Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Critical vLLM Flaw E ...

 Firewall Daily

A newly disclosed security flaw has placed millions of AI servers at risk after researchers identified a critical vulnerability in vLLM, a widely deployed Python package for serving large language models. The issue, tracked as CVE-2026-22778 (GHSA-4r2x-xpjr-7cvv), enables remote code execution (RCE) by submitting a   show more ...

malicious video URL to a vulnerable vLLM API endpoint. The vulnerability affects vLLM versions 0.8.3 through 0.14.0 and was patched in version 0.14.1. The disclosure was released as breaking news and is still developing, with additional technical details expected as the investigation continues. Due to vLLM’s scale of adoption, reportedly exceeding three million downloads per month, the impact of CVE-2026-22778 is considered severe. What Is vLLM and Why CVE-2026-22778 Matters  vLLM is a high-throughput, memory-efficient inference engine designed to serve large language models efficiently in production environments. It is commonly used to address performance bottlenecks associated with traditional LLM serving, including slow inference speeds, poor GPU utilization, and limited concurrency. Compared to general-purpose local runners such as Ollama, vLLM is frequently deployed in high-load environments where scalability and throughput are critical. Because vLLM is often exposed through APIs and used to process untrusted user input, vulnerabilities like CVE-2026-22778 increase the attack surface. Any organization running vLLM with video or multimodal model support enabled is potentially affected. OX customers identified as vulnerable were notified and instructed to update their deployments.  Impact: Full Server Takeover via Remote Code Execution  CVE-2026-22778 allows attackers to achieve RCE by sending a specially crafted video link to a vLLM multimodal endpoint. Successful exploitation can result in arbitrary command execution on the underlying server. From there, attackers may exfiltrate data, pivot laterally within the environment, or fully compromise connected systems.  The vulnerability does not require authentication beyond access to the exposed API, making internet-facing deployments particularly at risk. Because vLLM is commonly used in clustered or GPU-backed environments, the blast radius of a single exploited instance may extend well beyond one server.  Technical Analysis  The root cause of CVE-2026-22778 is a chained exploit combining an information disclosure bug with a heap overflow that ultimately leads to remote code execution. According to OX Security, the first stage involves bypassing ASLR protections through memory disclosure. When an invalid image is submitted to a multimodal vLLM endpoint, the Python Imaging Library (PIL) raises an error indicating it cannot identify the image file.   In vulnerable versions, this error message includes a heap memory address. That address is located before libc in memory, reducing the ASLR search space and making exploitation more reliable. The patched code sanitizes these error messages to prevent leaking heap addresses.  With the leaked address available, the attacker proceeds to the second vulnerability. vLLM relies on OpenCV for video decoding, and OpenCV bundles FFmpeg 5.1.x. That FFmpeg release contains a heap overflow flaw in its JPEG2000 decoder.  JPEG2000 images use separate buffers for color channels: a large buffer for the Y (luma) channel and smaller buffers for the U and V (chroma) channels. The decoder incorrectly trusts the image’s cdef (channel definition) box, allowing channels to be remapped without validating buffer sizes. This means large Y channel data can be written into a smaller U buffer.  Because the attacker controls both the image geometry and the channel mapping, they can precisely control how much data overflows and which heap objects are overwritten. By abusing internal JPEG2000 headers and crafting specific channel values, the overflow can overwrite adjacent heap memory, including function pointers. Execution can then be redirected to a libc function such as system(), resulting in full RCE.  Affected Versions and Recommended Actions  The following vLLM Python package versions are affected:  Affected versions: vLLM >= 0.8.3 and < 0.14.1 Fixed version: vLLM 0.14.1 Organizations are strongly advised to update immediately to vLLM 0.14.1, which includes an updated OpenCV release addressing the JPEG2000 decoder flaw. If upgrading is not immediately feasible, disabling video model functionality in production environments is recommended until patching can be completed.  CVE-2026-22778 demonstrates how vulnerabilities in third-party media processing libraries can cascade into critical RCE flaws in AI infrastructure. For teams operating vLLM at scale, prompt remediation and careful review of exposed multimodal endpoints are essential to reducing risk. 

image for France Approves Soci ...

