CyberNews: 06/07/2026 Edition
Today’s roundup
Summary
Researchers at Shandong University developed TrojPix, a novel technique to exfiltrate data from air-gapped systems. It subtly alters on-screen pixels to radiate faint radio signals via video cables, decodable by a nearby receiver, requiring prior malware infection.
LevelBlue flagged QuimaRAT, a new Java-based Remote Access Trojan (RAT) offered as Malware-as-a-Service (MaaS). It targets Windows, Linux, and macOS environments, with subscription costs from $150 to $1,200.
A vulnerability in Opera GX allowed malicious sites to silently install browser add-ons, enabling data theft from visited pages, such as Gmail addresses. Opera patched the flaw, with no evidence of in-the-wild exploitation found.
Hong Kong University researchers unveiled "SkillCloak," a self-extracting packing technique allowing malicious AI agent skills to evade over 90% of static scanners. This highlights a significant challenge in AI security, though a runtime checker was also developed.
runZero disclosed seven vulnerabilities in FatFs, a critical open-source filesystem library widely used in IoT and embedded devices. These flaws (CVE-2026-6682, -6687, CVSS Medium to High) can lead to memory corruption, crashes, or data leaks via crafted storage or OTA updates. A major concern is the lack of upstream patches for six CVEs and an unresponsive maintainer, complicating vendor patching. PoCs are available; no in-the-wild attacks reported.
A critical Linux kernel vulnerability, "Bad Epoll" (CVE-2026-46242), allows local unprivileged attackers root access on Linux systems and Android devices (kernels 6.4+). This use-after-free race condition in the epoll subsystem has a highly reliable PoC (99% success) by Jaeyoung Chung, exploitable from Chrome's sandbox. Notably, AI missed this bug. Security updates are available; no active exploitation confirmed.
Medtronic is notifying nearly 3.83 million individuals after a data breach by ShinyHunters in April 2026. An unauthorized party accessed corporate IT systems, exposing patient names, contact details, dates of birth, Social Security numbers, and health information. Medtronic stated products and operations were unaffected. The company offers 24 months of credit/dark web monitoring, with no evidence of public data release.
Want to dig deeper?
Vulnerabilities
| CVE-2026-6682 | High |
| CVE-2026-46242 | High |