Technology Intelligence
Threats against technology companies, software vendors, cloud services, and tech infrastructure.
Agentic AI Used to Conduct Ransomware Attack via Langflow
Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek .
Lloyds to retire Halifax brand
The Halifax brand is set to disappear from UK high streets after 179 years as a financial institution.
Visa launches Visa Destinations to give travellers discounted offers
Visa’s travel offer platform Visa Destinations is now live for users across 10 locations.
NVD CRITICAL: CVE-2026-4321 — Improper neutralization of special elements used in an SQL command ('SQL injecti...
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.
Delaware & Florida Women’s Health Centers Announce Data Breaches
Two women’s healthcare providers have announced data privacy incidents. Women’s Wellness of Southern Delaware recently learned about unauthorized retention of […] The post Delaware & Florida Women’s Health Centers Announce Data Breaches appeared first on The HIPAA Journal .
Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign
An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil.
Employees Drop Class Action Lawsuit Against Stryker Over Hamdala Cyberattack
A consolidated class action lawsuit against the medtech company Stryker over a March 2026 cyberattack has been voluntarily dismissed by […] The post Employees Drop Class Action Lawsuit Against Stryker Over Hamdala Cyberattack appeared first on The HIPAA Journal .
Medtronic Data Breach Impacts 3.8 Million People
Medical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent data breach. The incident occurred in April 2026, when the infamous extortion group ShinyHunters accessed the company’s corporate IT systems. Medtronic confirmed the attack in late April, noting that its products and manufacturing […] The p
Hargreaves Lansdown appoints technology heads
Hargreaves Lansdown (HL), the UK-based wealth management platform, has strengthened its technology leadership with two senior appointments
Signicat and TrustTech partner to bring reusable identity to European digital wallets
Signicat, the European digital identity leader and trust services provider, and TrustTech, the digital trust infrastructure company specialising in identity verification, reusable compliance checks and trusted signatures, today announced a partnership to help regulated businesses build reusable identity processes through private wallet ecosystems.
FBI, Google Take Down NetNut Proxy Network Used by Cyber Threat Actors
The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets
Alleged Scattered Spider Hacker Extradited to US
Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments. The post Alleged Scattered Spider Hacker Extradited to US appeared first on SecurityWeek .
BetGoodwin and Trust Payments sign partnership
BetGoodwin, online sportsbook and casino, has agreed a new 8-year partnership with Trust Payments, the leading payment service provider.
MDOTM raises $27m for AI investment platform
MDOTM Ltd., the global provider of AI-driven investment solutions for Asset and Wealth Management companies, today announced the close of a $27 million growth equity round led by Expedition Growth Capital.
WBS and Quai Digital extend fractional dealing partnership
WBS, a leading provider of dealing, custody, and technology solutions to the UK investment industry, today announces a five-year extension of its partnership with Quai Digital.
NVD CRITICAL: CVE-2026-14544 — A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnera...
A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.
Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices
NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks. The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek .
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to
Critical Cursor AI IDE Flaws Could Lead to OS-Level Remote Code Execution
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI IDE Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek .
Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek .
Swimming Pools, Pee, and Trying to Delete Your Data From the Internet
I can't recall if someone else originally came up with this saying or if I said it in some off-the-cuff comment and it just propagated, but since it's often attributed back to me , I'll relay it here regardless: Trying to delete yourself
NVD CRITICAL: CVE-2026-9725 — The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress...
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the store_design_data() function, which constructs a filesystem path from the user-supplied 'nbd_item_key' POST parameter sanitized only with sanitize_text_field() — which does not strip path
Spyware found on phone of European Parliament member probing it
Stelios Kouloglou, formerly a member of the European Parliament's committee investigation abuses of commercial spyware, was twice infected with Pegasus while serving, researchers said.
Someone infected a spyware probe overseer with spyware
Citizen Lab says the phone of a member of Europe’s PEGA Committee was infected twice with Pegasus, the NSO Group spyware that gave the panel its name. The post Someone infected a spyware probe overseer with spyware appeared first on CyberScoop .
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
Anthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company expects the model to return outside the usage-based plan soon. [...]
Claude Fable relaunch disappoints users with nerfed performance
Claude Fable, the company's most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. [...]
Standard Chartered gives institutional clients access to USDC minting and redemption
Standard Chartered has teamed up with Circle to enable its institutional clients to access USDC stablecoin minting and redemption.
Visa launches threat intelligence platform; carries out agentic transactions in Europe
Visa has launched a platform designed to help financial institutions detect and respond to cyber threats. Separately, the payments giant has carried out a host of agentic commerce transactions with banks across Europe.
NVD CRITICAL: CVE-2026-57100 — Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (Sync...
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
NVD CRITICAL: CVE-2026-45499 — Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker...
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
NVD CRITICAL: CVE-2026-41106 — Url redirection to untrusted site ('open redirect') in M365 Copilot allows an un...
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses.
FortiBleed Hacks Tied to INC Ransom and Lynx Operation
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/fortibleed-tied-to-inc-ransom-lynx-operation-image_small-3-a-32147.jpg" align=right hspace=4><b>Theat Actor Accessed INC and Lynx Ransom Negotiation Panels</b><br>SOCRadar linked the FortiBleed credential-harvesting operation to ransomware groups INC Ransom and Lynx, citing evidence that a sophisticated initial access broker compr
Why CIOs Need an AI Sovereignty Strategy
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cios-need-ai-sovereignty-strategy-image_small-2-a-32146.jpg" align=right hspace=4><b>IBM Finds AI Vendor Disruptions Are Raising Costs and Operational Risk</b><br>Most enterprises are more dependent on their AI vendors than they realize, and a new IBM study puts a dollar figure on what that exposure costs. Here's what CIOs need to
How We Added WebAuthn to a Browser-Based RDP Client
A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post How We Added WebAuthn to a Browser-Based RDP Client appeared first on Unit 42 .
Breach Roundup: DeepSeek Sparks Browser Ransomware
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/breach-roundup-deepseek-sparks-browser-ransomware-image_small-6-a-32149.jpg" align=right hspace=4><b>Also, False Negatives Causes Trust in AI Pentest to Drop</b><br>This week: a DeepSeek browser-only ransomware path, AI pen testing trust dropped, Mustang Panda targeted India, Tata breach exposed iPhone 18 data, CISA flagged BlueHa
How Dragos Acquisition Expands Accenture's OT Security Reach
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/how-dragos-acquisition-expands-accentures-ot-security-reach-image_small-9-a-32148.jpg" align=right hspace=4><b>Joint Accenture-Dragos Platform Adds OT, Threat Intelligence and Incident Response</b><br>Accenture says its acquisition of Dragos combines managed security services with leading OT threat intelligence, asset discovery an
Anthropic Unveils AI Tool for Scientists and Medical R&D
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/anthropic-unveils-ai-workbench-for-scientists-image_small-8-a-32144.jpg" align=right hspace=4><b>Claude Science Aims to Speed Research and Drug Discovery, and Improve Collaboration</b><br>Much of the work involved with life science, biomedical and related research consists of tedious, time-consuming tasks that bog down the discove
FCC Router Ban Risks Freezing Home Security Updates
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/fcc-router-ban-risks-freezing-home-security-updates-image_small-4-a-32142.jpg" align=right hspace=4><b>Verizon Waiver Is Latest Carve-Out in a Rule Experts Say Undercuts Router Security</b><br>The FCC granted Verizon a one-year waiver from its foreign-router ban, the latest carve-out in a rule that critics say would strip millions
How Renown Health Is Reshaping Its Digital ID Strategy
Renown Health is reshaping digital ID management with a strategy that reduces friction for clinicians, strengthens security and prepares the organization for emerging AI-driven identity challenges, said Steven Ramirez, Renown Health's chief information security and technology officer.
Square adds ChatGPT and Claude integrations
Square today announced a new ChatGPT app and Claude plugin, helping sellers get discovered and transact at the exact moment customers are making purchasing decisions through AI-powered conversations.
Launch of UK's National Cyber Action Plan delayed amid Labour leadership crisis
The plan had been due for publication on Monday, the sources said. It has been postponed amid the uncertainty over the governing Labour Party’s leadership contest, which opens July 9.
NVD CRITICAL: CVE-2026-59099 — Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that al...
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow
NVD CRITICAL: CVE-2026-58466 — AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability...
AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via add_default_user() in the database user module when the users table is empty. Attackers can submit the default credentials to the authentication login endpoint to gain full c
Apple Reverses Age-Old Patch Policy to Keep Up With AI
Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
FBI Seizes NetNut Proxy Platform, Popa Botnet
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botn
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's pool of usable devices by millions. Google identifies NetNut, also tracked as Popa, as a network spread across home
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
Global Schools Holdings Cites Two Injunctions in a Bid to Chill Our Reporting. It Won’t Work.
My About page is pretty clear about legal threats: If you want to send me legal threats about my reporting or comments, knock yourself out, but don’t be surprised to see me report on your threat, any confidentiality sig blocks you may attach notwithstanding. I have been threatened with lawsuits many times, and to be... Source
Ransomware Thugs Masquerade as Interpol to Entice Small Biz
The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.
Intesa Sanpaolo migrates core IT systems to Google Cloud infrastructure
Italy's biggest bank, Intesa Sanpaolo, has completed the migration of its core IT systems to Google Cloud infrastructure.
Catan and Mouse
What do board games and cybersecurity have in common? Pattern recognition. Strategy. Adaptation. In this week’s Threat Source Bill explores why curiosity may be a defender’s most valuable skill.
Cryptohack Roundup: Chinese Fraudster Gets 30 Years in Prison
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cryptohack-roundup-chinese-fraudster-gets-30-years-in-prison-image_small-7-a-32141.jpg" align=right hspace=4><b>Also: Hollywood Director Jailed for $11M Fraud</b><br>This week, a Chinese fraudster got 30 years, Hollywood director jailed for $11M fraud, Florida crypto scam plea, China jailed five in FX case, South Korea fines Bithu
Infinite and Sardine launch two-way integration
Infinite, the AI-native compliance and payments platform built for the stablecoin economy, and Sardine, the fraud, risk, and payments platform, today announced a two-way integration that combines Sardine's real-time fraud and risk intelligence with Infinite's AI-powered compliance platform and account infrastructure.
NVD CRITICAL: CVE-2024-14037 — Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows una...
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed image/jpeg Content-Type to bypass the absence of extension and MIME type validation, with the uploaded
NVD CRITICAL: CVE-2022-50973 — Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability ...
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any authentication, file type, extension, or content validation. Attackers can upload a JSP webshell by specifying a m
The Gentlemen ransomware: what you need to know
Who Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog.
Supreme Court decision threatens EU-US data transfer agreement
In a Tuesday letter, Max Schrems, the founder of the Vienna-based privacy advocacy organization noyb, told European officials he plans to sue to invalidate the EU-U.S. Data Privacy Framework (DPF) that allows for the transfer of personal data from the EU to U.S. companies.
NVD CRITICAL: CVE-2026-58455 — Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulne...
Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authentication redirect in loader.php combined with unsanitized input passed to shell_exec() in ajax/compose.php. Attackers can seed the required session flag through the incomplete auth check, then inject
Scattered Spider Suspect Extradited From Finland to US
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/scattered-spider-suspect-extradited-from-finland-to-us-image_small-10-a-32140.jpg" align=right hspace=4><b>FBI Says Peter Stokes, 19, 'Exhibited Substantial Wealth for a Person of His Age'</b><br>A suspected member of the notorious Scattered Spider cybercrime group has been extradited from Finland to stand trial in the United Stat
Alleged longstanding member of Scattered Spider extradited to US
Peter Stokes boasted on social media about the luxurious globetrotting life he enjoyed while he was still a child. The post Alleged longstanding member of Scattered Spider extradited to US appeared first on CyberScoop .
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runs
Google loses final appeal to overturn €4.1 billion EU fine
Court of Justice of the European Union (CJEU) has dismissed Google's final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company's use of Android to promote its Chrome browser and search service. [...]
Anchorage Digital integrates with Lido to expand institutional access to Ethereum liquid staking
Anchorage Digital, home to America's first federally regulated crypto bank, has integrated with Lido, the largest liquid staking protocol on Ethereum, giving institutions compliant access to wstETH without leaving the Anchorage Digital platform.
New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure
Hackers are targeting NetScaler appliances using public PoC code to retrieve arbitrary memory content in the HTTP response. The post New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure appeared first on SecurityWeek .
Paysera becomes direct Visa member
Paysera LT, UAB has obtained the status of a direct Visa member (Issuing Principal Member) – one of the highest statuses in the payments industry.
Ondo Finance launches custodial tokenised securities in the US
Ondo Finance today announced the first live solution of third-party tokenized U.S. securities operating entirely within the existing regulatory perimeter in the U.S., in partnership with Broadridge Financial Solutions Inc., (NYSE: BR) to provide full voting rights for tokenized equity holders.
Major UK banks adopt Swift consumer payments framework
Barclays, HSBC, Lloyds and NatWest will be among the first financial institutions in the world to go live with Swift's new framework for cross-border retail payments.
