InfoSec News Nuggets 04/27/2026

By MaryOn April 27, 2026 Firefox Vulnerability Allows Tor User Fingerprinting Researchers disclosed CVE-2026-6770, an IndexedDB issue that can let sites correlate a user’s activity across domains, including in Firefox Private Browsing and Tor Browser’s New Identity mode, until the browser process is fully restarted. Mozilla patched it in Firefox 150, and the Tor Project rolled out the fix in Tor Browser 15.0.10, which makes this one worth flagging for teams that rely on browser-based privacy guarantees.   New ‘Pack2TheRoot’ flaw gives hackers root Linux access A newly reported PackageKit vulnerability, CVE-2026-41651, carries an 8.8 CVSS score and appears to have lurked in the daemon for nearly 12 years. Researchers say it can allow local privilege escalation to root on a wide range of Linux distributions that ship PackageKit enabled by default, so this is the kind of low-noise issue that can quietly matter a lot in mixed desktop and server estates.   Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector Kaspersky says attackers used a previously unknown destructive tool called Lotus Wiper against organizations in Venezuela’s energy and utilities sector, with the malware designed to erase data across physical drives and delete files in ways that make affected systems unrecoverable. The report says the operation appears highly targeted and non-financially motivated, which makes it notable as a destructive campaign rather than a typical ransomware or extortion play.   Exploits Turn Windows Defender Into Attacker Tool Dark Reading reports that three public proof-of-concept exploits are now being used in hands-on intrusions to abuse Microsoft Defender’s own privileged workflows. One flaw, BlueHammer, was patched in April, but the other techniques, RedSun and UnDefend, were described as separate issues that can still help attackers escalate to SYSTEM or quietly degrade Defender’s ability to detect new threats once they have an initial foothold.   Indirect prompt injection is taking hold in the wild New reporting on research from Google and Forcepoint says indirect prompt injection is moving from theory into observed abuse on the public web, with attacks aimed at traffic hijacking, data exfiltration, destructive actions, and even AI-mediated financial fraud. Google also reported a 32% relative increase in malicious cases between November 2025 and February 2026, which is a useful signal that agentic-AI threat models are getting more urgent for anyone deploying browsing or action-taking assistants. CATEGORIESInfoSec News Nuggets TAGSAboutDFIRLotus Wipernews nuggetsPack2TheRoot SHARE FACEBOOK TWITTER LINKEDIN PINTEREST STUMBLEUPON EMAIL