Golang

The Qilin ransomware group has claimed a new victim, Commune d'Eyguires (www.eyguieres.org), a public sector entity in France, employing their Golang-based ransomware and double extortion tactics, leading to data encryption and potential public release of exfiltrated information.

An unauthenticated attacker can exploit CVE-2026-55882 in Tilt HUD server versions 0.19.5 through 0.37.3, when exposed on a non-loopback address, by accessing the `/debug/pprof` endpoints to read sensitive process memory, including session and API server tokens, and to degrade application performance through prolonged CPU profiling or tracing.