Payward completes Reap acquistion
Payward, a unified financial infrastructure platform advancing an open, global financial system, today announced the completion of its acquisition of Reap Technologies Holdings Limited (“Reap”), a leading stablecoin-native, card issuing and payments infrastructure company enabling global money movement.
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]
ClickFix Social Engineering Technique is the Leading Method for Malware Delivery
The ClickFix social engineering technique is the leading method of malware delivery, according to an analysis by researchers at ReliaQuest. […] The post ClickFix Social Engineering Technique is the Leading Method for Malware Delivery appeared first on The HIPAA Journal .
Formalizing Red Teaming Offensive Methodology as a Multi-Agent AI Architecture
Threat actors are integrating AI into their exploit chains, accelerating reconnaissance, automating vulnerability discovery, and scaling social engineering in ways that compress the timeline between initial access and impact. The barrier to sophisticated offensive operations is dropping fast. Rapid7's Red Team is doing the same. Over the past year we formalized our approach into a structured multi
Oman Arab Bank completes Visa tokenisation rollout
Oman Arab Bank (OAB) and BPC, a global leader in payment solutions, are marking 10 years of partnership, celebrating a decade of card and payments modernisation that has helped reshape the bank’s issuing and acquiring business in Oman.
NVD CRITICAL: CVE-2026-5524 — The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Uploa...
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the do_image_upload() function where user-supplied input from the acceptFileTypes POST parameter is directly interpolated into a regular expression used to validate uploaded files. Atta
WealthAi and Flanks team up to solve wealth management's costly data problem
WealthAi, the AI operating system for wealth managers, has partnered with Flanks, the AI wealth data infrastructure, to bring institution-grade data from more than 650 institutions worldwide directly into the WealthAi platform.
How to Conduct a Successful Audit of AI-Driven Software Development
As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. The post How to Conduct a Successful Audit of AI-Driven Software Development appeared first on SecurityWeek .
LinqAlpha raises $22m to build alpha intelligence layer for global public markets
LinqAlpha, the AI-native company building the Alpha Intelligence Layer for global public markets, today announced $22 million in Series A funding.
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs," Kaspersky said in a detailed report published this week. "
Context Engineering | Compaction & Agent Memory for Automated Malware Analysis
Compaction cut input tokens 86% across long-running agent evals with no quality loss. Context discipline matters as much as model selection.
Morphic launches RGLTD for digital assets
Morphic Financial Group, the London-based digital financial services group, today announces the launch of RGLTD and the expansion of its strategic partnership with Cashify, creating a new dual-brand operating structure designed to serve the evolving needs of Europe’s regulated digital asset market.
Researcher Behind 'Exploitarium' Explains Release of Undisclosed Zero-Day Exploits
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities first
WealthArc adds crypto assets to its data platform
WealthArc, today announced the integration of crypto assets as a fully supported asset class within its global data infrastructure service, enabling wealth managers, external asset managers, and family offices to deliver a complete portfolio view across digital and traditional assets from a single, reliable data source.
FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
Researchers say credentials harvested from hundreds of thousands of FortiGate firewalls are being used to facilitate ransomware attacks by the INC and Lynx operations. The post FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks appeared first on SecurityWeek .
Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.
IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open-source software supply chain.
One in four Brits have fallen for online financial scams
A quarter of British adults have lost money after falling for fraudulent online advertisements and have cut back on online shopping as a result.
Microsoft fixes bug that removed Copilot buttons in Outlook
Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. [...]
Gardyn IoT Hub
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices.</strong></p> <p>The following versions of Gardyn IoT Hub are affected:</p> <ul> <li>Home Firmware</li> <
ST Engineering iDirect iQ-Series Terminals
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition.</strong></p> <p>The following versions of ST Engineering iDirect iQ-Ser
Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware
Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world
CubeSpace CW0057 Reaction Wheel
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.</strong></p> <p>The following versions of CubeSpace CW0057 Reaction Wheel are affected:</p> <ul> <li>CW0057 Re
JP Morgan's AI head to depart after 4 decades
Teresa Heitsenrether, chief data and analytics officer at JP Morgan Chase, is set to leave the bank after a career spanning four decades
Cisco finally confirms attackers exploiting Unified CM flaw
Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]
Identity Lifecycle Management Wasn't Built for AI Agents
Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren't designed to detect. This guide covers where that model breaks, what it
Cybersecurity Mission Creep in the US
Interesting paper: “ Cybersecurity Mission Creep .” Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what
Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm
Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available. The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek .
Field reports from Patch the Planet
<p>We’re running <a href="https://trailofbits.com/patch-the-planet">Patch the Planet</a>, an ongoing collaboration with OpenAI that pairs Trail of Bits engineers directly with more than 30 open-source projects. Its goal is to front-run a serious problem facing open-source maintainers: highly capable models like GPT-5.5-Cyber will soon create a firehose of bug reports, and OSS maintainers are alrea
GPT-5.5-Cyber built a zlib fuzzing lab in a day
<p>We’re running <a href="https://trailofbits.com/patch-the-planet">Patch the Planet</a>, an ongoing collaboration with OpenAI that pairs Trail of Bits engineers directly with more than 30 open-source projects. Its goal is to front-run a serious problem facing open-source maintainers: highly capable models like GPT-5.5-Cyber will soon create a firehose of bug reports, and OSS maintainers are alrea
Argo CD flaw shows why GitOps infrastructure should be treated as tier zero
A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application deployments. Security firm Synacktiv said in a report that the flaw affects Argo CD’s repo-server component, which fetches content from Git r
CISA: Microsoft SharePoint RCE flaw now actively exploited
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [...]
Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability
A PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week. The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek .
Opera rolls out Paste Protect feature to fight ClickFix attacks
Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. [...]
Greater Rochester Independent Practice Association Settles MOVEit Data Breach Litigation
A settlement has been agreed to resolve claims against Greater Rochester Independent Practice Association (GRIPA) arising from the May 2023 […] The post Greater Rochester Independent Practice Association Settles MOVEit Data Breach Litigation appeared first on The HIPAA Journal .
‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials
Researchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials. The post ‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials appeared first on SecurityWeek .
Mauritius issues five year fintech plan
Mauritius has launched its National Fintech Strategy 2026-2030, a five-year roadmap designed to boost areas such as digital finance and financial inclusion on the African island.
Serviceaide Pays $1.8 Million to Settle Data Breach Litigation
Serviceaide, Inc., a provider of AI-powered solutions to boost productivity and enhance service delivery, has agreed to pay $1.8 million […] The post Serviceaide Pays $1.8 Million to Settle Data Breach Litigation appeared first on The HIPAA Journal .
CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability
CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659). The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek .
NCI and DataExpert launch crypto compliance training programme
The European Anti-Money Laundering Regulation (AMLR) will come into force on 10 July 2027, introducing stricter requirements for financial institutions, crypto-asset service providers (CASPs) and other regulated entities acting as financial gatekeepers
Crypto platform Tothemoon secures MiCA licence in Cyprus
Tothemoon, a global crypto platform, today announced that it has secured authorisation from the Cyprus Securities and Exchange Commission (CySEC) as a Crypto-Asset Service Provider (CASP) under the European Union’s Markets in Crypto-Assets Regulation (MiCA).
NCSC Shares Tips on How to Make a Pen Tester’s Job Harder
The NCSC has shared best practice advice from pen testers which could help improve system resilience
Luxembourg Fund Services and bunch strike strategic alliance
bunch, the AI-native fund operations platform for private markets, today announced it has entered into a strategic partnership with founder Massimo Longoni and CFE Finance Group (“CFE”), joint owners of Luxembourg Fund Services S.A. ("LFS"), under which bunch will join Mr. Longoni and CFE as shareholders in LFS.
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company's production database. Ransomware has always
Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects
Kaspersky Compromise Assessment specialists analyze trends from the service's 2025 projects and provide tips on how to enhance your organization's security.
Alleged Scattered Spider hacker extradited to the United States
A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. [...]
Alleged Scattered Spider Member Extradited to US
A teenager accused of hacking as part of Scattered Spider has been arrested
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment
Lloyds joins Integral global FX liquidity network
Integral, a leading currency technology provider to financial markets, today announced that Lloyds has joined its ecosystem as a liquidity provider, further strengthening its institutional FX network.
Lightspark becomes first payments company in Estonia to get MiCA licence
Today, Lightspark Payments Europe AS announced it received a crypto-asset service provider (CASP) authorization under the EU's Markets in Crypto-Assets Regulation (MiCA), together with authorization to operate as an electronic money institution (EMI), from Estonia's Financial Supervision Authority (Finantsinspektsioon).
New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack and
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue
Medtronic notifies customers impacted by ShinyHunters data breach
Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. [...]
Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549 , allow attackers to break out of Cursor’s command execution sandbox, the protective layer that’s supposed to prevent the inter
OCBC adds AI-powered financial advisor avatars to app
OCBC has revamped its mobile app with two AI-powered avatars that deliver "hyper-personalised" wealth management services in real-time 24 hours a day.
SoFi buys AI-based investing startup Composer
US fintech SoFi has acquired Composer, a Toronto-based AI-powered retail investing startup. Financial terms were not disclosed.
Quantum Breakthroughs Compress Post-Quantum Computing Timeline
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/quantum-breakthroughs-compress-post-quantum-computing-timeline-image_small-2-a-32137.jpg" align=right hspace=4><b>Microsoft, Google and AWS cite major gains in reliability and error correction.</b><br>Rapid advances in quantum hardware, AI-assisted error correction and fault-tolerant architectures from Microsoft, Google and Amazon
US FTC Eyes AI Model Behavior in New Policy Push
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/us-ftc-eyes-ai-model-behavior-in-new-policy-push-image_small-1-a-32135.jpg" align=right hspace=4><b>Agency Seeks Comments on Objectivity, Accuracy and AI Governance</b><br>The FTC has opened a public comment period on whether AI companies improperly shape model behavior. The proposal could redefine how federal regulators oversee A
The Shadow AI Problem Starts in the C-Suite
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/shadow-ai-problem-starts-in-c-suite-image_small-9-a-32133.jpg" align=right hspace=4><b>Executives Are More Likely to Use Unapproved AI Tools Than Their Teams</b><br>Shadow AI may look like a rank-and-file problem, but new data suggests the biggest users of unauthorized tools are senior leaders and C-suite executives. The findings
Aflac Japan: Hack Detected Last Week Affects Nearly 4.4M
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/aflac-japan-hack-detected-last-week-affects-nearly-44m-image_small-8-a-32131.jpg" align=right hspace=4><b>Incident Is Insurance Giant's Second Major Data Breach Since June 2025</b><br>Aflac is notifying regulators and nearly 4.4 million Aflac Life Insurance Japan customers of a hacking incident detected last week potentially affec
MeetingTV Sues Palo Alto Networks Over Koi Threat Report
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/meetingtv-sues-palo-alto-networks-over-koi-threat-report-image_small-5-a-32136.jpg" align=right hspace=4><b>MeetingTV Says Koi's AI Analysis Tool Wrongly Tied it to Malware Infrastructure</b><br>MeetingTV alleges an AI-assisted threat intelligence report published by Koi Security falsely linked its infrastructure to a Chinese cybe
Workers Withdraw Claims in Stryker Wiper Attack Lawsuit
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/court-dismisses-stryker-hack-lawsuit-filed-by-workers-image_small-10-a-32129.jpg" align=right hspace=4><b>Action Comes After Stryker Contends Employees' Personal Data Wasn't Compromised</b><br>Eight current and former Stryker employees of medical tech company voluntarily withdrew their lawsuits against the medical technology compa
FortiBleed credential-theft campaign linked to Lynx ransomware
The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. [...]
Kubota says hackers had month-long access to network systems
Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. [...]
Robinhood unveils UK crypto launch plans and global DeFi expansion
Today, live from the historic Old Royal Naval College in London, Robinhood hosted Robinhood Presents: The World is Flat, a landmark keynote revealing our most ambitious global expansion and product vision to date.
Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS
Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability.
NVD CRITICAL: CVE-2026-58457 — Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenti...
Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilter_conf handler in the commuos web backend. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are passe
Teen suspect in Scattered Spider hacks is extradited to US
A complaint unsealed this week accuses a 19-year-old of participating in incidents including a breach of a "luxury-jewelry retailer" in 2025.
ChocoPoc malware delivered via trojanized exploits on GitHub
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. [...]
New ChocoPoC malware targets researchers via trojanized PoC exploits
Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. [...]
Langflow Flaws Exposed AI Servers to Takeover
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/langflow-flaws-exposed-ai-servers-to-takeover-image_small-7-a-32125.jpg" align=right hspace=4><b>Rubrik Decries Lack of Fundamental Cybersecurity in AI Platforms</b><br>Rubrik Zero Labs found four vulnerabilities in Langflow, including flaws that allowed unauthenticated attackers to execute code, read sensitive files and steal cre
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers in
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody. Finnish police
Researchers spot exploitation of another critical Oracle defect
The defect impacts a popular collection of business applications that attackers have hit before in widespread attack sprees. The post Researchers spot exploitation of another critical Oracle defect appeared first on CyberScoop .
