Today’s roundup
SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now
Copy Fail: New Linux bug enables Root via page‑cache corruption
Discovering Vulnerabilities in Enterprise Audiovisual Hardware
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
FBI links cybercriminals to sharp surge in cargo theft attacks
Anthropic launches Claude Security to counter rapid AI-Powered exploits
Summary
SonicWall has released urgent firmware updates for three SonicOS vulnerabilities affecting Gen 6, 7, and 8 firewalls. The flaws, including CVE-2026-0204 (CVSS 8.0), could allow attackers to bypass security controls, access restricted services, or crash devices. Immediate patching is strongly recommended.
Researchers discovered "Copy Fail" (CVE-2026-31431, CVSS 7.8), a critical Linux kernel flaw enabling local unprivileged users to achieve root privilege escalation. Active since 2017, the bug corrupts page cache data in memory without altering disk files, making detection difficult. Major Linux distributions are affected, and a proof-of-concept exists.
Significant vulnerabilities were uncovered in enterprise audiovisual hardware, including unauthenticated RCE (CVE-2026-26461) in Aver PTC320UV2 cameras and a command injection with hardcoded credentials in Crestron TSW-1060 tablets. These findings highlight pervasive insecure defaults and overlooked attack surfaces in meeting room technology.
A Brazilian anti-DDoS firm, Huge Networks, has been linked to a Mirai-based botnet responsible for extensive DDoS attacks against Brazilian ISPs. Evidence suggests compromised infrastructure and SSH keys of the CEO, Erick Nascimento, were used to enable these campaigns, despite his claims of a security breach.
Two former cybersecurity incident response professionals, Ryan Goldberg and Kevin Martin, received four-year prison sentences for their roles in facilitating BlackCat (ALPHV) ransomware attacks against U.S. companies. They exploited their expertise from companies like Sygnia and DigitalMint to deploy ransomware between April and December 2023.
A new software supply chain attack campaign, attributed to "BufferZoneCorp," is exploiting CI pipelines through malicious Ruby gems and Go modules. Attackers use "sleeper packages" to deliver payloads enabling credential theft, GitHub Actions tampering, and SSH persistence, targeting development infrastructure.
The popular Python package "Lightning" (PyTorch Lightning) was compromised in a supply chain attack, with malicious versions 2.6.2 and 2.6.3 published on April 30, 2026. This campaign, reported by multiple security firms, aims to steal credentials from users of the affected packages.
The TeamPCP threat group has expanded its software supply chain attacks, dubbed "Mini Shai-Hulud," to compromise several npm packages within SAP's cloud application development ecosystem. This targets vital development and enterprise software infrastructure.
The FBI has issued a warning regarding a sharp increase in cyber-enabled cargo theft, primarily targeting the transportation and logistics industry in the U.S. and Canada. Cybercriminals are compromising broker and carrier systems to post fraudulent freight listings, resulting in estimated losses of nearly $725 million in 2025.
Anthropic launched Claude Security, now in public beta for Enterprise customers, to combat the rise of AI-powered cyberattacks. Utilizing the Claude Opus 4.7 model, the service provides AI-driven code scanning and vulnerability remediation, integrating with platforms like CrowdStrike and Microsoft Security, to help defenders keep pace with advanced threats.
Want to dig deeper?
Vulnerabilities
Malware Families