CyberNews: 06/07/2026 Edition

Published by Dunateo on 2026-07-06

Today’s roundup

  • New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
  • New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
  • Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
  • SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
  • Seven Bugs in FatFs Put IoT and Embedded Devices at Risk
  • Bad Epoll Flaw Gives Attackers Root Access on Linux and Android
  • Medtronic Notifies 3.8 Million After ShinyHunters Data Breach
  • Summary

    Researchers at Shandong University developed TrojPix, a novel technique to exfiltrate data from air-gapped systems. It subtly alters on-screen pixels to radiate faint radio signals via video cables, decodable by a nearby receiver, requiring prior malware infection.

    LevelBlue flagged QuimaRAT, a new Java-based Remote Access Trojan (RAT) offered as Malware-as-a-Service (MaaS). It targets Windows, Linux, and macOS environments, with subscription costs from $150 to $1,200.

    A vulnerability in Opera GX allowed malicious sites to silently install browser add-ons, enabling data theft from visited pages, such as Gmail addresses. Opera patched the flaw, with no evidence of in-the-wild exploitation found.

    Hong Kong University researchers unveiled "SkillCloak," a self-extracting packing technique allowing malicious AI agent skills to evade over 90% of static scanners. This highlights a significant challenge in AI security, though a runtime checker was also developed.

    runZero disclosed seven vulnerabilities in FatFs, a critical open-source filesystem library widely used in IoT and embedded devices. These flaws (CVE-2026-6682, -6687, CVSS Medium to High) can lead to memory corruption, crashes, or data leaks via crafted storage or OTA updates. A major concern is the lack of upstream patches for six CVEs and an unresponsive maintainer, complicating vendor patching. PoCs are available; no in-the-wild attacks reported.

    A critical Linux kernel vulnerability, "Bad Epoll" (CVE-2026-46242), allows local unprivileged attackers root access on Linux systems and Android devices (kernels 6.4+). This use-after-free race condition in the epoll subsystem has a highly reliable PoC (99% success) by Jaeyoung Chung, exploitable from Chrome's sandbox. Notably, AI missed this bug. Security updates are available; no active exploitation confirmed.

    Medtronic is notifying nearly 3.83 million individuals after a data breach by ShinyHunters in April 2026. An unauthorized party accessed corporate IT systems, exposing patient names, contact details, dates of birth, Social Security numbers, and health information. Medtronic stated products and operations were unaffected. The company offers 24 months of credit/dark web monitoring, with no evidence of public data release.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-6682 High
    CVE-2026-46242 High