NVD CRITICAL: CVE-2026-53492 — containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2....
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying sol
NVD CRITICAL: CVE-2026-50195 — containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 a...
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitra
Azure Password-Spraying Attack Bypasses MFA Defenses
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/azure-password-spraying-attack-bypasses-some-mfa-defenses-image_small-4-a-32128.jpg" align=right hspace=4><b>Threat Actor Uses Deprecated OAuth 2.0 Authentication Flow</b><br>Attackers behind a password-spraying campaign targeting Microsoft Office 365 accounts have amassed dozens of victims by abusing a deprecated feature in OAuth
Prohibiting AI Use Increases Enterprise Data Risk
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/prohibiting-ai-use-increases-enterprise-data-risk-image_small-9-a-32124.jpg" align=right hspace=4><b>Fortra's Tony Kelly on Securing AI Adoption With Governance, Data Protection</b><br>Organizations that block generative AI use often create greater security risks by driving employees toward unauthorized tools, said Tony Kelly, reg
CVE-2026-13769 – Insecure file permissions in AWS CLI
<p><b>Bulletin ID:</b> 2026-049-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 07/01/2026 11:45 AM PDT</p> <p><b>Description:</b></p> <p>The AWS Command Line Interface (AWS CLI) is a unified tool for managing AWS services from the command line. We identified CVE-2026-13769 in AWS CLI on Unix-like systems where the umask has not been c
NVD HIGH: CVE-2026-46680 — containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0...
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0
Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings
Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings. The post Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings appeared first on SecurityWeek .
Pico and LDA Technologies partner on high-fidelity data for real-time AI and trading workflows
Pico, a leading global provider of mission-critical technology services, software, data and analytics for the financial markets community, and LDA Technologies, a leader in ultra-low latency networking and FPGA applications, today announced that Pico’s Corvil Analytics platform will support LDA Technologies’ NeoTap X aggregation technology in the upcoming Corvil Analytics 10.2 release.
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a "massive, multi-domain, multi-language" campaign that distributes malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS Studio, DNS Jumper, DS4Windows, and Bandicam, among others.
DHS confirms hackers breached HSIN info-sharing platform
The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state, local, and private-sector partners. [...]
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It's suspected that the initial payloads are distributed either via spear-phishing or a drive-by compromise, which occurs when an unsuspecting user lands on
NVD CRITICAL: CVE-2026-58453 — JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a h...
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these hardcoded credentials to access camera snapshots, video streams, netw
NVD CRITICAL: CVE-2026-34114 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...
Guardian language-system passes the id GET parameter directly into a PHP exec() call in translate_text.php (line 18) without sanitization: exec(\"php jobs/translate_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
NVD CRITICAL: CVE-2026-34113 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech_text.php (line 18) without sanitization: exec(\"php jobs/speech_audio_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
NVD CRITICAL: CVE-2026-34111 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac_text.php (line 18) without sanitization: exec(\"php jobs/speech_audio_mac_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
NVD CRITICAL: CVE-2026-34110 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...
Guardian language-system passes the id GET parameter directly into a PHP exec() call in complex_start.php (line 14) without sanitization: exec(\"php jobs/complex.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
NVD CRITICAL: CVE-2026-34109 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech.php (line 18) without sanitization: exec(\"php jobs/speech_audio.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
NVD CRITICAL: CVE-2026-34108 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...
Guardian language-system passes the id GET parameter directly into a PHP exec() call in text.php (line 15) without sanitization: exec(\"php jobs/text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
NVD CRITICAL: CVE-2026-34107 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...
Guardian language-system passes the id GET parameter directly into a PHP exec() call in translate.php (line 14) without sanitization: exec(\"php jobs/translate.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
NVD CRITICAL: CVE-2026-34106 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...
Guardian language-system passes the id GET parameter directly into a PHP exec() call in subtitles.php (line 19) without sanitization: exec(\"php jobs/subtitle_rendering.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to the id parameter to execute arbitrary OS commands on the server.
NVD CRITICAL: CVE-2026-34105 — Guardian language-system passes the id GET parameter directly into an unsanitize...
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translate_text.php (line 15): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
NVD CRITICAL: CVE-2026-34104 — Guardian language-system passes the name GET parameter directly into an unsaniti...
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
NVD CRITICAL: CVE-2026-34103 — Guardian language-system passes the id GET parameter directly into an unsanitize...
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php (line 16): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
NVD CRITICAL: CVE-2026-34102 — Guardian language-system passes the id GET parameter directly into an unsanitize...
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
NVD CRITICAL: CVE-2026-34101 — Guardian language-system passes the id GET parameter directly into an unsanitize...
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
NVD CRITICAL: CVE-2026-34100 — Guardian language-system passes the id GET parameter directly into an unsanitize...
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
NVD CRITICAL: CVE-2026-34099 — Guardian language-system passes the id GET parameter directly into an unsanitize...
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current user, schema names, and table contents.
Hackers target Microsoft 365 accounts with 81 million login attempts
An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period. [...]
NVD CRITICAL: CVE-2026-58127 — PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via ...
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET WebClient class methods, an unauthenticated remote attacker can read and write arbitrary files on the hos
NVD CRITICAL: CVE-2026-58126 — PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulne...
PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads
NVD CRITICAL: CVE-2026-57517 — Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability...
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshe
Verizon Releases Inaugural Breach Impact Study
Verizon Business has released the findings from its inaugural Breach Impact Study, which focuses on the financial impact of data […] The post Verizon Releases Inaugural Breach Impact Study appeared first on The HIPAA Journal .
When Too Much Security Data Became the Risk
Rapid growth turned routine firewall logs into a security and budget liability. One CISO used artificial intelligence to filter what data truly belongs in the SIEM.
Objectway buys FNZ's Swiss private banking tech business
Objectway, a global wealthtech partner for banking, wealth and asset management firms, today announced the acquisition from FNZ of their Swiss private banking technology business FNZ Switzerland SA (formerly operating as New Access).
Peru's BanBif picks Finastra tech for trade finance overhaul
Peru-based Banco Interamericano de Finanzas (BanBif), today announced its selection of Finastra Trade Innovation and Corporate Channels as part of its trade finance modernization project.
Nebeus receives MiCA CASP authorisation
Nebeus has been authorised by Spain's CNMV as a Crypto-Asset Service Provider (CASP) under the EU's Markets in Crypto-Assets (MiCA) regulation, placing the Barcelona-based fintech among the first regulated firms able to passport digital asset services across the European Economic Area.
Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures
A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal. Fortinet's FortiGuard Labs identified the campaign in May 2026. It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really in Spain or Portugal, and hides its real payload inside an image. The goal is the usual one: steal banking logins and take
5 Myths About AI in the SOC Security Teams Need to Rethink
AI is now part of almost every conversation in security operations. Most teams are already investing in it, experimenting with it, or trying to understand where it fits. The challenge is not whether to adopt AI, but how to apply it in a way that actually improves outcomes. At the Rapid7 Global Cybersecurity Summit, the session The AI Dilemma: Automating Defense Without Surrendering Judgment explor
Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic
Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic. The ColdFusion updates "resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escalation, arbitrary file system read, and security feature bypass," Adobe said in an alert released Tuesday. The vulnerabilities are listed
'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.
NVD CRITICAL: CVE-2026-23537 — A vulnerability has been identified in the Feast Feature Server’s `/save-documen...
A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requir
JP Morgan Payments and NPCI team up to power real-time FX for cross-border UPI
National Payments Corporation of India is working with JP Morgan Payments to enable real-time currency conversion and settlement of cross-border transactions over the Unified Payments Interface.
Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide. They are tracked as CVE-2026-50548 and CVE-2026-50549, both rated 9.8 out of 10 (or 9.3
Fileless Malware Abuses Google Blogspot to Deploy Infostealer in Memory
Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory
Swedish court orders Google to pay Klarna $1.97bn
Google has been ordered by a Swedish court to pay $1.97 billion in damages to PriceRunner, a price comparison service owned by Klarna.
Stripe rolls out tools to help German businesses sell globally
Stripe today shared new tools to help businesses in Germany sell to and via AI agents, and reach more markets around the world.
Nuvei makes C-suite changes
Nuvei, the global fintech building the infrastructure for every payment, everywhere, today announced three appointments to its executive leadership team as the company continues its next phase of global growth.
Privilege escalation to root in Lima QEMU guests via a world-writable agent socket (CVE-2026-53657)
[object Object]
Turning Indicators into Intelligence in OpenCTI with Criminal IP
Threat intelligence is only as useful as the context behind it. Criminal IP explains how its integration enriches threat indicators in OpenCTI with risk scoring, infrastructure intelligence, and phishing analysis. [...]
Vulnerability Prioritization Is Missing the AI-Era Point
<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/focusing-on-vulnerability-prioritization-is-missing-the-ai-era-point" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_prioritize_vulnerabilities.jpg" alt="Image with a hexagon shape at center containing a computer monitor with an icon of an arrow and bullseye." class="hs-featured-i
HHS Provides Update on its Artificial Intelligence RFI
The Department of Health and Human Services (HHS) has provided an update on how it plans to accelerate the adoption […] The post HHS Provides Update on its Artificial Intelligence RFI appeared first on The HIPAA Journal .
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU). The Canadian cybersecurity company said it identified exploitation attempts targeting CVE-2026-8037 (CVSS score: 9.6), an operating system (OS) command injection flaw that could be exploited to achieve
Brazilian Banking Trojan Ousaban Targets Spain and Portugal
FortiGuard says the Brazilian banking trojan Ousaban is targeting Spain and Portugal via phishing
Take the Guesswork out of HIPAA Compliance for Small Practices
Removing guesswork from HIPAA compliance means replacing assumptions about what a practice has covered with a documented process that maps […] The post Take the Guesswork out of HIPAA Compliance for Small Practices appeared first on The HIPAA Journal .
Security Researcher Identifies Quintet of Bugs in Toolkit Used in DICOM Medical Imaging Software
A quintet of vulnerabilities has been identified in a DICOM toolkit – OFFIS DCMTK – that is extensively used in […] The post Security Researcher Identifies Quintet of Bugs in Toolkit Used in DICOM Medical Imaging Software appeared first on The HIPAA Journal .
U.S. lifting export control restrictions on Anthropic’s Mythos, Fable
The company and the Commerce Department say they have reached an agreement that will see the AI models released publicly with new guardrails and classifiers. The post U.S. lifting export control restrictions on Anthropic’s Mythos, Fable appeared first on CyberScoop .
US lifting export control restrictions on Anthropic’s Mythos, Fable
The company and the Commerce Department say they have reached an agreement that will see the AI models released publicly with new guardrails and classifiers. The post US lifting export control restrictions on Anthropic’s Mythos, Fable appeared first on CyberScoop .
HIPAA Compliance Made Easy for Small Practices
HIPAA compliance for a small practice means meeting the requirements of the HIPAA Privacy Rule, the HIPAA Security Rule, and […] The post HIPAA Compliance Made Easy for Small Practices appeared first on The HIPAA Journal .
SumUp launches consumer personal accounts
SumUp, the global financial technology company serving more than four million merchants worldwide, has today announced the launch of consumer personal accounts, marking the most significant expansion of its consumer offering to date.
Finova acquires Cubit Labs to accelerate its future of lending strategy
Finova, the UK's leading cloud-based mortgage, savings and lending software provider, today announces the acquisition of Cubit Labs, an AI technology company focused on transforming intermediary workflows and compliance.
RTGS.global and Bamboo partner on cross-border payments across Latin America
RTGS.global and Bamboo have today announced a strategic partnership to enhance cross-border payment capabilities for financial institutions, payment providers and businesses operating across Latin America, including those supporting regulated iGaming activities enabling faster, more efficient movement of funds across one of the industry's fastest-growing regions.
US lifts export controls on Anthropic’s frontier cybersecurity AI models
Anthropic said export controls on certain models had been lifted after the company came to a series of agreements with the government.
Japanese insurer, brewer, manufacturer and telecom disclose cyber breaches
Aflac's Tokyo arm and brewer Sapporo are among the major Japanese companies to recently notify the public about data breaches.
Safe Events Start With Threat Intel & Digital Security
Planning ahead to defend against cyber threats is the work that keeps events uneventful.
Safe Events Start With Threat Intel and Digital Security
Planning ahead to defend against cyber threats is the work that keeps events uneventful.
AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android
Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both Windows and Android devices. "This is the first documented case where a frontier AI model
AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android
Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both Windows and Android devices. "This is the first documented case where a frontier AI model
Over 900 Oracle E-Business instances exposed to ongoing attacks
Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. [...]
BoE calls for bespoke AI regulation
A senior official at the Bank of England has called for an updated regulatory framework to cater for the inexorable rise of agentic AI
Medtronic Starts Notifying Individuals Affected by April 2026 Cyberattack
Medtronic has started issuing notifications to individuals affected by an April 2026 cyberattack. The ShinyHunters threat group claimed responsibility for […] The post Medtronic Starts Notifying Individuals Affected by April 2026 Cyberattack appeared first on The HIPAA Journal .
