Critical File Browser Flaw Grants Automatic Admin Privileges
A vulnerability tracked as CVE-2026-32760 with a CVSS score of 10 allows any newly registered user to gain full administrative privileges due to a logic flaw in the registration process. This could result in complete system takeover without technical complexity.
Source: SecurityOnline

LeakNet Ransomware Uses ClickFix and Deno for Stealthy Attacks
The LeakNet ransomware group uses the ClickFix technique for initial access and leverages the Deno runtime to execute malicious payloads directly in memory. This reduces forensic traces on disk and makes detection more difficult.
Source: BleepingComputer

Authlib Flaws Enable Token Forgery and Authentication Bypass
Three critical vulnerabilities in the widely used Authlib library could allow attackers to bypass authentication, forge JWT tokens, and decrypt sensitive data. Given the library’s extensive use, the impact on global web infrastructure could be significant.
Source: SecurityOnline