 Cyber Essentials

French lawmakers have approved a social media ban for children under 15, a move aimed at protecting young people from harmful online content. The bill, which also restricts mobile phone use in high schools, was passed by a 130-21 vote in the National Assembly and is expected to take effect at the start of the next   show more ...

school year in September. French President Emmanuel Macron has called for the legislation to be fast-tracked, and it will now be reviewed by the Senate. “Banning social media for those under 15: this is what scientists recommend, and this is what the French people are overwhelmingly calling for,” Macron said. “Our children’s brains are not for sale — neither to American platforms nor to Chinese networks. Their dreams must not be dictated by algorithms.” Why France Introduced a Social Media Ban for Children The new social media ban for children in France is part of a broader effort to address the negative effects of excessive screen time and harmful content. Studies show that one in two French teenagers spends between two and five hours daily on smartphones, with 58% of children aged 12 to 17 actively using social networks. Health experts warn that prolonged social media use can lead to reduced self-esteem, exposure to risky behaviors such as self-harm or substance abuse, and mental health challenges. Some families in France have even taken legal action against platforms like TikTok over teen suicides allegedly linked to harmful online content. The French legislation carefully exempts educational resources, online encyclopedias, and platforms for open-source software, ensuring children can still access learning and development tools safely. Lessons From Australia’s Social Media Ban for Children France’s move mirrors global trends. In December 2025, Australia implemented a social media ban for children under 16, covering major platforms including Facebook, Instagram, TikTok, Snapchat, Reddit, Threads, X, YouTube, and Twitch. Messaging apps like WhatsApp were exempt. Since the ban, social media companies have revoked access to about 4.7 million accounts identified as belonging to children. Meta alone removed nearly 550,000 accounts the day after the ban took effect. Australian officials said the measures restore children’s online safety and prevent predatory social media practices. Platforms comply with the ban through age verification methods such as ID checks, third-party age estimation technologies, or inference from existing account data. While some children attempted to bypass restrictions, the ban is considered a significant step in protecting children online. UK Considers Following France and Australia The UK is also exploring similar measures. Prime Minister Keir Starmer recently said the government is considering a social media ban for children aged 15 and under, along with stricter age verification, phone curfews, and restrictions on addictive platform features. The UK’s move comes amid growing concern about the mental wellbeing and safety of children online. Global Shift Toward Child Cyber Safety The introduction of a social media ban for children in France, alongside Australia’s implementation and the UK’s proposal, highlights a global trend toward protecting minors in the digital age. These measures aim to balance access to educational and creative tools while shielding children from online harm and excessive screen time. As more countries consider social media regulations for minors, the focus is clear: ensuring cyber safety, supporting mental health, and giving children the chance to enjoy a safe and healthy online experience.

image for French Police Raid X ...

 Cyber News

French police raided the offices of the X social media platform today as European investigations grew into nonconsensual sexual deepfakes and potential child sexual abuse material (CSAM) generated by X’s Grok AI chatbot. A statement (in French) from the Paris prosecutor’s office suggested that Grok’s   show more ...

dissemination of Holocaust denial content may also be an issue in the Grok investigations. X owner Elon Musk and former CEO Linda Yaccarino were issued “summonses for voluntary interviews” on April 20, along with X employees the same week. Europol, which is assisting in the investigation, said in a statement that the investigation is “in relation to the proliferation of illegal content, notably the production of deepfakes, child sexual abuse material, and content contesting crimes against humanity. ... The investigation concerns a range of suspected criminal offences linked to the functioning and use of the platform, including the dissemination of illegal content and other forms of online criminal activity.” The French action comes amid a growing UK probe into Grok’s use of nonconsensual sexual imagery, and last month the EU launched its own investigation into the allegations. Meanwhile, a new Reuters report suggests that X’s attempts to curb Grok’s abuses are failing. “While Grok’s public X account is no longer producing the same flood of sexualized imagery, the Grok chatbot continues to do so when prompted, even after being warned that the subjects were vulnerable or would be humiliated by the pictures,” Reuters wrote in a report published today. French Prosecutor Calls X Investigation ‘Constructive’ The French prosecutor’s statement said the investigation “is, at this stage, part of a constructive approach, with the objective of ultimately guaranteeing the X platform's compliance with French laws, insofar as it operates in French territory” (translated from the French). The investigation initially began in January 2025, the statement said, and “was broadened following other reports denouncing the functioning of Grok on the X platform, which led to the dissemination of Holocaust denial content and sexually explicit deepfakes.” The investigation concerns seven “criminal offenses,” according to the Paris prosecutor’s statement: Complicity in the possession of images of minors of a child pornography nature Complicity in the dissemination, offering, or making available of images of minors of a child pornography nature by an organized group Violation of the right to image (sexual deepfakes) Denial of crimes against humanity (Holocaust denial) Fraudulent extraction of data from an automated data processing system by an organized group Tampering with the operation of an automated data processing system by an organized group Administration of an illicit online platform by an organized group The Paris prosecutor’s office deleted its X account after announcing the investigation. Grok Investigations in the UK Grow In the UK, the Information Commissioner’s Office (ICO) announced that it was launching an investigation into Grok abuses, on the same day the UK Ofcom communications services regulator said its own authority to investigate chatbots may be limited. William Malcolm, ICO's Executive Director for Regulatory Risk & Innovation, said in a statement: “The reports about Grok raise deeply troubling questions about how people’s personal data has been used to generate intimate or sexualised images without their knowledge or consent, and whether the necessary safeguards were put in place to prevent this.” “Our investigation will assess whether XIUC and X.AI have complied with data protection law in the development and deployment of the Grok services, including the safeguards in place to protect people’s data rights,” Malcolm added. “Where we find obligations have not been met, we will take action to protect the public.” Ilia Kolochenko, CEO at ImmuniWeb and a cybersecurity law attorney, said in a statement “The patience of regulators is not infinite: similar investigations are already pending even in California, let alone the EU. Moreover, some countries have already temporarily restricted or threatened to restrict access to X’s AI chatbot and more bans are probably coming very soon.” “Hopefully X will take these alarming signals seriously and urgently implement the necessary security guardrails to prevent misuse and abuse of its AI technology,” Kolochenko added. “Otherwise, X may simply disappear as a company under the snowballing pressure from the authorities and a looming avalanche of individual lawsuits.”