Eurobank announces €1bn tech investment plan
Greece-based Eurobank is planning to invest as much as €1bn in technology as part of a digital transformation programme.
2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience
Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a series of surprising contradictions. Here are a few examples, based on the independent survey of 1,200 IT and cybersecurity professionals
Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities
Seven of the security defects have a maximum severity rating of 10/10 and could lead to arbitrary code execution. The post Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities appeared first on SecurityWeek .
Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack
Citrix urges customers to patch NetScaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity CitrixBleed-style information disclosure bug. The post Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack appeared first on SecurityWeek .
EC Markets installs Acuity Trading's AI-driven trading tools
EC Markets traders will gain access to Acuity Trading’s full suite of AI-driven market, event and trade intelligence tools through EC Insights, bringing together sentiment analysis, economic data, macroeconomic context and AI-supported market commentary within the EC Markets trading environment.
FIX publishes new outage communicaiton standards
The FIX Trading Community, the industry association that manages the world’s trading language, the FIX Protocol, has released a new methodology for exchanges and market participants to automatically communicate outages electronically.
Anthropic's Fable 5 and Mythos 5 Are Back with New Security Guardrails
The new classifier in Fable 5 blocks the jailbreak technique that prompted the US export controls “in over 99% of cases”
Singapore's UOB and CQT collaborate on quantum computing
UOB today announced a collaboration with Singapore’s Centre for Quantum Technologies (CQT) to pioneer the application of quantum computing techniques to the valuation of complex financial derivatives.
Papa Johns Surveillance-Based Advertising
Papa Johns is spying on people’s buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they’re low on groceries—and thus more likely to be swayed by a mouth-watering ad. The idea is to reach hungry consumers by “knowing what is in their fridge w
Microsoft fixes GIF functionality in the Windows Emoji Panel
Microsoft has fixed the GIF functionality in the Emoji Panel for Windows 11 and Windows Server users after the provider shut down its service. [...]
US Faster Payments Council unveils 2026 directors
The US Faster Payments Council (FPC), a membership organization devoted to advancing safe, easy-to-use faster payments in the United States, today announced the results of its 2026 Board of Directors election.
Microsoft Accelerates Post-Quantum Cryptography Shift to 2029
Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encryption standards sooner than previously expected. "Advances in quantum research and development have shifted the risk horizon," Mark Russinovich, chief technology officer of Microsoft Azure, said. "We believe
Martin Lee: Running through the Arctic (and the threat landscape)
Ever wonder how someone goes from studying human viruses to leading cybersecurity teams? In this Humans of Talos, we’re joined by Martin Lee, EMEA Lead, to talk about his journey into the industry.
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure.
ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365
Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration.
Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors
From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. The post Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors appeared first on SecurityWeek .
Microsoft Accelerates Quantum-Safe Push with New Timeline
Microsoft has brought forward its timelines for transitioning to post-quantum cryptography (PQC)
This phishing kit looks more like BEC-as-a-service
Cisco Talos’ research on ARToken builds on what’s known about the related EvilTokens phishing-as-a-service. The post This phishing kit looks more like BEC-as-a-service appeared first on CyberScoop .
Amazon fined $2.25M for withholding evidence from fraud victims
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records. [...]
AI not eliminating need for bankers - survey
The notion that artificial intelligence (AI) will replace financial services workers is "no longer true", suggests a recently published report.
Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari
The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users. The post Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari appeared first on SecurityWeek .
Insurance Giant Aflac Discloses Data Breach Impacting Millions
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised
Dawnguard Raises $6.3 Million for Security Architecture Automation Platform
The company has publicly launched its solution to help organizations design, build, and operate secure cloud systems. The post Dawnguard Raises $6.3 Million for Security Architecture Automation Platform appeared first on SecurityWeek .
Credit Agricole launches euro stablecoin
French bank Credit Agricole has launched a euro-denominated stablecoin and subscribed to a tokenised Amundi money market fund (MMF), in what the bank has described as a European first.
Pay.UK launches liquidity model for faster payments
Pay.UK, the recognised operator and standards body for the UK’s interbank retail payment systems, has gone live with a flexible model for liquidity requirements for Faster Payments Net Sender Caps (NSC), further facilitating access for a wider range of participants.
NVD CRITICAL: CVE-2026-11387 — The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart ...
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updating their details like reset the password of any user account, including administrators, and gain full a
Unzer appoints chief product and AI officer
Unzer, a leading European provider of payment and software solutions, has appointed Isabelle Bénard as Chief Product & AI Officer (CPAIO).
Standard Chartered and LMAX execute first digital asset prime broker trade
Standard Chartered has executed the first digital asset prime brokerage trades with LMAX Group, marking a significant milestone in the development of institutional digital asset market infrastructure.
Massive Password Spray Campaign Targeting Azure CLI
Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY. The post Massive Password Spray Campaign Targeting Azure CLI appeared first on SecurityWeek .
Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. [...]
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way. Palo Alto Networks' Unit 42 calls the trick phantom squatting, and its new research shows it is already happening in the wild. The reason it matters is
The Payments Association names Renuka Rawlins director of policy and government affairs
The Payments Association, a trade body for the payments sector, has appointed Renuka Rawlins as its new Director of Policy & Government Affairs.
Detection engineering: A programmatic approach to identifying cyber threats
Detection engineering, which was once a niche practice among mostly large companies, appears to have evolved into a capability that organizations across industries now consider essential to their security operations. What is detection engineering? Detection engineering is about creating and implementing systems to identify potential security threats within an organization’s specific technology env
Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls
Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users on Wednesday, July 1, across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork. Export controls restrict who can
OpenClaw: risks for agent users and how to mitigate them
Researching OpenClaw vulnerabilities, malicious skills and other security issues with the popular agent, and providing tips on how to mitigate them.
OpenClaw: risks for the users and how to mitigate them
Researching OpenClaw vulnerabilities, malicious skills, and other security issues with the popular agent, and providing tips on how to mitigate them.
Google Patches 382 Chrome Vulnerabilities
Fifteen of the newly patched flaws have been rated ‘critical’ and 67 have been rated ‘high severity’. The post Google Patches 382 Chrome Vulnerabilities appeared first on SecurityWeek .
US Lifts Export Curbs on Anthropic AI Models
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/us-lifts-export-curbs-on-anthropic-ai-models-image_small-7-a-32123.jpg" align=right hspace=4><b>Commerce Ends 18-Day Ban to Restore Global Access to Fable 5, Mythos 5</b><br>The U.S. Department of Commerce lifted export controls on Anthropic's Fable 5 and Mythos 5, ending an 18-day restriction imposed over national security concer
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider LSHIY LLC (AS32167). "Between June 12 and June 26, the threat
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same malware in a different disguise. The same research also turned up a new delivery method built to slip past Windows' script scanning.
NVD CRITICAL: CVE-2026-6070 — The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated A...
The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove() method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is accessible without authentication via the plugin's frontend routing system. The _filename parameter is acce
Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)
This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It's pretty popular, so a juicy target for criminals. In February, I already mentioned a campaign against them[2].
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below - CVE-2026-8451 (CVSS score: 8.8) - An insufficient input validation
NVD HIGH: CVE-2026-53488 — containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3...
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.
Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector
Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector appeared first on Unit 42 .
China-Linked Group Targets Southeast Asia Critical Systems
The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor.
CVE-2026-55407: 22x memory amplification bug in Anthropic's buffa protobuf decoder
[object Object]
Anthropic to restore Claude Fable access on Wednesday
Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude's two most powerful models, Fable 5 and Mythos 5. [...]
UK investors sue Binance
Nearly 1700 UK investors have filed a group action legal claim seeking at least £150 million from crypto platform Binance and its founder Changpeng Zhao.
Danske Bank extends AWS partnership for AI push
Denmark’s Danske Bank is expanding its collaboration with Amazon Web Services as it bids to accelerate the rollout of AI-enabled products and services.
Instant business payments platform Root emerges from stealth
Root, an instant payments platform that powers receivables, payables, and money transmissions, has emerged from stealth with a mission to modernise money movement in the US.
How Agentic AI Is Reshaping the Modern SOC
Agentic AI is redefining security operations by embedding intelligence across detection, investigation and response. Optiv's Ben Spencer and Google Cloud's Wayne Kearns explain how AI-powered SOCs strengthen defense, why human expertise is essential and how MSSPs can accelerate enterprise adoption.
Russian Water System Hack Attempted to Turn Canada Dry
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/russian-water-system-hack-attempted-to-turn-canada-dry-image_small-8-a-32122.jpg" align=right hspace=4><b>Hackers Said They Gained Access to Pumps, Chlorine Dosing and Pressure Settings</b><br>Canada's Communications Security Establishment, the Maple Leaf version of the U.S. National Security Agency, refreshed a warning to the cou
CISA KEV: Microsoft SharePoint Server — Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
NVD CRITICAL: CVE-2026-56700 — Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. T...
Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget chain, arbitrary code execution where an attacker controls the serialized input. Additionally, Install
NVD HIGH: CVE-2026-56361 — ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validatio...
ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.
NVD HIGH: CVE-2026-56350 — n8n before 2.8.0 contains an authentication bypass vulnerability allowing authen...
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.
NVD CRITICAL: CVE-2026-56278 — Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcode...
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when the EXPRESS_SESSION_SECRET environment variable is not set (packages/server/src/enterprise/middleware/passport/index.ts). Because this default secret is publicly visible in the source code, an attacker can forge valid signed session cookies to imperso
NVD CRITICAL: CVE-2026-14120 — Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47...
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
NVD CRITICAL: CVE-2026-14109 — Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 ...
Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
NVD CRITICAL: CVE-2026-14106 — Insufficient validation of untrusted input in Text in Google Chrome on Android p...
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
NVD CRITICAL: CVE-2026-14104 — Insufficient validation of untrusted input in WebAppInstalls in Google Chrome pr...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
NVD HIGH: CVE-2026-14102 — Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a re...
Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
NVD CRITICAL: CVE-2026-14101 — Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150....
Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
NVD HIGH: CVE-2026-14090 — Insufficient validation of untrusted input in CameraCapture in Google Chrome on ...
Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)
NVD CRITICAL: CVE-2026-13785 — Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allow...
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
NVD HIGH: CVE-2026-13784 — Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote...
Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
NVD CRITICAL: CVE-2026-13783 — Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote...
Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
NVD CRITICAL: CVE-2026-13782 — Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remo...
Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
NVD CRITICAL: CVE-2026-13781 — Insufficient validation of untrusted input in Skia in Google Chrome prior to 150...
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
NVD CRITICAL: CVE-2026-13780 — Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 15...
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
NVD HIGH: CVE-2026-13777 — Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS pri...
Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
NVD CRITICAL: CVE-2026-13776 — Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote ...
Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
NVD CRITICAL: CVE-2026-13775 — Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote a...
Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
NVD HIGH: CVE-2026-13774 — Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an ...
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price
Anthropic is now rolling out Sonnet 5, and it's almost as good as the Opus range, but it is designed to be cheaper than the company's flagship model. [...]
Google: Kremlin Expands AI-Backed Campaigns Across Europe, US
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/google-kremlin-expands-ai-backed-campaigns-across-europe-us-image_small-4-a-32120.jpg" align=right hspace=4><b>GenAI Is Accelerating Propaganda, Planning and Content Creation</b><br>Google Threat Intelligence Group says Russia is expanding AI-enabled influence operations beyond Ukraine to target the European Union and NATO, relyin
Sonnet 5 Delivers AI Gains Without Frontier Model Scrutiny
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/sonnet-5-delivers-ai-gains-without-frontier-model-scrutiny-image_small-6-a-32121.jpg" align=right hspace=4><b>Anthropic's Smaller Claude Model Improves Agents, Reduces Regulatory Risk</b><br>Anthropic's new Sonnet 5 boosts agentic performance and lowers costs while avoiding one challenge confronting the largest AI models: heighten
NVD CRITICAL: CVE-2026-58449 — txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint ...
txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs __import__ and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured (authentication is opt-in, so all endpoints are unauthenticated) and the index is configured writable, a rem
NVD CRITICAL: CVE-2026-11541 — IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Serv...
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.
DICOM Toolkit Bugs Raise Medical Imaging Security Risks
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/under-embargo-till-3pm-et-630-dicom-toolkit-bugs-raise-medical-imaging-security-risks-image_small-1-a-32114.jpg" align=right hspace=4><b>Common AI Tools Helped Researcher Discover Hidden Flaws</b><br>Several newly identified vulnerabilities in a DICOM toolkit used in medical-imaging software could expose patient information, crash
Aikido Buys Root for $70M to Automate Open-Source Patching
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/aikido-buys-root-for-70m-to-automate-open-source-patching-image_small-9-a-32118.jpg" align=right hspace=4><b>Deal Adds Hardened Packages, Automated CVE Fixes to Application Security Platform</b><br>Belgian software vendor Aikido Security acquired Boston-based Root for $70 million to embed automated vulnerability remediation into i
Why Cyber Resilience Must Outpace AI-Driven Threats
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cyber-resilience-must-outpace-ai-driven-threats-image_small-9-a-32119.jpg" align=right hspace=4><b>Former National Cyber Director Chris Inglis Calls for Coalition Defense Strategy</b><br>Cybersecurity leaders must shift from information sharing to true collaboration as AI accelerates ransomware and nation-state threats. Halcyon's
New BioShocking attack manipulates AI browser into data theft
A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...]
