ZEGO Cyberattack Insolvency: A Six-Week Shutdown

ZEGO cyberattack insolvency

ZEGO cyberattack insolvency is now a real-world case study, not a hypothetical: a 35-year-old German textile finisher in Aschaffenburg has filed for insolvency after a cyberattack in March 2026 halted production for nearly six weeks — and the type of attack that caused it still hasn’t been publicly disclosed. What Happened ZEGO Textilveredelungszentrum GmbH, founded…

Read More

PolinRider Supply Chain Attack Hits 108 Packages

PolinRider supply chain attack

The PolinRider supply chain attack has been confirmed by Socket.dev, SecurityWeek and SC Media: a North Korea-linked actor has flooded four separate open-source ecosystems — npm, Packagist, Go modules and the Chrome Web Store — with 108 malicious packages designed to steal developer and cloud credentials. What Happened Researchers attribute the PolinRider supply chain attack…

Read More

CVE-2026-48282 Adobe ColdFusion RCE Exploited in 2 Hours

CVE-2026-48282 Adobe ColdFusion RCE

CVE-2026-48282 Adobe ColdFusion RCE is now the fastest-weaponized CVSS-10.0 flaw DIESEC has tracked in 2026: attackers began exploiting Adobe’s maximum-severity ColdFusion vulnerability within two hours of public disclosure, and CISA has given US federal agencies until July 10 to patch. What Happened Adobe’s APSB26-68 security bulletin, released June 30, 2026, patched 11 CVEs across ColdFusion,…

Read More

JADEPUFFER Agentic AI Ransomware Attack

JADEPUFFER agentic AI ransomware

JADEPUFFER agentic AI ransomware is, according to Sysdig’s Threat Research Team, the first publicly documented case of a ransomware attack executed start to finish by an autonomous AI agent — from initial access through a Langflow vulnerability to database encryption and extortion, with no human operator directing any step. What Happened Sysdig identified JADEPUFFER, this…

Read More

OPNsense CVE-2026-57155: Root RCE via GeoIP Alias

OPNsense CVE-2026-57155

OPNsense CVE-2026-57155 (CVSS 9.9) is a path-traversal flaw in the firewall’s GeoIP alias importer that lets a low-privileged user escalate to full root remote code execution. It is the fifth critical or high-severity OPNsense vulnerability disclosed since May 2026, and it matters disproportionately for German Mittelstand IT teams and MSPs because OPNsense’s free, open-source model…

Read More