image for Berchem School Hit b ...

 Cyber News

A cyberattack on Berchem school has raised serious concerns after hackers demanded ransom money not only from the institution but also directly from students’ families. The Berchem school cyberattack incident occurred at the secondary school Onze-Lieve-Vrouwinstituut Pulhof (OLV Pulhof), where attackers disrupted   show more ...

servers and later threatened to release sensitive information unless payments were made. The case, confirmed by the public prosecutor’s office and first reported by ATV, highlights the growing threat of ransomware attacks on schools, where cybercriminals increasingly target educational institutions due to their reliance on digital systems and the sensitive data they store. Cyberattack on Berchem School Disrupted Servers The Berchem school hacking incident took place shortly after the Christmas holidays, in early January. According to reports, the school’s servers were taken offline, causing disruption to internal systems. Hackers reportedly demanded a ransom from the school soon after the breach. However, the institution refused to comply with the demands. This decision appears to have triggered an escalation in the attackers’ strategy, shifting pressure onto parents. School Files Police Complaint After Ransom Demand Following the cyberattack on Berchem school, OLV Pulhof acted quickly by contacting law enforcement. The school filed a formal complaint against unknown persons and brought in the police’s Regional Computer Crime Unit (RCCU) to respond to the incident. In addition to involving authorities, the school also moved to secure its digital infrastructure. Out of concern for student safety and data protection, the institution reportedly set up a new, secure network environment soon after the breach. The incident is now under investigation by the Federal Judicial Police. Hackers Target Parents With €50 Per Child Ransom Demand This week, the cybercriminals expanded their attack by sending threatening messages directly to parents of students. The hackers demanded a ransom of 50 euros per child, warning that private information such as addresses or photos could be released if the payment was not made. A student described the situation, saying that the school required everyone to change passwords and warned students not to click on suspicious links. “We had to change all our passwords at school, otherwise they would release our addresses or photos,” the student said. Another student added that their father received an email demanding payment, which caused fear and uncertainty. “My dad also got an email last night. That scares me a little. They were asking for 50 euros per child.” This tactic reflects a disturbing trend in school cyberattacks, where criminals attempt to exploit families emotionally and financially. Parents Advised Not to Pay and Not to Click The school has strongly advised parents not to respond to the ransom demands. Families were told not to pay, and more importantly, not to click on any links or attachments included in the hackers’ communications, as these could lead to further compromise or malware infections. Cybersecurity experts generally warn against paying ransoms, as it does not guarantee that stolen data will be deleted or that systems will be restored. Paying can also encourage attackers to continue targeting schools and vulnerable communities. Classes Continue Despite Cybersecurity Incident Despite the attack, lessons at OLV Pulhof have continued. While the school’s servers were initially down, it appears that temporary solutions and new systems allowed teaching to proceed. However, the full consequences of the hacking have not yet been disclosed. It remains unclear what data may have been accessed or whether any personal information was stolen. Educational institutions often store sensitive records, including student details, contact information, and internal documents, making them attractive targets for cybercriminal groups. Rising Concern Over Ransomware Attacks on Schools The cyberattack on the Berchem secondary school is part of a wider pattern of increasing cybercrime targeting schools across Europe. Schools often face limited cybersecurity budgets, older IT systems, and large networks of users, making them easier to infiltrate than larger corporate organizations. Attacks like this demonstrate how ransomware incidents can go beyond technical disruption, affecting families and creating fear in local communities. Investigation Ongoing Authorities have not yet identified who is behind the attack. The Federal Judicial Police continue to investigate, while the school works to strengthen its systems and protect students and staff. For now, parents are being urged to remain cautious, avoid engaging with the attackers, and report any suspicious communications to law enforcement. The cyberattack on Berchem school incident serves as a reminder that cybersecurity in schools is no longer optional, but essential for protecting students, families, and the education system itself.

image for Lt Gen (Dr) Rajesh P ...