Citrix patches a new NetScaler flaw with echoes of CitrixBleed
The bulletin includes six NetScaler issues, but attention is centered on a high-severity flaw with similarities to earlier actively exploited bugs. The post Citrix patches a new NetScaler flaw with echoes of CitrixBleed appeared first on CyberScoop .
Fake Bug Report Hijacks AI Coding Agents at Scale
"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.
UK journalists and NGOs risk terrorism prosecutions under new security bill
MEE reports: New national security legislation being rushed through the UK’s parliament could criminalise British foreign correspondents and NGO workers engaging with designated state-backed groups, experts warn. The National Security (State Threats) Bill, which is moving through its final stages in parliament this week, hands the UK Home Secretary Shabana Mahmood sweeping powers to designat
Microsoft accelerates quantum-safe roadmap as risks grow
Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today's encryption standards sooner than previously expected. [...]
Scammers race to cash in on Venezuelan earthquake disaster
Scammers wasted no time exploiting Venezuela's devastating earthquake, with researchers uncovering 212 newly-registered relief-themed domains in just five days. Read more in my article on the Hot for Security blog.
Malicious PyPI packages give hackers control of Telegram bot servers
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. [...]
Attackers Hijack Exposed AI Endpoints to Power Offensive Ops
Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.
Attackers Seize Exposed AI Endpoints to Power Offensive Ops
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
Trump budget boss Russell Vought open to re-staffing CISA
DHS Secretary Markwayne Mullin has been floating the idea of adding back 600 CISA personnel after deep Trump administration cuts. The post Trump budget boss Russell Vought open to re-staffing CISA appeared first on CyberScoop .
NVD HIGH: CVE-2026-9836 — IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an in...
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
NVD CRITICAL: CVE-2026-7874 — IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all sto...
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.
NVD CRITICAL: CVE-2026-7873 — IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute ...
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
NVD CRITICAL: CVE-2026-7871 — IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute ...
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
NVD CRITICAL: CVE-2026-7803 — IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due t...
IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.
NVD CRITICAL: CVE-2026-7663 — IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to ac...
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
NVD CRITICAL: CVE-2026-13773 — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated C...
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host; when chained with the IBM ORB's getUserException class-instan
NVD CRITICAL: CVE-2026-13772 — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language eng...
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary construct
NVD HIGH: CVE-2026-13759 — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStrea...
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including RemoteConstructor.readResolve and PriorityQueue/ExtractorComparator are confirmed working, allowing a post-lo
NVD CRITICAL: CVE-2026-13449 — IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable ...
IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
NVD HIGH: CVE-2026-12084 — IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cr...
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
NVD HIGH: CVE-2026-11806 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected...
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.
NVD CRITICAL: CVE-2026-11714 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected...
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.
NVD CRITICAL: CVE-2026-11712 — IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site script...
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.
NVD CRITICAL: CVE-2026-11708 — IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site script...
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system.
NVD HIGH: CVE-2026-11595 — IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to o...
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system.
NVD CRITICAL: CVE-2026-11546 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected...
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled.
NVD CRITICAL: CVE-2026-10560 — IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerabi...
IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service.
NVD CRITICAL: CVE-2026-10140 — IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state ...
IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.
NVD CRITICAL: CVE-2026-10134 — IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret ava...
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public
NVD CRITICAL: CVE-2026-10109 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote...
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.
CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) - watchTowr Labs
[object Object]
NVD CRITICAL: CVE-2026-58138 — Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code ex...
Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to authentication. Attackers can exploit unsandboxed GraalVM evaluators configured with HostAccess.ALL or
CIA chief highlights major shifts in agency’s tech approach
CIA Director John Ratcliffe said artificial intelligence capabilities are "akin to digital nuclear weapons.”
Nissan Traces Data Breach to PeopleSoft Zero-Day Exploit
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/nissan-traces-data-breach-to-peoplesoft-zero-day-exploit-image_small-10-a-32113.jpg" align=right hspace=4><b>Extortionists Add National Association of Insurance Commissioners to Breach List</b><br>Japanese automotive giant Nissan and the U.S. National Association of Insurance Commissioners are the latest organizations to confirm t
AI Models Trust Writing Style Over Security Labels
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ai-models-trust-writing-style-over-security-labels-image_small-10-a-32112.jpg" align=right hspace=4><b>Researchers Show Style-Based Prompts Bypass AI Safety Controls</b><br>Artificial intelligence chatbots decide which instructions to obey based on whether the text seems like it comes from a user, not the security labels meant to
Phishers Gain Persistence at EU, Asia Hospitality Orgs
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
Digital Prime Technologies expands Tokenet to BitGo Bank & Trust
Digital Prime Technologies, a provider of digital asset technology solutions and developer of Tokenet, today announced the completion of Tokenet's integration with BitGo Bank & Trust, National Association ("BitGo Bank & Trust"), an OCC-regulated digital asset trust bank and subsidiary of BitGo Holdings, Inc. (NYSE: BTGO) ("BitGo"), the digital asset infrastructure company.
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire. The work comes from Microsoft Incident Response and its
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked it since February 2026, and say the real story is not how big it is today, but how fast it is changing. The end goal is a
Big payment names back new stablecoin
Visa, Mastercard, US Bank, Google and Coinbase are among dozens of firms backing Open USD, a new stablecoin slated to launch later this year.
NVD CRITICAL: CVE-2026-58172 — Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypa...
Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs omits SecurityMiddleware, causing requests from blocked IP addresses to be proxied to downstream servi
NVD CRITICAL: CVE-2026-58166 — OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversa...
OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing path traversal sequences or an absolute path to the POST uploads session endpoint, which constructs th
House passes kids’ online safety bill, but Senate approval unlikely
The Kids Internet and Digital Safety (KIDS) Act passed with bipartisan support by a 267-117 margin, winning the two-thirds majority needed to greenlight the legislation under a process that speeds up a bill’s path to a vote but requires more than a simple majority.
NVD CRITICAL: CVE-2026-48315 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Inpu...
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires
NVD CRITICAL: CVE-2026-48313 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limi...
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require us
NVD CRITICAL: CVE-2026-48286 — Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected ...
Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
NVD CRITICAL: CVE-2026-48283 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted ...
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
NVD CRITICAL: CVE-2026-48282 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limi...
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
NVD CRITICAL: CVE-2026-48281 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Inpu...
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
NVD CRITICAL: CVE-2026-48277 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Inpu...
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
NVD CRITICAL: CVE-2026-48276 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted ...
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
Kaspersky Lab experts have discovered a new attack vector and toolkit for compromising corporate Gmail accounts
Kaspersky Labs writes: It is used by the ToddyCat group. Kaspersky Lab experts have discovered a new attack vector and toolkit for compromising corporate Gmail accounts. Using this toolkit, attackers can access user accounts via an API, read conversations, and harvest data from calendars and other Google services while remaining undetected for extended periods of... Source
Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)
Fake Perplexity extension on Chrome Web Store tracked searches
A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. [...]
Weekly Update 510: Live From Mallorca with Scott Helme
How's the view?! Back to business, it's now 8 years ago that Scott and I thought it would be a cool idea to build Why no HTTPS? We used the site to shame companies for not implementing their transport later security property, and to make it
Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses
Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. "The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that
FactSet agrees AI partnership with Google Cloud
FactSet, a leading global data and AI solutions provider to the financial markets, today announced a multi-faceted strategic partnership with Google Cloud to create a new generation of AI-powered solutions for the financial industry.
Loanch expands into Southeast Asia
Loanch, a Croatia-based marketplace for alternative lending-based investments, announces the addition of AhaPay to its marketplace. Loanch clients can access investment opportunities, expanding their exposure to the growing fintech sector in Southeast Asia.
DHS to unveil replacement council for critical infrastructure cybersecurity
The Department of Homeland Security is bringing back a key cybersecurity information sharing effort with critical infrastructure, more than a year after the Trump administration shuttered an existing nerve center between government and private sector. The Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program, first reported by CyberScoop in Januar
DOJ’s Using Advanced Data Analytics and AI Tools to Combat Healthcare Fraud Before Payment
The U.S. government has announced record-breaking Medicaid fraud charges as part of its 2026 National Health Care Fraud Takedown, with […] The post DOJ’s Using Advanced Data Analytics and AI Tools to Combat Healthcare Fraud Before Payment appeared first on The HIPAA Journal .
Google leads $30m round for space fintech Nebex
Google Ventures has led a $30 million seed round for Nebex, a market infrastructure platform for the "global space economy".
The Human Element: Building A Trusted Workforce in the Age of DPRK Employment Fraud
From Nisos: Earlier this year, our DPRK employment fraud investigation revealed how North Korean operatives infiltrate US companies at industrial scale. In June, we released Part 2 of our research, featured on Nicole Perlroth’s “To Catch a Thief” podcast, that takes you inside the actual operations of a DPRK cell. When a suspicious candidate applied to... Source
This month in security with Tony Anscombe – June 2026 edition
Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026
FlexTrade integrates with EDX Markets for institutional-grade crypto trading
FlexTrade Systems, a global leader in multi-asset execution and order management systems, and EDX Markets (EDX), a leading digital asset technology firm that combines an institutional-only trading venue with a central clearinghouse, today announced the integration of EDX into FlexTrade’s crypto and digital assets trading solution, FlexDigitalAssets.
GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and computer-use agents the firm tested. Only one, "Continue," was built to
NVD CRITICAL: CVE-2026-14241 — Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidenc...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152.0.4.
EY fires staffers accused of accessing Australian PMs bank account
A pair of EY employees on assignment at Commonwealth Bank of Australia have been fired, with one facing criminal charges after allegedly accessing the bank account details of Prime Minster Anthony Albanese.
Lessons from the Underground: How to Combat Business Email Compromise
Business Email Compromise is more than an email scam. It's a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums reveal how BEC attacks are planned and executed. [...]
The Hidden National Security Threat Inside AI-Driven Software
<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/the-hidden-national-security-threat-inside-ai-driven-software" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_hidden_national_security_threat.jpg" alt="Visual representation of a software stack with square and rectangular shapes layered on top of each other with an AI labelled box
BlueHammer Vulnerability Exploited in Ransomware Attacks
The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released. The post BlueHammer Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek .
Standard Chartered secures MiCA and EMI license
Standard Chartered today announced that it has been granted authorisation under the European Union’s Markets in Crypto-Assets (MiCA) Regulation as well as an Electronic Money Institution (EMI), marking a significant milestone in the next phase of its Financing & Securities Services digital asset custody strategy in Europe.
The Fall of XSS Forum: From DaMaGeLaB to the 2025 takedown
Ransomnews has published a history and analysis of XSS Forum from its inception to its seizure in 2025. There is so much that is interesting and informative in their report that it’s hard to know what to mention here, but here are just two portions below: As an overview: XSS.is, the most influential Russian-language cybercrime... Source
An intelligence budget 'super user' job is now in the hands of Russ Vought
Russell Vought, director of the White House Office of Management and Budget (OMB), assumed hands-on responsibility for overseeing the spending plans of intelligence agencies following the recent departure of Amaryllis Fox Kennedy, a senior intelligence official who simultaneously served in multiple roles, including one at OMB.
282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no key at all. Whoever grabs it can send model requests on the developer's account,
Sports prediction market Norvig picks Eventus trade surveillance tech
Eventus, a leading provider of comprehensive, at-scale trade surveillance and financial risk solutions, announced today that Novig, a leading sports prediction market in America, has deployed the Eventus Validus platform as the trade surveillance solution for its exchange.
NCR Atleos extends ATM relationship with Shell UK Oil Products
NCR Atleos Corporation (NYSE: NATL) (“Atleos”), a leader in expanding self-service financial access for financial institutions, retailers and consumers, today announced an extension of its long-standing relationship with Shell UK Oil Products Limited, to operate ATMs across Shell’s forecourt network in the United Kingdom
Gresham appoints Spiros Giannaros CEO
Gresham, a global leader in enterprise data automation for the financial services industry, today announced the appointment of Spiros Giannaros as Chief Executive Officer as the company enters its next phase of growth. Giannaros will succeed Mark Hepsworth, who will transition to a board role.
TransferMate and onPhase embed cross-border payments into AP workflows
onPhase, an AI-powered platform that unifies finance and operations, and TransferMate, the world's leading provider of embedded B2B payments infrastructure, today announced a strategic partnership that expands onPhase's cross-border payment capabilities to support vendors and suppliers across North America and internationally, directly within the onPhase platform.
NVD CRITICAL: CVE-2026-8655 — Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway ...
Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment
NVD CRITICAL: CVE-2026-8452 — Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unp...
Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
NVD HIGH: CVE-2026-8451 — Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to ...
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
NVD HIGH: CVE-2026-58374 — In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be...
In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelement. In hostapd_process_ml_assoc_req() in src/ap/ieee802_11_eht.c, the received link_id field can be
NVD CRITICAL: CVE-2026-58116 — LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that ...
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with a hardcoded trust_remote_code=True param
NVD CRITICAL: CVE-2026-58016 — A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new...
A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of s
NVD HIGH: CVE-2026-58015 — A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKI...
A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a
NVD HIGH: CVE-2026-58014 — A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_lo...
A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.
NVD HIGH: CVE-2026-58013 — A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line...
A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.
NVD HIGH: CVE-2026-58012 — A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace fu...
A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 b
NVD HIGH: CVE-2026-58011 — A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the...
A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.
NVD HIGH: CVE-2026-58010 — A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_norm...
A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.
NVD HIGH: CVE-2026-53433 — fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body proc...
fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity (O(n²)). A crafted POST request with many small segments can trigger excessive CPU usage during request handling.This allows a single malicious request to monopolize the single
NVD HIGH: CVE-2026-53432 — fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function....
fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.
NVD HIGH: CVE-2026-44946 — A SAML authentication replay vulnerability in Rancher's Assertion Consumer Serv...
A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,
NVD HIGH: CVE-2026-13474 — Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler G...
Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
NVD HIGH: CVE-2026-10817 — Insufficient input validation leading to memory overread in NetScaler ADC and Ne...
Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
NVD HIGH: CVE-2026-10816 — Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if ...
Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors. The post Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks appeared first on SecurityWeek .
AI-Generated Workflows Are a Silent Security Disaster
Teams are dealing with a truly dangerous problem — automation that works, but that no one understands.
Aflac Japan Data Breach Impacts 4.38 Million
Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25. The post Aflac Japan Data Breach Impacts 4.38 Million appeared first on SecurityWeek .
Friendly fraud on the rise say enterprise merchants
Friendly fraud is intensifying across the payments landscape, with more than 83% of enterprise merchants reporting an increase over the past three years, according to the newly released 2026 Chargeback Field Report from Chargebacks911.
RedotPay selects OpenPayd for stabelcoin payments
RedotPay, a global stablecoin-based payment fintech, has selected OpenPayd, a leading financial infrastructure provider, to enhance its treasury operations, multi-currency payments, and cross-border remittances for customers worldwide.
Insurance giant Aflac discloses data breach at Japan subsidiary
Sergiu Gatlan reports: American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary’s systems and stole personal and bank account information. Aflac (short for American Family Life Assurance Company) is a Fortune 500 company and the largest supplemental insurance provider in the United States, serving millions of customers in... Source
Digital assets prime broker FalconX secures MiCA authorisation
FalconX, the leading institutional digital asset prime broker, today announced that FalconX Limited has received authorization under the European Union's Markets in Crypto-Assets Regulation (MiCA) from the Malta Financial Services Authority (MFSA).
NVD CRITICAL: CVE-2026-8402 — Improper neutralization of special elements used in an SQL command ('SQL injecti...
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was contacted and it was learned that the product is not supported.
NVD CRITICAL: CVE-2026-14162 — Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure...
Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.
The Realities of AI Video Surveillance
The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. The interesting development in the article is that AI allows people to ask natural language questions abo
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
[object Object]
Allina Health System to Pay $12.5 Million to Settle Pixel Litigation
Allina Health System, a nonprofit health system based in Minneapolis, Minnesota, that serves patients in Minnesota and Western Wisconsin, has […] The post Allina Health System to Pay $12.5 Million to Settle Pixel Litigation appeared first on The HIPAA Journal .
Schneider Electric EasyLogic T150 and Saitel DP RTU
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files.</
OFFIS DCMTK Toolkit
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-181-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes.</strong></p> <p>The following versions of O
Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a
Schneider Electric EcoStruxure IT Data Center Expert
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device infor
StoneFly Storage Concentrator
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across
Frangoteam FUXA SCADA/HMI
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance.</strong></p> <p>The following versions of Frangoteam FUXA S
XZ Utils vulnerability impacting B&R Products
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data.</strong><
Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreat
Chris Thompson's journey took him from hacking game controls as a teenager to founding IBM’s X-Force Red team. The post Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreat appeared first on SecurityWeek .
ClickFix Now Cybercriminals' Favorite Malware Delivery Technique
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
Delta Electronics DVP12SE PLC
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-07.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement.</
Supreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users’ Location History
The ruling was made in the case of a bank robber whose identity was discovered through a geofence warrant. The post Supreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users’ Location History appeared first on SecurityWeek .
Malicious Chromium extension spoofs Perplexity AI to hijack browser searches
Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on
What the Numbers Say About FIFA 2026 Cyber Risk
The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors and at least ten languages. Check Point Exposure Management published the FIFA World Cup 2026 Cyber Threat Report this month, covering
Exploitation of Recent Oracle E-Business Suite Vulnerability Begins
The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product. The post Exploitation of Recent Oracle E-Business Suite Vulnerability Begins appeared first on SecurityWeek .
Real-time payments 'out-of-reach' for most banks - survey
A lack of automation and the prevalence of manual processes means that the majority of banks are unable to offer real-time payments to their customers, suggests recently released research.
SoftSolutions adds AI to fixed income trading platform
AI is now integrated into nexRates. SoftSolutions today announced that its flagship fixed-income trading platform ships with production-ready AI capabilities, giving traders the agility to move at the speed of the market.
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated
Insurance giant Aflac discloses data breach after subsidiary hack
American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary's systems and stole personal and bank account information. [...]
Shipping post-quantum cryptography to Python
<p>Post-quantum cryptography is now one <code>pip-install</code> away for the entire Python ecosystem. With funding from the <a href="https://www.sovereign.tech/">Sovereign Tech Agency</a>, we implemented support for ML-KEM, the NIST-standard key-establishment primitive, and ML-DSA, the NIST-standard digital-signature primitive, in <code>pyca/cryptography</code>.</p> <p>On June 22, 2026, the White
Mircosoft adds smarter bot protection to Teams meetings
Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [...]
Microsoft adds smarter bot protection to Teams meetings
Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [...]
Fintech industry welcomes FCA's new crypto rules
The UK's financial regulator, the Financial Conduct Authority (FCA), has announced a new framework for regulating digital and crypto assets designed to bring the DeFi world into the mainstream.
Hackers Leverage Blockchain to Hit Japan's Hotels Through Booking.com Phishing
A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware
USB drives carrying China-linked malware infected Japanese military networks for nearly a year
Read more in my article on the Hot for Security blog.
NVD CRITICAL: CVE-2026-9711 — The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full...
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already
LexisNexis and Promon partner for fraud prevention
LexisNexis® Risk Solutions and Promon announced a strategic alliance to strengthen fraud prevention in mobile apps globally by combining access to LexisNexis® ThreatMetrix® digital identity, device, and behavioural intelligence with Promon Shield and Promon Insight in-app protection and trusted telemetry.
Axiology goes live on blockchain Canton
Axiology is now operating as a live validator node on Canton network, the privacy-enabled blockchain network used by a significant share of the world's regulated financial institutions for tokenisation, settlement, and asset servicing. Applications deployed on Canton can now interact directly with Axiology's regulated issuance, custody and settlement infrastructure.
Data Breaches Reported by Amicus Solutions: Huntsville Hospital Health System
Amicus Solutions (Fedora Solutions) has been affected by a cybersecurity incident, and Huntsville Hospital has confirmed it was affected by […] The post Data Breaches Reported by Amicus Solutions: Huntsville Hospital Health System appeared first on The HIPAA Journal .
ToddyCat: your hidden email assistant. Part 2
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.
The AI Token Costs That Can Break Cybersecurity
As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. The post The AI Token Costs That Can Break Cybersecurity appeared first on SecurityWeek .
BR-DGE secures $10m funding round
BR-DGE, the high-growth payments technology company, has secured a £10m funding round, along with a new growth investor, as it executes its international growth strategy.
Tax compliance platform Reptune names CEO
Reptune has appointed Rolf van de Velde as Chief Executive Officer.
Parabellum acquires data firm Crux Informatics
Parabellum Investments, a leading investment firm specialising in enterprise software and fintech, today announced its acquisition of Crux Informatics, the industry-leading platform for AI-powered external data management.
Kali Linux 2026.2 released with 9 new tools, NetHunter updates
Kali Linux 2026.2, the second release of the year, is now available for download, featuring 9 new tools and numerous Kali NetHunter improvements. [...]
Blackfield ransomware asks Nidec Corporation for $2 million ransom
The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. [...]
Digital bank Sygnum expands EU market access
Sygnum, a global digital asset banking group, is leveraging its global banking platform, products and operational experience across Switzerland, Singapore and the Middle East to scale its EU client base via a CASP authorisation for its Sygnum Europe subsidiary.
June 2026 Apple Updates, (Tue, Jun 30th)
Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time.
UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks
SonicWall records 264,000 events in first five months of 2026 as UK hospitals come under siege
AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks
Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone, with no tap or prompt. The same research found Quick Share flaws that
Nissan Employee Data Breached in Oracle PeopleSoft Hack
Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed. The post Nissan Employee Data Breached in Oracle PeopleSoft Hack appeared first on SecurityWeek .
How ransomware syndicates weaponize corporate-style organization
From outsourced labor to tiered pricing models, an inside look at how today's top ransomware threats operate less like rogue hackers and more like Fortune 500 companies. The post How ransomware syndicates weaponize corporate-style organization appeared first on CyberScoop .
CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks. [...]
Critical SimpleHelp Vulnerability Exploited for Malware Delivery
The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek .
Washington Dept. Health & Social Services Insider Breach Affects 8,600 Individuals
The Washington Department of Social and Health Services (DSHS) has identified an insider data breach involving unauthorized access to the protected […] The post Washington Dept. Health & Social Services Insider Breach Affects 8,600 Individuals appeared first on The HIPAA Journal .
New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker. The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension. An
Over 300 UK Firms Hit by Ransomware in a Year
Report Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEs
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now. Progress published its advisory on June
Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below - CVE-2026-43707 - A memory corruption issue that could result in an
Quantifind Raises $200 Million for AI-Native Risk Intelligence
Quantifind will accelerate international expansion and extend its platform’s localized risk intelligence capabilities. The post Quantifind Raises $200 Million for AI-Native Risk Intelligence appeared first on SecurityWeek .
NVD CRITICAL: CVE-2026-12073 — The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is ...
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a `user_login` on registration forms that don't contain this parameter, and not properly handling the error messages. This makes it possible for unauthenticated attackers to ch
New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking
CISA has published an advisory to inform organizations about three vulnerabilities found by a researcher in Daktronics controllers. The post New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking appeared first on SecurityWeek .
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. "Easily exploitable vulnerability allows
EIB issues DLT-native commercial paper on Clearstream platform
The European Investment Bank (EIB) has issued the first distributed ledger technology-native commercial paper on Clearstream’s D7 platform.
Mastercard launches Africa Cybersecurity Centre of Excellence
Mastercard has unveiled a pan-African, multiyear initiative designed to strengthen cyber resilience across the continent.
NIST Enrichment Reductions Impact CVE Coverage, Accuracy
The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers.
EXCLUSIVE: Top-100 Law Firm Fox Rothschild Suffers Data Breach and Leak by Silent Ransom Group
Fox Rothschild is a top-100 law firm whose articles and resources have been cited on DataBreaches.net and PogoWasRight.org dozens of times over the years. This time, however, they are the subject of a post because they were victims of a data breach by a well-known group that targets law firms. Introduction The group called Silent... Source
How Cloud Security Risks Grow With Home-Based Care
As hospital-at-home programs expand and AI adoption accelerates, healthcare organizations face mounting cloud security demands. Anahi Santiago, CISO of ChristianaCare, discusses vendor accountability, identity management, clinical AI risks and the need for stronger cybersecurity foundations.
Austria Urges Anthropic to Move to EU to Avoid US Controls
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/austria-urges-anthropic-to-move-to-eu-to-avoid-us-controls-image_small-8-a-32106.jpg" align=right hspace=4><b>Mythos and Fable Export Controls Deprive EU of 'Cutting-Edge Innovation,' Security</b><br>Stung by the Trump administration's export controls on Anthropic's most powerful cyber-capable models, Mythos and Fable, the Austria
DHS Eyes 600 New Cybersecurity Hires, New Director for CISA
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/dhs-eyes-600-new-cybersecurity-hires-new-director-for-cisa-image_small-10-a-32105.jpg" align=right hspace=4><b>DHS Secretary Says Agency Has Funding But Lacks Skilled Cybersecurity Personnel</b><br>Homeland Security Secretary Markwayne Mullin told lawmakers CISA has adequate funding but must hire roughly 600 cybersecurity professi
CyberFox Purchases Timus to Bring SASE Capabilities to SMBs
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cyberfox-purchases-timus-to-bring-sase-capabilities-to-smbs-image_small-4-a-32104.jpg" align=right hspace=4><b>CEO David Bellini Says Remote Work Drives Demand for Always-On Secure Connectivity</b><br>CyberFox has acquired Tampa, Florida-based SASE startup Timus Networks to help small and midsize businesses replace legacy VPN and
'Djinn' Stealer Targets Cloud, AI Credentials
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.
Warner bill would create federally vetted list for secure, trustworthy AI agents
The bill empowers the FTC to create a registry for sellers of AI agent software certifying their privacy and cybersecurity protections. The post Warner bill would create federally vetted list for secure, trustworthy AI agents appeared first on CyberScoop .
Vulnerabilities Expose Private Data in Indian Government Systems
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.
Mphasis joins Microsoft Intelligent Security Association
Mphasis, (BSE: 526299; NSE: MPHASIS), a global AI-led, platform-driven technology solutions provider, today announced that it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of software development companies and security services partners that have integrated their solutions with Microsoft Security technology to better defend their mutual customers agains
Nissan discloses employee data breach linked to Oracle zero-day attacks
Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. [...]
NAIC says public data stolen in ShinyHunters' PeopleSoft breach
The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. [...]
CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF
<p><b>Bulletin ID:</b> 2026-048-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 06/29/2026 11:15 PM PDT</p> <p><b>Description:</b></p> <p>AWS WAF is a web application firewall that monitors the HTTP(S) requests that are forwarded to your protected web application resources. We identified CVE-2026-13762 and CVE-2026-13763, which are iss
Can Clothes Make You Invisible to Facial Recognition?
Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras.
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) - watchTowr Labs
[object Object]
Iran, Russia, China Target Water Systems for Sabotage
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
New MCP Specifications Fix Security Issue But Open Many More
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/new-mcp-specifications-fix-security-issue-but-open-many-more-image_small-3-a-32102.png" align=right hspace=4><b>Model Context Protocol Rewrite Leaves More Security Decisions to Developers</b><br>The new MCP specifications fix a long-standing weakness in how AI agents authenticate to external tools, but security experts say it shif
Russian Threat Actors Continue Signal and WhatsApp Targeting
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/russian-threat-actors-continue-signal-whatsapp-targeting-image_small-2-a-32101.jpg" align=right hspace=4><b>Thousands of Victims Tricked Into Giving Attackers Account Access, Say Officials</b><br>Russian military hackers, foiled by end-to-end encryption in Signal and WhatsApp, have compromised thousands of people by tricking them
OMB, Commerce Lay Out Road Map for Post-Quantum Migration
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/omb-commerce-lay-out-road-map-for-post-quantum-migration-image_small-8-a-32100.jpg" align=right hspace=4><b>Federal Investment Shifts From Research Toward Implementation</b><br>The Office of Management and Budget has issued a detailed road map requiring agencies to begin post-quantum cryptography implementation immediately, while
Justices rule that cellphone location histories are protected by the Fourth Amendment
Police must get a warrant to request geofence data involving individual cellphones, the U.S. Supreme Court ruled in what represents a victory for privacy advocates.
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure. The extension was called "
NI: Updated warning to parents over schools cyber attack
Niall Glynn and Auryn Cox report: The number of schools in Northern Ireland affected by a recent cyber-attack is larger than previously thought. In a letter issued by the Education Authority (EA) on Thursday, some parents were warned that their child’s personal data may have been accessed. The EA said the letters were sent to 23 schools,... Source
NVD CRITICAL: CVE-2026-56782 — Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/...
Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is empty, which is the default configuration. Remote attackers can exfiltrate the entire database including user records, items, and feedback data containing personally identifiable information, or
NVD CRITICAL: CVE-2026-11720 — A path traversal vulnerability exists in the HTTP tool URL builder of googleapis...
A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the input does not alter the scheme, host, or user info, it relies on ResolveReference for the final URL
MOVEit Breach Defendants Lose 2nd Bid to Toss Negligence Claims
Christopher Brown reports: Bellwether defendants in multi-district litigation over a massive data breach of Progress Software’s MOVEit file-transfer application failed to convince a federal court to toss negligence claims against them under the laws of California, Indiana, Michigan, and Ohio. The defendants—Progress and several of its customers—argued that the claims were barred under the economic
WhatsApp rolls out usernames to help users hide their phone number
WhatsApp is finally allowing users to reserve usernames, a privacy feature that lets them hide their phone numbers from people not in their contact list. [...]
National Securities Clearing Corporation extends clearing hours
The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, today announced that its subsidiary, the National Securities Clearing Corporation (NSCC), has extended its clearing hours to 24x5 availability, from Sundays at 8:00 PM ET to Fridays at 8:00 PM ET, supporting overnight trading activity from Alternative Trading
Supreme Court approves mail-in ballots that arrive after Election Day
The ruling is a victory for election advocates who say the evidence overwhelmingly shows that voter fraud is rare and not tied to mail voting in general. The post Supreme Court approves mail-in ballots that arrive after Election Day appeared first on CyberScoop .
NVD HIGH: CVE-2026-13752 — Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 al...
Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session. Successful exploitation required crafted values to reach vulnerable parameters, including through social
NVD CRITICAL: CVE-2026-13751 — Improper handling of untrusted remote references in Snowflake CLI versions prior...
Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. By supplying crafted SQL content processed through a vulnerable command path, an attacker could cause th
Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling
Dissenting justices who criticized the ruling said it would have “seismic” implications for the Fourth Amendment. The post Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling appeared first on CyberScoop .
Microsoft extends Windows Server 2022 hotpatching until October 2027
Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [...]
US racks up about 400 wins over illegal World Cup streaming sites
The World Cup’s organizing body, FIFA, helped identify hundreds of domains taken down in an action organized by the U.S., along with the help of U.S. broadcaster NBC Universal and other entities.
NVD HIGH: CVE-2026-41052 — Improper privilege handling could be used by users with Project Owner role to es...
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
NVD HIGH: CVE-2026-13744 — Improper neutralization of attacker-controlled content in Snowflake CLI versions...
Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL in the context of the victim user's Snowflake session. Successful exploitation requires the victim to pr
Inside the Advisory Database and what happens when vulnerability volume breaks records
The GitHub Advisory Database is processing more vulnerability reports than ever before. Here's what's driving the surge, how we're responding, and how the community can help. The post Inside the Advisory Database and what happens when vulnerability volume breaks records appeared first on The GitHub Blog .
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations will start rolling out starting today,
Factoring RSA Keys with Many Zeros
Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of real-world keys from public sources, including Certificate Transparency logs, internet-wide TLS and SSH scans,
WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy
An optional ‘username key’ adds another layer by requiring a secondary credential before someone can message users. The post WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy appeared first on SecurityWeek .
Atom Bank sale nears collapse - FT
The sale of Atom Bank is on the verge of collapse after the digital challenger failed to attract offers at the £600 million valuation sought by shareholders, according to the Financial Times.
Paysafe joins Primer platform to streamline card payments for online merchants
Paysafe (NYSE: PSFE), a leading global payments platform, today announced its partnership with Primer, the unified infrastructure for global payments.
Crédit Agricole completes agentic payment transaction
Crédit Agricole, Mastercard and Worldline have carried out the first agentic payment transaction completed in production in France.
US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp
Russia-linked hacking groups tracked as UNC5792 and UNC4221 have socially engineered their way into the messaging accounts of government officials.
NVD CRITICAL: CVE-2026-56290 — The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitra...
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
NVD HIGH: CVE-2026-55607 — Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's...
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...]
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government networks, including machines used by senior administrative staff, and worked with
OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government's request
Personetics embeds AI into Fiserv Experience Digital
As consumers and small businesses increasingly expect digital banking experiences that are more relevant, timely, and intuitive, Personetics, the Cognitive Banking platform, today announced that Personetics’ AI-driven platform is now embedded within Experience Digital (XD) from Fiserv, giving banks and credit unions new ways to deliver more personalized digital experiences to customers and members
South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches
A hacking incident has been reported by South Florida Injury Centers, and Chickasaw Nation Department of Health has discovered that […] The post South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches appeared first on The HIPAA Journal .
Remote Desktop Tools are the Front Door in Healthcare, and Hackers are Walking Through
There is some positive news from the data collected by cybersecurity firm SonicWall, as cyberattacks have declined by up to […] The post Remote Desktop Tools are the Front Door in Healthcare, and Hackers are Walking Through appeared first on The HIPAA Journal .
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cleanup waiting. Here’s the full Monday recap. ⚡ Threat of the Week New DirtyClone Linux Kernel Flaw Lets Local
N26 makes supervisory board appointments
N26 today announced the appointment of Marieke Flament and Dr. Andreas H. Tuczka as new members of its Supervisory Board.
Telegram-Based Millenium RAT Campaign Infects 60,000 Devices
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries
Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines
Indirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine. The post Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines appeared first on SecurityWeek .
NVD HIGH: CVE-2026-11979 — libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog...
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsing. This results in memory corruption within th
Straiker Raises $64 Million for AI Security Platform
The startup’s platform can identify AI agents and provide visibility into their access, behavior, and risks. The post Straiker Raises $64 Million for AI Security Platform appeared first on SecurityWeek .
Agentic AI Has an Identity Problem and Attackers Know It
AI agents can access data, trigger workflows, and take action across enterprise systems. Token Security explains why governing these privileged identities is becoming essential for enterprise security. [...]
Straiker Raises $64M to Safeguard Autonomous AI Agents
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/embargo-0629-9am-et-straiker-raises-64m-to-safeguard-autonomous-ai-agents-image_small-1-a-32093.jpg" align=right hspace=4><b>Series A Funding Supports Pre-Training, Reinforcement Learning for Security Models</b><br>AI security startup Straiker closed a $64 million Series A funding round to expand GPU infrastructure, develop specia
Healthcare Data Collaboration Gets a Boost From AI
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/healthcare-data-collaboration-gets-boost-from-ai-image_small-5-a-32097.jpg" align=right hspace=4><b>Emids' CAIO on Why Healthcare Leaders Are Treating AI as an Enterprise Investment</b><br>Healthcare organizations are moving beyond debating AI's value and focusing on how to scale it. According to Emids' State of Healthcare AI in 2
Critical SimpleHelp flaw exploited to deploy new stealer malware
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...]
Hackers now exploit critical Oracle E-Business flaw in attacks
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...]
Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack
The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization. The post Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack appeared first on SecurityWeek .
Ukraine to use seized crypto from cybercrime group to buy war bonds
Ukraine's Asset Recovery and Management Agency (ARMA), which manages property seized in criminal proceedings, said more than $8.3 million in cryptocurrency had been transferred to its official digital wallet following a court order.
Trading Technologies launches multi-asset trade surveillance tools
Trading Technologies International, Inc. (TT), a global capital markets technology platform services provider, today announced a major upgrade to TT® Trade Surveillance that includes a new Market Replay tool and an enhanced enterprise-level case management system user interface (UI) that significantly improve the workflow, speed and scope of surveillance cases across equities, futures and opt
UK businesses fear stigma of ransomware
Alex Scroxton reports: Fear of stigmatisation is likely leading businesses across the UK to drastically underreport data on ransomware attacks, especially when they have paid a ransom to a cyber criminal gang, as admission of such is often seen as supporting further criminal activity or defying compliance regulations. Data gleaned from the national Report Fraud service – which... Source
Central Bank of Libya investigates alleged data leak after cyberattack
SafaAlharathy reports: Libya’s central bank (CBL) says it is investigating data published on the dark web following a recent cyberattack. In a statement, the bank said its technical teams, working with international experts, were analysing the data to determine its nature and whether it is linked to the attack reported earlier this month. The bank... Source
ZA: Copying the wrong person on an email could be considered a data breach in South Africa
Jan Vermeulen reports: Misdirected internal emails that expose personal information can trigger mandatory data breach reporting under South Africa’s data privacy law, POPIA, even when the disclosure was accidental. Armand Swart, Hlonelwa Lutuli, and Isabella Keeves from Werksmans Attorneys said an Information Regulator enforcement notice against Central Johannesburg TVET College confirmed this pos
LSE warns of listed companies moving to US
Up to 200 companies could move their listings from the UK to the US, according to a 'worst case' scenario plan devised by the London Stock Exchange (LSE).
Modernizing Global Vulnerability Standards For The Age Of AI
As AI-driven vulnerability discovery accelerates, the cybersecurity ecosystem is being forced to examine whether the standards, disclosure processes, and prioritization frameworks defenders rely on can still keep pace. Many of those systems were built around human-speed discovery, manageable vulnerability volumes, and exploitability confirmed after the fact, which leaves them under increasing stra
Tabby secures licences in Saudi Arabia
Tabby, the financial services app, today announced it has received a consumer finance licence and SME finance licence from the Saudi Central Bank (SAMA).
NVD HIGH: CVE-2026-41992 — GNU gzip contains a global buffer overflow vulnerability in the LZH decompressio...
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression routines and is not reinitialized between files processed in the same invocation. By decompressing a spe
Digital ID provider Wultra raises $7.75m in funding round
Wultra, a provider of post-quantum authentication and digital identity solutions for banks and fintechs, announced the completion of a €6.8 million Series A funding round.
Adding some Automation to the favicon.ico method of Host Recon, (Mon, Jun 29th)
I&#;x26;#;39;m in the throes of target host recon for another pentest, and thought I&#;x26;#;39;d share some workflow / automation stuff.
236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.
Sweden's Vermiculus makes executive appointments
Vermiculus Financial Technology today announced that the company’s Board of Directors and CEO have appointed Chris Dorougidenis as Chief Operating Officer (COO) and Henrik Rouet-Leduc as Deputy CEO.
