A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages.
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10.
It targeted high-precision calculation software to tamper with results and packed a self-propagation mechanism.
From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase.
Securing national resilience now depends on faster, deeper partnerships with the private sector.
Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions.
The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural.
Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue.
With “Shadow AI” usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.
RegisterDelve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.
Register
SecurityWeek’s 2026 Threat Detection & IR Summit will bring together security practitioners from around the world to share war stories on breaches, APT attacks and more.
[May 20, 2026 | Virtual]
SecurityWeek’s CISO Forum 2026 Mid-Year Review is a virtual roundtable to evaluate the year’s most pressing challenges and share critical updates shaping the 2026 security landscape.
[June 10, 2026 | Virtual]
SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]
SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]
-
The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries. (April 27, 2026)
-
A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators. (April 27, 2026)
-
A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages. (April 27, 2026)
-
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. (April 27, 2026)
-
Itron, which serves utilities and cities around the world, discovered unauthorized access to its systems on April 13. (April 27, 2026)
-
The DDoS attack caused a major outage, but Mastodon mitigated it within a few hours. (April 22, 2026)
-
Angelo Martino of Florida has pleaded guilty to collaborating with the BlackCat cybercrime group while working as a ransomware negotiator. (April 21, 2026)
-
The hackers targeted LayerZero’s DVN, compromising certain RPCs and DDoSing others to trigger failover to the poisoned infrastructure. (April 21, 2026)