 Cyber Essentials

Cyble and The Cyber Express has announced a high-impact ai cybersecurity webinar February 2026, bringing urgent focus to the growing convergence of AI-driven cybercrime, ransomware escalation, and hacktivism-led disruption. Titled “AI, Ransomware & Hacktivism: The Cyber Risk Shift Most Leaders Are Failing to   show more ...

See,” this timely ai ransomware webinar February 2026 will feature Lt Gen (Dr) Rajesh Pant, Chairman, Cyber Security Association of India and Former National Cyber Security Coordinator, Government of India. The Zoom webinar will take place on: Tuesday, 24 February 2026 4:00 PM IST Moderator: Mihir Bagwe, Principal Correspondent, The Cyber Express Registration is now open with FREE seats available, but slots are limited and seats are filling quickly. Register Now (FREE, Limited Seats): [Insert Registration Link Here] Bonus for Registered Attendees: Annual Threat Landscape Report 2025 All registered attendees of the ai ransomware webinar February 2026 will receive a downloadable copy of the Annual Threat Landscape Report 2025. The 2025 threat landscape shows ransomware, hacktivism, and AI-enabled attacks continuing to scale despite global law enforcement disruptions. Based on millions of observations across dark web and open web sources — spanning industries, regions, and sectors, the report reveals: How attackers adapted Where defenses failed Which threats are set to persist into 2026 This makes the webinar a valuable learning and intelligence opportunity as organizations plan for ai cybersecurity 2026. AI Cybersecurity Webinar February 2026: Why This Session Matters Now This ai cybersecurity webinar February 2026 comes at a critical moment as the global cyber threat environment rapidly evolves under the influence of AI. Ransomware groups are increasingly using AI to automate targeting, improve evasion, and scale attacks across industries. At the same time, hacktivist campaigns are merging with organized cybercrime, creating hybrid threats that challenge both enterprise security teams and national infrastructure defenses. The rise of these combined risks is shaping the future of ai cybersecurity 2026, and leaders who fail to adapt now may face severe consequences in the year ahead. Featuring Lt Gen (Dr) Rajesh Pant at the AI Ransomware Webinar February 2026 The upcoming ai ransomware webinar February 2026 will offer rare leadership-level insights from: Lt Gen (Dr) Rajesh Pant Chairman, Cyber Security Association of India Former National Cyber Security Coordinator, Government of India With decades of experience guiding national cyber preparedness and responding to global threat dynamics, Dr. Pant will share frontline perspectives on how AI is reshaping ransomware operations and hacktivism-driven cyber disruption. What This AI Ransomware Webinar February 2026 Covers This ai ransomware webinar February session will focus on the cyber risk shifts most leaders are still underestimating. Key discussion points include: How threat actors are using AI to expand ransomware campaigns Why hacktivism is converging with cybercrime networks The most dangerous cyber risk trends heading into ai cybersecurity 2026 What CISOs must prioritize now to avoid reactive defenses later How leadership, policy, and execution often fail to align The webinar will also explore evolving activity across the ai hacktivism website February 2026 landscape, where AI-enabled tactics are accelerating rapidly. Here's Why You Should Attend This AI Cybersecurity Webinar February 2026 This ai cybersecurity webinar February 2026 is designed for CISOs, cyber risk leaders, security professionals, and decision-makers who need clarity on what comes next. By attending the ai ransomware webinar February 2026, participants will gain: Strategic understanding of AI-powered ransomware evolution Insights into the hacktivism-cybercrime overlap Practical guidance for preparing enterprise defenses for 2026 Direct perspectives from one of India’s top cyber leaders For professionals tracking threats through any ai hacktivism website, this session provides essential context and actionable takeaways. Register Now: Cybersecurity Webinar February 2026 (FREE, Limited Seats) FREE Registration | Limited Seat Slots | Seats Filling Quickly Don’t miss this essential ai cybersecurity webinar February 2026 and the must-attend ai ransomware webinar February 2026 discussion on the future of AI-driven cyber threats. Register Now (FREE) 

 Feed

Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of Firefox, said. "You can also review and manage individual AI features if you choose to use them. This

 Feed

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7. The development comes shortly

 Feed

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit. Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania, three

 Feed

Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress. Every vendor promises “complete coverage” or “AI-powered automation,” but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their weight. The result? Bloated stacks, missed signals, and mounting pressure to do more with less. This

 Feed

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary

 Feed

Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted applications and workflows that many organizations rely on every day. For consumers, these outages are

 Feed

Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed by

2026-02
Aggregator history
Tuesday, February 03
SUN
MON
TUE
WED
THU
FRI
SAT
FebruaryMarch