The Hacker News
Top story
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don't file tickets. That's the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue too

Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don't file tickets. That's the shape of this week. Trusted code turns on the people who installed it.
Old bugs from last year are still landing because the fix sat in a queue too long. Fake installers, poisoned packages, systems left facing the open internet, and helpful little AI assistants running instructions that were never yours.
The gap between "patch exists" and "already exploited" keeps shrinking, and nobody's closing it. None of it is exotic. That's what wears you down. Same ordinary mistakes, just happening faster than we can keep up. Here's the full mess, top to bottom.
Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers — Progress urged customers to shut down Windows servers running Storage Zone Controllers, citing a credible external security threat.
The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and external security experts. The exact nature of the threat is unknown. There are no indications of unauthorized access to any ShareFile accounts or data.
The AI security job market is no longer theoretical. SANS tracked hiring across 10 specific roles and mapped verified job data, salary ranges, and the skills required to get there. The three-tier framework gives your team a clear view of which roles to prioritize now and which to develop toward.
Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild.
Check the list, patch what you have, and hit the ones marked urgent first — From BRLY-2026-037 through BRLY-2026-042 (U-Boot), CVE-2026-50746, CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-55115, CVE-2026-54402, CVE-2026-55116 (Ubiquiti Unifi), CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, CVE-2026-40141 (BeyondTrust Remote Support and Privileged Remote Access), CVE-2026-11405 (Tenda), CVE-2026-43499 aka GhostLock, CVE-2026-46215 (Linux Kernel), CVE-2026-53359 aka Januscape (KVM/x86), CVE-2026-52830 (fast-mcp-telegram), CVE-2026-57992 (Microsoft Edge), CVE-2026-11712, CVE-2026-11708, CVE-2026-11595 (IBM WebSphere Application Server), CVE-2026-12184 , CVE-2026-14355 (PHP), CVE-2026-52761 , CVE-2026-52747 (OWASP ModSecurity), CVE-2026-14898 (OpenAI Codex for macOS), CVE-2026-13753 (HP Deskjet 2800 Printer Series), CVE-2026-10706, CVE-2026-10708 (Adalo Database API), CVE-2026-15112, CVE-2026-15129 (Google Chrome), CVE-2026-12116, CVE-2026-14261 (Xerte Online Toolkit), CVE-2026-13461, CVE-2026-13462 (PayRange Android app), CVE-2026-0288 (Palo Alto Networks PAN-OS), CVE-2026-47291 (Microsoft Windows HTTP.
sys), CVE-2026-15146 (GNU Wget), CVE-2026-31694 (Linux FUSE), CVE-2026-54432 (Roundcube webmail), CVE-2026-14544 ( HP Linux Imaging and Printing ), CVE-2026-13126, CVE-2026-57260, CVE-2026-57248, CVE-2026-57246 (Foxit PDF Reader and PDF Editor), CVE-2026-6896, CVE-2026-13320 (GitLab CE and EE), CVE-2025-14179 (pdo_firebird), and CVE-2025-14180 (PDO PostgreSQL) Disclaimer: This is strictly for research and learning.
It hasn't been through a formal security audit, so don't just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law. The lesson this week is simple.
Every shortcut we took to move faster is now a door someone else can walk through. The package you trusted. The remote tool is left running. The AI that does whatever it reads. We built the shortcuts. Someone else is using them.
So patch the urgent stuff first, close the sessions you forgot were open, and go check what's still facing the internet that shouldn't be. None of it is exciting. It's just the part nobody goes back to until it's too late. See you next week, if nothing breaks before then.
Learn how to secure AI agents with practical controls for access, visibility, secrets, and risk containment. Learn how to govern risk, secure AI-built software, and keep control as development moves at machine speed.