Accenture confirms breach after hacker offers stolen data for sale
IT services giant Accenture confirmed a security breach after a threat actor calling themselves “888” claimed to have stolen 35 GB of data, including source code, RSA and SSH keys, Azure personal access tokens, and configuration files, and began offering it for sale on a cybercrime forum. The company acknowledged the incident as an “isolated matter” that has been remediated, saying there was no impact to operations, but it declined to verify the scope of what was taken or confirm whether client data was involved.
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
Researchers disclosed a 15-year-old use-after-free vulnerability in the Linux kernel’s futex locking code that lets any logged-in local user gain full root access in about five seconds, with a working exploit that also escapes containers and has already been published publicly. The bug has shipped in mainstream distributions since 2011 and was patched in April, but availability of the fix remains uneven across major distributions, making prompt patching of shared, multi-tenant, and cloud systems a priority.
The ‘first’ AI-run ransomware attack still needed a human
Researchers at cloud security firm Sysdig detailed an extortion operation, dubbed JadePuffer, in which an AI agent handled the technical execution of a real-world attack largely on its own, breaking into a vulnerable Langflow server, escalating access on a production MySQL database, encrypting more than 1,300 configuration records, and writing its own ransom note. Follow-up reporting clarified the operation wasn’t fully autonomous after all, since a human still selected the victim, provisioned the command-and-control infrastructure, and supplied the stolen database credentials the agent used to get in, tempering earlier claims of a hands-off cybercrime debut.
Critical Gitea Flaw Under Active Exploitation, Researchers Warn
A critical authentication bypass in Gitea’s official Docker images is now under active exploitation, allowing attackers to impersonate any user, including administrators, by sending a single crafted HTTP header when reverse-proxy authentication is enabled. The flaw stems from default settings that trusted the header from any source rather than only a legitimate proxy, and researchers observed the first in-the-wild exploitation attempts roughly two weeks after the vulnerability was publicly disclosed, putting thousands of internet-exposed instances and the secrets in their repositories at risk.
UniFi CVSS 10.0 Flaw Exposes 100,000 Endpoints to Unauthenticated Takeover
Ubiquiti disclosed seven critical vulnerabilities across its UniFi product line, including a maximum-severity flaw that lets an unauthenticated network attacker execute arbitrary operating system commands on the UniFi Connect Application, which manages building automation systems like lighting and EV charging. With roughly 100,000 UniFi OS endpoints reachable from the public internet and a prior vulnerability chain in the same product family already being exploited by a Mirai-based botnet, administrators are being urged to patch immediately across Connect, Talk, Access, Protect, and OS Server.