DEV Community: BeyondMachines

M3rx Ransomware Group Claims Breach of Australian Toy Distributor KB Toys

BeyondMachines — Mon, 11 May 2026 12:01:08 +0000

Summary

The Australian toy distributor KB Toys was targeted by the M3rx ransomware group, resulting in the alleged theft of 140 GB of sensitive business data and invoices.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

JDownloader Website Hijacked to Distribute Malware via CMS Exploit

BeyondMachines — Sun, 10 May 2026 20:01:08 +0000

Summary

JDownloader's official website was compromised via a CMS vulnerability, allowing attackers to replace legitimate Windows and Linux installers with malware-laden versions. Existing installations remain safe due to cryptographic signing, users who downloaded and executed the affected files on May 6-7 are advised to change all passwords, and enable multi-factor authentication or reinstall their operating systems.

Take Action:

If you downloaded and ran the JDownloader Windows Alternative Installer or Linux shell script between May 6 and May 7, 2026, you should assume your system is compromised. Remove the systems, or ideally reinstall your system. Standard antivirus scans cannot guarantee the removal of this malware. Affected users must change all passwords and enable multi-factor authentication (MFA) on all accounts.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

MemberSource Credit Union Ransomware Attack Exposes 50 GB of Member Data

BeyondMachines — Sun, 10 May 2026 16:01:08 +0000

Summary

MemberSource Credit Union suffered a ransomware attack by the Safepay group that resulted in the theft of 50 GB of sensitive data, including Social Security numbers and financial account details. The breach affected branch networks but did not compromise the institution's core member management system.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Critical Rancher Fleet Vulnerability Allows Full Kubernetes Cluster Takeover

BeyondMachines — Sun, 10 May 2026 15:01:07 +0000

Summary

SUSE Rancher Fleet contains a critical vulnerability (CVE-2026-41050) that allows attackers to bypass multi-tenant isolation and gain cluster-admin privileges by exploiting the Helm deployer's failure to enforce ServiceAccount impersonation.

Take Action:

If you're using Rancher Fleet to manage Kubernetes clusters, update ASAP to a patched version (Fleet 0.11.13/0.12.14/0.13.10/0.14.5, or Rancher 2.10.11/2.11.13/2.12.9/2.13.5/2.14.1). If you can't patch right away, disable Fleet-monitored repositories for untrusted tenants, audit your Helm charts for use of the lookup function, and rotate any secrets that may have been exposed.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

AWS Data Center Overheating Disrupts Global Financial Platforms

BeyondMachines — Sun, 10 May 2026 14:01:08 +0000

Summary

AWS experienced a major service disruption in its Northern Virginia region due to data center overheating and power loss, impacting global platforms like Coinbase and CME Group.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

NVIDIA GeForce NOW Regional Partner Breach Exposes Armenian User Data

BeyondMachines — Sun, 10 May 2026 13:01:07 +0000

Summary

NVIDIA confirmed a data breach at its Armenian partner, GFN.am, which exposed personal information of GeForce NOW users.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Fake Recruiter Campaign on LinkedIn Delivers Info-Stealers via Hijacked Accounts

BeyondMachines — Sun, 10 May 2026 08:01:08 +0000

Summary

A malware campaign on LinkedIn impersonates known brands to deliver info-stealers through hijacked accounts, Google Forms, and bloated ZIP files. The attack targets session cookies and credentials to bypass MFA and gain persistent access to corporate and personal accounts.

Take Action:

Never trust unexpected social media and messenger messages, even from people you know. Hijacked accounts are how this scam spreads. Don't rush, don't fill out forms from strangers, and NEVER download or run executable files (.exe) sent by a "recruiter". Legitimate companies never send EXEs to job candidates.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Dirty Frag Vulnerability Class Enables Root Escalation Across Major Linux Distributions

BeyondMachines — Fri, 08 May 2026 15:01:08 +0000

Summary

Linux systems face a new root escalation threat called "Dirty Frag," which chains two vulnerabilities (CVE-2026-43284 and CVE-2026-43500) to overwrite read-only page cache data in memory. The flaws allow unprivileged users to modify critical system files like /etc/passwd or /usr/bin/su in RAM to gain full administrative control.

Take Action:

Disable the esp4, esp6, and rxrpc kernel modules immediately to block the "Dirty Frag" exploit path if you do not use IPsec or AFS. Note that this mitigation will disable IPsec VPNs and AFS file systems. After applying the latest kernel updates from your vendor, ensure you clear the system page cache to remove any unauthorized memory modifications.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Ivanti Issues Emergency Patches for Actively Exploited EPMM Zero-Day

BeyondMachines — Fri, 08 May 2026 10:01:08 +0000

Summary

Ivanti disclosed five high-severity vulnerabilities in its Endpoint Manager Mobile platform, including an actively exploited zero-day (CVE-2026-6973) that allows remote code execution.

Take Action:

If you are running Ivanti Endpoint Manager Mobile (EPMM), it’s time for an emergency patch. There are five new high-severity vulnerabilities, and one is already being actively exploited. If possible isolate its management interface from the public internet. Patch to the latest version today and rotate all administrative credentials to block attackers who may have already gained a foothold.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Critical WebSocket Hijack Flaw in Cline Kanban AI Agent Allows Remote Code Execution

BeyondMachines — Fri, 08 May 2026 08:01:08 +0000

Summary

A critical vulnerability in the Cline Kanban server (CVSS 9.7) allows malicious websites to hijack AI coding agents and execute arbitrary commands on a developer's machine.

Take Action:

If you're using Cline's Kanban component, immediately update the Kanban npm package to version 0.1.66 or later. Also, turn off the "Enable bypass permissions" setting so the AI agent can't run shell commands without your manual approval.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Google Chrome 148 Released with 127 Security Fixes

BeyondMachines — Thu, 07 May 2026 16:01:08 +0000

Summary

Google Chrome 148 patched 127 security vulnerabilities, including three critical flaws in Blink, Mobile, and Chromoting that could allow arbitrary code execution. The update also patches dozens of high-severity issues in V8, ANGLE, and WebRTC to prevent memory corruption and data leaks.

Take Action:

A huge patch for Chrome and Chromium based browsers (Edge, Opera, Brave, Vivaldi...). Don't delay, it has three critical flaws and a whole list bunch of others. Don't wait. Updating the browser is easy, all your tabs reopen after the patch.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Braintrust Security Breach: AI Startup Urges Global API Key Rotation

BeyondMachines — Thu, 07 May 2026 12:01:28 +0000

Summary

Braintrust confirmed unauthorized access to an AWS account containing customer API keys, prompting a global advisory for all users to rotate their secrets to prevent downstream exploitation.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines