no alarms and no surprises please..
-
Critical WordPress Core Flaw Lets Anonymous Hackers Gain Remote Code Execution
Critical WordPress Core Flaw Lets Anonymous Hackers Gain Remote Code Execution A newly disclosed a pre-authentication remote code execution (RCE) vulnerability in WordPress Core, dubbed “wp2shell,” that requires no authentication and affects stock WordPress installations… Delivered by PolitePaul service Go to gbhackers.com
-
EY Data Breach – Hackers Access Third-Party IT Support Platform and Steal Client Tax Documents
EY Data Breach – Hackers Access Third-Party IT Support Platform and Steal Client Tax Documents Ernst & Young LLP (EY) has confirmed a data security incident in which an unauthorized third party breached a third-party IT service management platform… Delivered by PolitePaul service Go to gbhackers.com
-
OpenSSL DoS Vulnerability Lets Remote Attackers Exhaust Server Memory With an 11-Byte Payload
OpenSSL DoS Vulnerability Lets Remote Attackers Exhaust Server Memory With an 11-Byte Payload A newly disclosed vulnerability reminds us how deeply our digital infrastructure relies on foundational libraries. The Okta Red Team recently discovered “HollowByte,” a Denial… Delivered by PolitePaul service Go to gbhackers.com
-
Citrix Secure Access Client Flaw Lets Low-Privileged Windows Users Gain SYSTEM Privileges
Citrix Secure Access Client Flaw Lets Low-Privileged Windows Users Gain SYSTEM Privileges Cloud Software Group has issued a High-severity security bulletin (CTX696734) disclosing two vulnerabilities in the Citrix Secure Access Client for Windows and the Citrix… Delivered by PolitePaul service Go to gbhackers.com
-
New Starland RAT Steals Browser Credentials and Scans for Over 40 Crypto Wallets
New Starland RAT Steals Browser Credentials and Scans for Over 40 Crypto Wallets A financially motivated, Russian-speaking threat actor tracked as UAT-11795, orchestrating a large-scale campaign since at least June 2025. A sophisticated Python-based remote access trojan dubbed… Delivered by PolitePaul service Go to gbhackers.com
-
Abbott probes two cyber incidents amid extortion claims
Abbott probes two cyber incidents amid extortion claims Abbott Laboratories is investigating two separate cybersecurity incidents after confirming unauthorized access to internal legacy Exact Sciences systems in its Cancer Diagnostics business, while also investigating a separate claim that attackers breached its LabCentral portal and stole company data. […] Lawrence Abrams Go to bleepingcomputer
-
HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload
HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL servers with a malicious payload of just 11 bytes. […] Bill Toulas Go to bleepingcomputer
-
Ernst & Young discloses data breach after support system hack
Ernst & Young discloses data breach after support system hack Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel. […] Bill Toulas Go to bleepingcomputer
-
Inside the Search for “Clean” Residential Proxies for Carding
Inside the Search for “Clean” Residential Proxies for Carding Residential proxies are no longer the silver bullet they once were for carding. Flare explains why cybercriminals increasingly seek “clean” residential proxies and combine them with browser fingerprints, device profiles, and other identity signals to evade modern fraud detection. […] Sponsored by Flare Go to bleepingcomputer
-
New Windows LegacyHive zero-day gives hackers admin privileges
New Windows LegacyHive zero-day gives hackers admin privileges A security researcher using the “Nightmare Eclipse” handle has released a Windows zero-day exploit dubbed LegacyHive that allows attackers to escalate privileges on up-to-date Windows systems. […] Sergiu Gatlan Go to bleepingcomputer
-
Citrix Secure Access and Endpoint Client for Windows Vulnerability Enables Privilege Escalation
Citrix Secure Access and Endpoint Client for Windows Vulnerability Enables Privilege Escalation Cloud Software Group has disclosed two security vulnerabilities affecting Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows, with one flaw allowing low-privileged attackers to gain full SYSTEM access on affected machines. The more severe issue, tracked as CVE-2026-53565,…
-
New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released
New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released A critical pre-authentication remote code execution (RCE) vulnerability dubbed “wp2shell” has been discovered in WordPress Core, putting an estimated 500 million+ websites at risk of full takeover by unauthenticated attackers. Security researcher Adam Kues of Searchlight Cyber’s Assetnote research team uncovered the flaw,…
-
OpenSSL “HollowByte” Vulnerability Lets Hackers Crash Servers With Just 11 Bytes
OpenSSL “HollowByte” Vulnerability Lets Hackers Crash Servers With Just 11 Bytes A newly disclosed vulnerability in OpenSSL, dubbed “HollowByte,” allows a remote, unauthenticated attacker to trigger a denial-of-service (DoS) condition using a malicious payload as small as 11 bytes. Discovered by the Okta Red Team, the flaw exploits how OpenSSL pre-allocates memory during the TLS…
-
Ransomware Attack on Coca-Cola-Owned Fairlife Halts Production Across the United States
Ransomware Attack on Coca-Cola-Owned Fairlife Halts Production Across the United States Coca-Cola has reported a ransomware attack affecting its dairy subsidiary, Fairlife, resulting in a temporary shutdown of production operations across the United States. This incident was disclosed in a Form 8-K filing submitted to the U.S. Securities and Exchange Commission on July 16, 2026.…
-
EY Data Breach – Hackers Gain Access to IT Support System and Download Documents
EY Data Breach – Hackers Gain Access to IT Support System and Download Documents Ernst & Young LLP (EY) is notifying clients that an unauthorized third party breached a support ticket platform used by its IT staff, downloading documents containing client tax data during a roughly two-week window this spring. The Big Four accounting and…
-
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it. An anonymous HTTP request can run code on a WordPress…
-
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with…
-
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an…
-
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the…
-
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group…
-
Friday Squid Blogging: Squid Washing Up on Cape Cod Beach
Friday Squid Blogging: Squid Washing Up on Cape Cod Beach Lots of articles about this. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Details of Alan Turing’s Voice Encryption System
Details of Alan Turing’s Voice Encryption System Really interesting piece of cryptographic history: In November 2023, a large cache of his wartime papers—nicknamed the “Bayley papers”—was auctioned in London for almost half a million U.S. dollars. The previously unknown cache contains many sheets in Turing’s own handwriting, telling of his top-secret “Delilah” engineering project from…
-
ISC Stormcast For Friday, July 17th, 2026 https://isc.sans.edu/podcastdetail/10012, (Fri, Jul 17th)
ISC Stormcast For Friday, July 17th, 2026 https://isc.sans.edu/podcastdetail/10012, (Fri, Jul 17th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Google’s Gemini lets strangers send messages from your locked Android phone
Google’s Gemini lets strangers send messages from your locked Android phone Gemini, Google’s AI assistant, is supposed to make life easier for Android smartphone owners. But right now it may also be making life easier for anyone anyone who happens to pick up your phone. Read more in my article on the Hot for Security…
-
Inc Ransomware Exploits SonicWall SMA Zero-Days
Inc Ransomware Exploits SonicWall SMA Zero-Days When chained together, the two vulnerabilities allow threat actors to gain root-level capabilities on SonicWall’s mobile access appliances. Nate Nelson Go to gbhackers.com
-
The Real AI Threat Is Blind Trust
The Real AI Threat Is Blind Trust AI models left to both interpret and execute commands eliminate critical cybersecurity oversight. R. Justin Martin Go to gbhackers.com
-
Gold Eagle Clearinghouse Targets Security Gap, But How Is Unclear
Gold Eagle Clearinghouse Targets Security Gap, But How Is Unclear The White House launched Gold Eagle to coordinate vulnerability response in a new AI world, but multiple questions linger over how it’s being implemented. Alexander Culafi Go to gbhackers.com
-
Google Bets ‘Agentic Defense’ Strategy Can Outpace Attackers
Google Bets ‘Agentic Defense’ Strategy Can Outpace Attackers Google Cloud incorporates key Wiz capabilities into an agentic defense platform to automate threat detection and remediation against AI attacks. Jeffrey Schwartz Go to gbhackers.com
-
New NadMesh Botnet Uses 20+ RCE Vectors to Hijack AI and MCP Infrastructure
New NadMesh Botnet Uses 20+ RCE Vectors to Hijack AI and MCP Infrastructure NadMesh is a new, industrial‑grade Go‑based botnet that weaponizes more than 20 RCE vectors to hijack AI and MCP infrastructure at scale, combining autonomous… Delivered by PolitePaul service Go to gbhackers.com
-
TP-Link Kasa Camera Flaws Let Attackers Steal Admin Credentials and Geolocation Data
TP-Link Kasa Camera Flaws Let Attackers Steal Admin Credentials and Geolocation Data TP-Link has revealed several serious vulnerabilities affecting its Kasa EC70 and EC71 smart camera models, which could expose users to credential theft and geolocation… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Warns of Two Fortinet FortiSandbox Flaws Exploited to Execute Commands
CISA Warns of Two Fortinet FortiSandbox Flaws Exploited to Execute Commands The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities in Fortinet FortiSandbox to its Known Exploited Vulnerabilities (KEV) catalog. These… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Use Paste-and-Run Commands to Deploy ClickLock Stealer Against Mac Users
Hackers Use Paste-and-Run Commands to Deploy ClickLock Stealer Against Mac Users Hackers are actively targeting macOS users with a newly identified infostealer dubbed “ClickLock Stealer,” leveraging paste-and-run social engineering techniques to bypass Apple’s native security… Delivered by PolitePaul service Go to gbhackers.com
-
GPT-5.6 Codex Reportedly Wipes Files From Home Directories
GPT-5.6 Codex Reportedly Wipes Files From Home Directories Recent reports indicate that GPT-5.6 Codex has unintentionally deleted files in users’ home directories under certain configurations, raising concerns about the risks of running… Delivered by PolitePaul service Go to gbhackers.com
-
Windows Server 2022 reach end of mainstream support in 90 days
Windows Server 2022 reach end of mainstream support in 90 days Microsoft announced that Windows Server 2022 will reach the mainstream end date in October 2026, but will switch to extended support and continue receiving security updates for five more years. […] Sergiu Gatlan Go to bleepingcomputer
-
US charges two over laundering $43 million from investment fraud
US charges two over laundering $43 million from investment fraud U.S. prosecutors on Thursday charged a New York man and woman for their roles in a large-scale crime ring that laundered money stolen in cyber investment fraud scams. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA urges immediate action on actively exploited Fortinet flaws
CISA urges immediate action on actively exploited Fortinet flaws CISA on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. […] Sergiu Gatlan Go to bleepingcomputer
-
New ClickLock macOS malware traps users into revealing login password
New ClickLock macOS malware traps users into revealing login password A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password. […] Bill Toulas Go to bleepingcomputer
-
Coca-Cola says Fairlife ransomware attack halts US dairy production
Coca-Cola says Fairlife ransomware attack halts US dairy production The Coca-Cola Company disclosed today that a ransomware attack impacting its Fairlife dairy subsidiary has disrupted operations, temporarily suspending production of Fairlife products across the United States. […] Lawrence Abrams Go to bleepingcomputer
-
New ClickLock macOS Stealer Kills Every App to Force Password Entry
New ClickLock macOS Stealer Kills Every App to Force Password Entry A newly discovered macOS malware dubbed ClickLock is raising alarms in the cybersecurity community for its aggressive and deceptive credential-harvesting techniques. According to researchers at Group-IB, the stealer employs a highly disruptive tactic that forcibly terminates running applications, effectively locking users out of their…
-
CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in Attacks
CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in Attacks CISA has added a critical Microsoft SharePoint vulnerability, tracked as CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. This addition comes with a warning that attackers are actively exploiting the flaw in real-world attacks. The vulnerability stems from a weakness in deserializing untrusted data,…
-
Top 10 Best Identity Threat Detection and Response (ITDR) Solutions in 2026
Top 10 Best Identity Threat Detection and Response (ITDR) Solutions in 2026 Identity has become the primary battleground of enterprise cybersecurity. Attackers increasingly bypass traditional defenses by stealing credentials, hijacking sessions, abusing privileged accounts, and exploiting misconfigurations across Active Directory, cloud platforms, SaaS applications, and non-human identities. Microsoft reported more than 7,000 password attacks per…
-
Multiple TP-Link Cameras Vulnerability Allows Hackers to Launch MitM Attacks
Multiple TP-Link Cameras Vulnerability Allows Hackers to Launch MitM Attacks TP-Link has released security updates for two vulnerabilities in its Kasa EC70 v4 and EC71 v4 smart cameras. These flaws, tracked as CVE-2026-9770 and CVE-2026-13230, could allow an attacker on the same local network to obtain sensitive information from vulnerable devices. The most serious issue,…
-
GPT-5.6 Codex is Reportedly Deleting Files From Home Directories
GPT-5.6 Codex is Reportedly Deleting Files From Home Directories OpenAI is currently investigating a small number of reports indicating that the GPT-5.6 Codex unintentionally deleted files from users’ home directories. These incidents reportedly occurred when Codex was granted full filesystem access without the necessary sandbox protections or automated review controls. According to Tibo Sottiaux, a…
-
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London. The attack left 148 TfL systems inoperable and forced…
-
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the…
-
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token…
-
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report.…
-
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and…
-
Protecting Privacy in an AI Era
Protecting Privacy in an AI Era Daniel Solove argues in the Wall Street Journal (alternate link) that giving people control of their personal data is not an effective way to regulate privacy in this era. Instead, we need to hold companies accountable for their actions, similar to what we do with food and drug companies.…
-
Anubis ransomware: what you need to know
Anubis ransomware: what you need to know The Anubis ransomware-as-a-service (RaaS) operation has hit some healthcare organisations hard – but they are not the only ones at risk. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #476: Remote-control rickshaws and rogue book marketers
Smashing Security podcast #476: Remote-control rickshaws and rogue book marketers An app has appeared in India that lets anyone with a smartphone stop a passing e-rickshaw dead in its tracks – no login, no passwords, no permissions needed. Meanwhile, Geoff – swimming in money and Lamborghinis, as all published authors are – has been on…
-
Agentic AI Is Untamable: Ask the Right Security Questions
Agentic AI Is Untamable: Ask the Right Security Questions Forget about attackers. Agentic artificial intelligence is creating enough risks for organizations and demands a security reframe. Arielle Waldman Go to gbhackers.com
-
1M+ Emails Use Hidden Text to Dupe AI Security Filters
1M+ Emails Use Hidden Text to Dupe AI Security Filters Artificial intelligence and LLMs can be surprisingly ineffective against text salting, allowing phishing emails to slide right into your inbox. Nate Nelson Go to gbhackers.com
-
Dutch Police and Europol Disrupt Global Investment Scam Infrastructure and Arrest Key Suspects
Dutch Police and Europol Disrupt Global Investment Scam Infrastructure and Arrest Key Suspects Dutch police, working with international law-enforcement partners including Europol, have disrupted a sprawling investment-fraud operation alleged to have defrauded victims across multiple countries of… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Zoom Workplace Flaw Lets Unauthenticated Attackers Take Over Accounts Remotely
Critical Zoom Workplace Flaw Lets Unauthenticated Attackers Take Over Accounts Remotely Zoom has disclosed a critical vulnerability in its Windows desktop software that could allow unauthenticated attackers to take over user accounts remotely. This issue,… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Warns of Actively Exploited Oracle E-Business Suite Flaw
CISA Warns of Actively Exploited Oracle E-Business Suite Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that attackers are actively exploiting CVE-2026-46817, an improper privilege management vulnerability in Oracle E-Business… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Pair Stolen Wallet Databases With Keychain Passwords for Offline Crypto Theft
Hackers Pair Stolen Wallet Databases With Keychain Passwords for Offline Crypto Theft A macOS-focused information stealer is combining stolen wallet databases with credentials harvested from the Apple Keychain, browsers, and Apple Notes to conduct offline cryptocurrency… Delivered by PolitePaul service Go to gbhackers.com
-
Splunk Enterprise Flaws Expose Stored Credentials and Allow Arbitrary SPL Searches
Splunk Enterprise Flaws Expose Stored Credentials and Allow Arbitrary SPL Searches Splunk has released security updates for three vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These vulnerabilities could potentially expose stored credential hashes, enable… Delivered by PolitePaul service Go to gbhackers.com
-
Dutch police bust investment fraud ring stealing over €100 million
Dutch police bust investment fraud ring stealing over €100 million The Dutch Police announced the arrest of multiple individuals suspected of being part of an international investment fraud scheme estimated to have tens of thousands of victims. […] Bill Toulas Go to bleepingcomputer
-
Zoom warns of critical account takeover vulnerability
Zoom warns of critical account takeover vulnerability Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts. […] Bill Toulas Go to bleepingcomputer
-
Google Gemini CLI abused as a hacking agent, malware botnet operator
Google Gemini CLI abused as a hacking agent, malware botnet operator A Russian-speaking threat actor known as “bandcampro” used Google’s open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. […] Bill Toulas Go to bleepingcomputer
-
AsyncAPI npm packages infected with credential-stealing malware
AsyncAPI npm packages infected with credential-stealing malware Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that delivered a remote access trojan with info-stealing capabilities. […] Bill Toulas Go to bleepingcomputer
-
We built a vulnerability vending machine: AI tokens in, zero-days out
We built a vulnerability vending machine: AI tokens in, zero-days out Intruder built an AI-powered “vulnerability vending machine” that combines code slicing with LLMs to automatically discover complex software vulnerabilities. The company explains how the system found and exploited a previously unknown WordPress plugin zero-day, with additional discoveries already under responsible disclosure. […] Sponsored by…
-
New TuxBot v3 IoT Botnet Uses LLM-Generated Code to Hijack Devices and Launch DDoS Attacks
New TuxBot v3 IoT Botnet Uses LLM-Generated Code to Hijack Devices and Launch DDoS Attacks A newly identified IoT botnet framework, TuxBot v3 Evolution, is targeting internet-connected devices and turning compromised systems into tools for distributed denial-of-service attacks. The malware can run across a wide range of device architectures, creating a broad risk for routers,…
-
Zoom Desktop Client for Windows Flaw Enables Account Takeover via Network Access
Zoom Desktop Client for Windows Flaw Enables Account Takeover via Network Access Zoom has released updates for a critical Windows desktop client vulnerability, tracked as CVE-2026-53412, that could allow unauthenticated attackers to remotely take over user accounts. This flaw arises from improper input validation and may enable unauthenticated attackers to execute account takeover attacks via…
-
Multiple Splunk Enterprise Vulnerabilities Enable Path Traversal and Information Disclosure Attacks
Multiple Splunk Enterprise Vulnerabilities Enable Path Traversal and Information Disclosure Attacks Splunk has released security updates addressing multiple vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These flaws could lead to issues such as path traversal, disclosure of stored credential hashes, and arbitrary execution of SPL (Search Processing Language) searches. Three security vulnerabilities affecting both…
-
CISA Warns of Oracle E-Business Suite Vulnerability Actively Exploited in Attacks
CISA Warns of Oracle E-Business Suite Vulnerability Actively Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in attacks. This flaw impacts Oracle Payments, a component of Oracle E-Business Suite.…
-
Hackers Can Type a Secret Username at the Windows Login Screen to Open a SYSTEM Shell
Hackers Can Type a Secret Username at the Windows Login Screen to Open a SYSTEM Shell A stealthy Windows backdoor has resurfaced alongside Daxin, a sophisticated espionage tool previously tied to China-linked activity. The newly documented implant lets an intruder type a special username at the Windows sign-in screen and, in some cases, immediately open…
-
Forgotten UEFI shims undermining Secure Boot
Forgotten UEFI shims undermining Secure Boot ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities Go to eset
-
Police Disrupt a €140M Cyber Fraud Ring in Spain
Police Disrupt a €140M Cyber Fraud Ring in Spain Iberian hackers carried out a variety of cyberattacks and laundered the winnings through complex financial networks. Nate Nelson Go to gbhackers.com
-
TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development
TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results. “While the AI complied with their request to…
-
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet’s own…
-
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below – CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719, a site isolation in the DOM: Navigation…
-
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough. For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools,…
-
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a…
-
SonicWall SMA1000 vulnerabilities in active exploitation
SonicWall SMA1000 vulnerabilities in active exploitation Categories: Threat Research Tags: advisory, Vulnerabilities, SonicWall Go to sophos
-
A Video Screen That Is Also a Camera
A Video Screen That Is Also a Camera Amazing: Researchers from ETH Zurich in Switzerland, however, managed to create a new type of pixel that can simultaneously do both. This hypercharged pixel, called a Fourier pixel, can generate and sense arbitrary light fields and tap into a pixel’s full potential for carrying information by manipulating…
-
ISC Stormcast For Thursday, July 16th, 2026 https://isc.sans.edu/podcastdetail/10010, (Thu, Jul 16th)
ISC Stormcast For Thursday, July 16th, 2026 https://isc.sans.edu/podcastdetail/10010, (Thu, Jul 16th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Weekly Update 512: IoT Lockout Fail
Weekly Update 512: IoT Lockout Fail “Build a smart home”, they said. “It’ll make life so much better”, they said. Well, life wasn’t very bloody good at 23:00 the other night after travelling 33 hours from Paris only to find the IoT doorlock batteries dead and the 9V “jump start” procedure completely failing! Eventually, the…
-
Forgotten Bootloaders Expose Secure Boot Blind Spot
Forgotten Bootloaders Expose Secure Boot Blind Spot Nearly a dozen vulnerable and now revoked UEFI shim bootloaders remained trusted for years, giving attackers a path to bypass Secure Boot. Jai Vijayan Go to gbhackers.com
-
Identity Attacks Overtake Exploits as Top Ransomware Cause
Identity Attacks Overtake Exploits as Top Ransomware Cause Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise. Alexander Culafi Go to gbhackers.com
-
Guten Tag, Bonjour, Hola to Our European Cyber Defenders!
Guten Tag, Bonjour, Hola to Our European Cyber Defenders! We’re thrilled to unveil the latest evolution of Dark Reading’s DR Global section — your go-to source for region-specific cybersecurity intelligence beyond North America. Tara Seals Go to gbhackers.com
-
Is ‘Tech-xit’ Imminent? UK Steps Up Sovereignty Push Amid AI Strife
Is ‘Tech-xit’ Imminent? UK Steps Up Sovereignty Push Amid AI Strife The US government’s restrictions on Anthropic and OpenAI frontier models have intensified calls in the UK and other countries to reduce their reliance on US tech companies, with significant cyber implications. Rob Wright Go to gbhackers.com
-
Claude Flaw Automatically Sends Malicious Prompts to AI Agents
Claude Flaw Automatically Sends Malicious Prompts to AI Agents When combined with another exploit, the “PromptFiction” vulnerability, which has been fixed, could have enabled an end-to-end attack on a targeted system. Elizabeth Montalbano Go to gbhackers.com
-
2-Click Cursor Exploit Enables Dev Environment Takeover
2-Click Cursor Exploit Enables Dev Environment Takeover Simple age-old bugs give bad actors access to developers’ secrets and source code-rich environments. Nate Nelson Go to gbhackers.com
-
Dell Warns of Critical PowerProtect Data Domain Flaws Allowing Remote Attackers to Take Complete…
Dell Warns of Critical PowerProtect Data Domain Flaws Allowing Remote Attackers to Take Complete… Dell has recently disclosed two critical vulnerabilities in PowerProtect Data Domain appliances that could allow unauthenticated remote attackers to gain complete control of affected… Delivered by PolitePaul service Go to gbhackers.com
-
11 Malicious NuGet Game Cheat Packages Deploy Pepesoft Windows Surveillance Malware
11 Malicious NuGet Game Cheat Packages Deploy Pepesoft Windows Surveillance Malware 11 malicious NuGet packages masquerading as game cheats, automation bots, and management “panels” that deploy a Windows payload called pepesoft.exe. The packages were published… Delivered by PolitePaul service Go to gbhackers.com
-
SheetAgent RAT Runs 14 Virtual Machine Checks and Self-Deletes When Analysis Is Detected
SheetAgent RAT Runs 14 Virtual Machine Checks and Self-Deletes When Analysis Is Detected A threat campaign targeting Indian government job seekers is using a recruitment notice for Senior Field Officer positions in the Cabinet Secretariat as a… Delivered by PolitePaul service Go to gbhackers.com
-
FaceTime Scammers Combine Credential Theft, Remote-Access Apps, and iOS Exploits for Device Takeover.
FaceTime Scammers Combine Credential Theft, Remote-Access Apps, and iOS Exploits for Device Takeover. Apple-focused scam operations are increasingly using FaceTime as a high-trust social-engineering channel to steal credentials and, in higher-risk cases, prepare victims for device compromise…. Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Fixes Multiple Windows RDP Flaws Exposing Sensitive Data Over the Network
Microsoft Fixes Multiple Windows RDP Flaws Exposing Sensitive Data Over the Network Microsoft has addressed multiple information-disclosure vulnerabilities in the Windows Remote Desktop Protocol (RDP). This widely used service enables remote administration and access to Windows… Delivered by PolitePaul service Go to gbhackers.com
-
CISA warns admins to patch actively exploited SharePoint flaws
CISA warns admins to patch actively exploited SharePoint flaws The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting three vulnerabilities to hack Internet-exposed on-premises SharePoint Server instances. […] Sergiu Gatlan Go to bleepingcomputer
-
Microsoft: Some Dell PCs shut down after recent Windows updates
Microsoft: Some Dell PCs shut down after recent Windows updates Microsoft is blocking this month’s Windows 11 security updates on some Dell devices because they are causing shutdowns and performance issues. […] Sergiu Gatlan Go to bleepingcomputer
-
US charges alleged operators of Russian bulletproof hosting service
US charges alleged operators of Russian bulletproof hosting service U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of providing bulletproof hosting (BPH) services to ransomware gangs that caused over $62 million in damages to victims worldwide. […] Sergiu Gatlan Go to bleepingcomputer
-
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates. […] Lawrence Abrams Go to bleepingcomputer
-
Spanish Police take down €140 million cyber fraud ring, arrest four
Spanish Police take down €140 million cyber fraud ring, arrest four The Spanish Police dismantled a cybercrime and money-laundering organization that made €140 million ($160 million) from investment fraud and business email compromise (BEC) attacks. […] Bill Toulas Go to bleepingcomputer
-
Critical SonicWall Firewall 0-Day Vulnerabilities Actively Exploited in Attacks
Critical SonicWall Firewall 0-Day Vulnerabilities Actively Exploited in Attacks SonicWall has issued an urgent security advisory regarding two vulnerabilities affecting its SMA1000 Series appliances. The company is warning that attackers are actively exploiting these flaws in real-world attacks. The most critical issue, tracked as CVE-2026-15409, carries a maximum CVSS severity score of 10.0 and can…
-
Researcher Claims Bypass of EU Age Verification App Using Chrome Extension
Researcher Claims Bypass of EU Age Verification App Using Chrome Extension Security researcher Paul Moore has once again exposed critical weaknesses in the EU’s flagship age verification system, this time by bypassing the latest app release (version 2026.07-1) using a Chrome extension powered by ClaudeAI. The proof-of-concept shows that, despite months of “security hardening,” a…
-
Chinese Hackers Embed Claude Code and DeepSeek in AI-Powered Government Cyberattacks
Chinese Hackers Embed Claude Code and DeepSeek in AI-Powered Government Cyberattacks An active, highly structured intrusion campaign co-opting commercial artificial intelligence platforms as operational engines for state-sponsored operations. Rather than acting as peripheral research tools, Claude Code and DeepSeek-v4-pro were embedded directly into the core execution flows of a China-linked cyber espionage campaign. The operation…
-
Gamers Download Fake Cheats and Hand Attackers a Live Remote Control of Their Windows PCs
Gamers Download Fake Cheats and Hand Attackers a Live Remote Control of Their Windows PCs New research uncovered 11 malicious NuGet packages disguised as game cheats, bots, and management panels for popular online titles. The campaign targets gaming communities playing titles such as Albion Online, GTA5RP, GrandRP, Majestic RP, and Throne and Liberty. Once installed,…
-
New LegacyHive Windows 0-day Vulnerability Allows Users to Load Another User’s Registry
New LegacyHive Windows 0-day Vulnerability Allows Users to Load Another User’s Registry A proof-of-concept exploit dubbed LegacyHive has been released, enabling a Windows elevation-of-privilege vulnerability in the Windows User Profile Service that allows a standard user to load another user’s registry hive under their own registry classes root. Registry hives are files that store configuration…