Today’s roundup
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover
StegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two Years
SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel
Top Google Security Staff Warn Search Data Could Be Hacked if EU Rules Change
Why Post-Quantum Cryptography Starts With Credentials
Summary
A public proof-of-concept (PoC) has been released for CVE-2026-55200, a critical client-side SSH vulnerability in libssh2 (CVSS 4.0, 9.2). This flaw allows a malicious SSH server to trigger memory corruption on a connecting client, potentially leading to code execution without user interaction. It affects libssh2 versions up to and including 1.11.1. The PoC's availability escalates the immediate threat, urging urgent updates.
Luxury car manufacturer Jaguar Land Rover has suffered a destructive cyberattack, believed by experts to be from Kremlin-backed Russian hackers. The incident involved novel ransomware, strategic timing, and efforts to obscure attribution, indicating a high-impact event with geopolitical undertones targeting industrial operations.
Microsoft has dismantled the "StegoAd" campaign, a sophisticated, two-year operation involving 119 malicious Edge browser extensions with 2.6 million installs. Attackers used steganography, embedding JavaScript payloads in image, WebP, and WOFF2 files, which activated days post-installation. This campaign included an RCE backdoor, ad fraud, and credential theft from Google and WordPress logins, exfiltrating data to mitarchive.info. Linked to the Chinese "DarkSpectre" operation, it showed advanced evasion techniques and consistent adaptation. Users should check extensions, change passwords, and consider hardware security keys for 2FA.
A systematic and ongoing Russian intelligence campaign targeting messaging accounts of government officials, military personnel, politicians, and activists across Ukraine, Europe, and the US has been jointly exposed by the SSU and FBI. This intelligence collection operation uses low-tech social engineering via SMS impersonation and QR codes. A key escalation is the shift to stealing Signal Backup Recovery Keys for persistent access to message histories. Attribution is linked to FSB-associated groups like UNC5792, UNC4221, and Star Blizzard. Users are advised to secure accounts with strong 2FA and be vigilant against phishing.
Google security staff warn that proposed European Union pro-competition regulations could increase hacking risks for Google Search data and Android systems. The company asserts that opening these platforms, as required by new EU rules, might introduce significant privacy flaws, creating new attack vectors. This highlights the complex balance between regulatory demands for competition and maintaining robust cybersecurity.
Experts urge migration to post-quantum cryptography (PQC) for credentials and encrypted data due to the looming threat from advanced quantum computers. While current quantum hardware cannot break existing public-key cryptography, its rapid progress means ciphertext and credentials captured today could be compromised by future quantum machines. Protecting these foundational elements is crucial for organizations preparing for a quantum-safe future.
Want to dig deeper?
Vulnerabilities
Cyber Groups