Why Post-Quantum Cryptography Starts With Credentials
Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured by
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the year. Primary targets of these
US seizes hundreds of FIFA World Cup illegal streaming domains
The U.S. Justice Department's Criminal Division has seized nearly 400 web domains used for illegally streaming matches at the FIFA World Cup. [...]
‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access
A variant of DirtyFrag, the flaw allows unprivileged local users to manipulate the Linux page cache and gain root privileges. The post ‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access appeared first on SecurityWeek .
Westpac appoints CIO
Australian bank Westpac has named Richard Heeley as chief information officer (CIO).
Robot Police Officers
We’ve taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a cluttered house. “After not responding to negotiators, a drone was deployed inside the re
Former ECB board member named as chair of Reform Technologies
Anti money laundering (AML) technology platform Reform Technologies has named Elizabeth McCaul as its new chair.
OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review
ChatGPT maker OpenAI said Friday it is restricting the release of its new artificial intelligence model at the request of President Donald Trump’s administration. The post OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review appeared first on SecurityWeek .
The Gentlemen are knocking: сustom backdoors and evolving tactics
Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant.
US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
Mynt plans $1.5bn IPO for Philippines mobile payment platform
Philippines-based fintech Mynt is planning the country's largest ever listing for its mobile wallet GCash.
Maldives Premier Bank selects Finastra for international payments
Finastra, a global leader in financial services software, today announced that Maldives Premier Bank (MPB) has selected Finastra’s Financial Messaging API solution to drive a modern, digital-first approach to its international banking operations.
Shield extends agentic AI comms surveillance tool
Shield, the global Communication Risk Management platform for financial services, today added two new AI agents to AmplifAI, its agentic suite for digital communications surveillance and investigations.
US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve
UNC5792 and UNC4221 have been targeting US government officials, military leaders, and allied personnel. The post US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve appeared first on SecurityWeek .
Quantifind raises $200m for AI-powered risk management
Quantifind, the leader in AI-native Risk Intelligence for modern financial crime and national security operations, today announced a $200 million growth investment led by Summit Partners, with participation from existing investors Citi Ventures, S&P Global, Deloitte, and Stephens Group.
Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribution
What the post-quantum executive order really demands of CISOs
ith federal PQC deadlines set for 2030 and 2031, CISOs face a multi-year transformation program that most organizations have not yet started. The window for orderly execution is narrowing fast. The post What the post-quantum executive order really demands of CISOs appeared first on CyberScoop .
Inside the inbox: Why cybercriminals want to break into your email account
Your inbox is an identity system all of its own: whoever owns it may own a lot more
Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021.
FBI Sounds Alarm Over Russian Intelligence Signal Phishing
The FBI claims Russian spies are targeting Signal backup keys
OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI
The company says Sol matches competing systems like Mythos Preview while using only a third of the output tokens. The post OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI appeared first on SecurityWeek .
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2. libssh2 is a client-side SSH library, not a server.
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings," JFrog said in a
Canadian fintech Float raises C$85m
Canadian business finance platform Float Financial has raised C$85 million (US$60 million) in a Series C funding round led by Inovia Capital with participation from Goldman Sachs.
Snyk VulnBench JS 1.0: Can LLMs Find the Same Bugs Twice?
Snyk VulnBench JS 1.0: 300 repeated scans show LLM security findings vary by run, while SAST and models catch different vulnerability gaps.
CISA KEV: SimpleHelp SimpleHelp — SimpleHelp Authentication Bypass Vulnerability
SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.
A KDDI data breach has put up to 14.2 million ISP email logins at risk across Japan
James Whitmore reports: Data breach at Japanese telecoms operator KDDI may have exposed up to 14.22 million email addresses and passwords linked to ISP mail services, after attackers gained unauthorised access to a system used by six providers in Japan. KDDI said it confirmed the incident on 17 June 2026, repaired the affected system the same day,... Source
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. [...]
AssuranceAmerica breach may have affected more than 1.1 million people in seven states
Krys Shahin and Christopher Buchanan report: State officials are warning at least 1.1 million people across seven states may be impacted by an AssuranceAmerica data breach. Notices about the breach were sent to California, Massachusetts, Nebraska, South Carolina, Texas, Vermont, and Washington residents Friday. AssuranceAmerica Managing General Agency, LLC, said they detected “suspicious act
NZ pharmacy scrambles to scrub internet of patients’ private messages
Mary Argue reports: A Wellington pharmacy at the centre of a data leak says sensitive patient information has now been scrubbed from the internet. Unichem Petone said it was contacting 29 patients affected by what it described as an error on the website that saw patients’ private messages to the pharmacy via its ‘contact us’... Source
NVD HIGH: CVE-2026-13484 — A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e29...
A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit
YARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th)
YARA-X&#;x26;#;39;s 1.18.0 release brings 3 improvements and 2 bugfixes.
NVD CRITICAL: CVE-2026-58053 — Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow...
Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-opt unchanged. A user who can run a workflow on a Docker-backed runner can create a job container with
NVD HIGH: CVE-2026-58050 — libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from ...
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap
NVD HIGH: CVE-2026-58049 — FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit r...
FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A crafted media stream using the RASC FourCC, decoded by libavcodec, triggers a bitstream-controlled ou
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S. The systematic cyber attacks aimed at stealing sensitive
Clean GitHub repo tricks AI coding agents into running malware
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human reviewers. [...]
OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficiency and power, and Luna is fine-tuned for speed and affordability. "GPT‑5.6 Sol launches with our most
Chinese Framework Powers 200,000 Scam Sites
Threat actors are selling investment scam templates created using the legitimate DCloud Uni-App toolkit. The post Chinese Framework Powers 200,000 Scam Sites appeared first on SecurityWeek .
NAIC suspends investment risk designations after cyber attack
The National Association of Insurance Commissioners (NAIC) is the U.S. standard-setting and regulatory support organization. It is governed by the chief insurance regulators from the 50 states, the District of Columbia, and five U.S. territories. The organization serves the public interest by setting standards and regulatory best practices, acting as a forum to exchange information,... Source
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
NVD CRITICAL: CVE-2026-12415 — The Invoice Generator plugin for WordPress is vulnerable to privilege escalation...
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account, accepts an attacker-controlled user_id and user_email from POST data, and calls wp_update_user() without verifying authentic
Hackers exploit critical PTC Windchill PLM software flaw
Hackers are exploiting a critical vulnerability recently patched in PTC Windchill and FlexPLM, two product lifecycle management solutions used by organizations across a range of industries, including defense, aerospace, automotive, medical, electronics, industrial machinery, and consumer goods. The vulnerability, tracked as CVE-2026-12569 , is an unsafe deserialization flaw that enables remote cod
OpenAI Limits GPT-5.6 Rollout at US Government's Request
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/openai-limits-gpt-56-rollout-at-us-governments-request-image_small-7-a-32092.jpg" align=right hspace=4><b>Enterprise Users Face Delayed Access as Trusted Partners Get Early Preview</b><br>OpenAI limited its release of GPT-5.6 to a short list of users after the Trump administration requested access to the model and the list of user
Post-Quantum Security Spurs National Sovereignty Thinking
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/post-quantum-security-spurs-national-sovereignty-thinking-image_small-10-a-32095.jpg" align=right hspace=4><b>AI Export Controls Expose Hidden Risks to Post-Quantum Cryptography Migrations</b><br>Security leaders warn that post-quantum cryptography migration is creating new dependencies on foreign vendors, hyperscalers and supply
Malware-Laced USBs Breach Japanese Military Networks
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/malware-laced-usbs-breach-japanese-military-networks-image_small-10-a-32094.jpg" align=right hspace=4><b>Reused USB Drives Linked to China Spread Malware to Private Sector</b><br>Counterfeit flash drives embedded with a Chinese-linked computer virus and used by the Japanese army are now dispensing malware throughout other secure n
FBI: Russian hackers now target Signal backup recovery keys
The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' historical messages. [...]
Russian Hackers Behind the $2.5 Billion Jaguar Land Rover Cyberattack, Investigators Say
Rex Edison reports A single cyberattack dented an entire country’s GDP. The Cyber Monitoring Centre estimates that the ransomware assault on Jaguar Land Rover cost the UK economy £1.9 billion — roughly $2.5 billion — rippling through more than 5,000 businesses and dragging car production to levels not seen since 1952. The Bank of England flagged the damage in its economic outlook. Now, after
NVD HIGH: CVE-2026-54353 — Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated use...
Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connection later performs a separate DNS lookup through node-fetch. Since the validated IPs are never pinned to
NVD CRITICAL: CVE-2026-54351 — Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigg...
Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger() allows an attacker to overwrite the internal appId property by including it in the webhook POST body. When the automation is processed asynchron
NVD CRITICAL: CVE-2026-54350 — Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthentica...
Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write query, modifies every document of that collection with one HTTP request. enrichContext at packages/server
NVD CRITICAL: CVE-2026-50137 — Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous atta...
Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id (app_...) and an S3-source datasource id (ds_...) can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoint also returns the publicUrl so the attacker knows exactly where their PUT lands. Because bucket
NVD HIGH: CVE-2026-46710 — Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, ...
Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writab
The Chinese Control the Majority of Argentina’s Squid Fleet
Chinese companies control nearly two-thirds of Argentina’s own squid fleet.
HHS Agencies Flesh Out Priorities for Healthcare AI
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/hhs-agencies-flesh-out-priorities-for-healthcare-ai-image_small-1-a-32091.jpg" align=right hspace=4><b>Coordinated 'OneHHS' AI Governance, Implementation, Guidance Efforts Under Way</b><br>The U.S. Department of Health and Human Services is preparing guidance aimed at accelerating the adoption of healthcare AI, with agency officia
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. [...]
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restore the account's backup, read the private and group message history, and take over the account. Worse, the key keeps working.
Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more
Help shape the future of Metasploit Framework We are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they function/are presented to users. We are currently accepting responses to our feedback form, which means that you can shape the future of how evasive capabilities are implemented in Metasploit Framework. The proposal for the changes can be f
ATF cancels controversial commercial geolocation contract
The agency told CyberScoop the tool was a pilot that didn’t meet their needs. Members of Congress say it was accessed for hundreds of active cases. The post ATF cancels controversial commercial geolocation contract appeared first on CyberScoop .
AI Decline? Confidence in Autonomous Penetration Testing Falls
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
First Circuit Affirms Dismissal of Data Breach Class Action for Lack of Traceable Injury
Melanie Conroy of Pierce Atwood LLP writes: The First Circuit recently affirmed dismissal of a putative data breach class action against Bayamón Medical Center (BMC), holding that the plaintiff failed to plausibly allege that her injuries were traceable to the healthcare provider’s 2019 ransomware attack. In Santos-Pagán v. Bayamón Medical Center, the court concluded that allegations... Source
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark, said the campaign has targeted a diplomatic organization in Indonesia, government organizations in Taiwan,
NVD HIGH: CVE-2026-48706 — Envoy is an open source edge and service proxy designed for cloud-native applica...
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink (TcpStatsdSink), where the thread-local flusher buffer can be overflowed by exceptionally long statistic names (e.g., >16KiB). During formatting, TcpStatsdSink reserves a single contiguous memory slice of 16K
NVD HIGH: CVE-2026-48497 — Envoy is an open source edge and service proxy designed for cloud-native applica...
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long can complete successfully, a query with such name will result in abnormal process termination. The abn
NVD HIGH: CVE-2026-47221 — Envoy is an open source edge and service proxy designed for cloud-native applica...
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 (See Other) internal redirects for body-less non-GET/HEAD requests. When a POST, PUT, DELETE, or PATCH request without a body is sent to a route configured with intern
NVD HIGH: CVE-2026-47204 — Envoy is an open source edge and service proxy designed for cloud-native applica...
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes (null pointer dereference / segfault) when a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hits a direct_response route. A single unauthenticated HTTP request c
Polymarket customers lose $3 million in supply-chain attack
Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...]
How Accenture Acquisition Could Push Dragos Beyond Energy
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/how-accenture-acquisition-could-push-dragos-beyond-energy-image_small-4-a-32089.jpg" align=right hspace=4><b>Forrester: Transaction Reflects Move From Services Toward Owning Security Technology</b><br>Forrester analyst Paddy Harrington says Accenture's proposed acquisition of Dragos signals a strategic move toward owning OT securi
Cybersecurity firms targeted by fraudulent OpenAI organization invites
Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects. [...]
Global banks back project to strengthen open source resilience
At the Open Source in Finance Forum, FINOS, the financial services arm of the Linux Foundation, announced its intent to form an Open Source Enterprise Resiliency Alliance (OSERA), a global, vendor-neutral, member-governed coalition to strengthen the industry's supply chain resiliency. OSERA will strengthen the open source components that underpin the sector by securing them through a vendor-neutra
Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into the primary control plane.
NVD CRITICAL: CVE-2026-54636 — Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes comman...
Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, > or ; - can break out of the Docker container and execute commands on the host as the Dokku user. This vulnerability is fixed in 0.38.7.
NVD HIGH: CVE-2026-45406 — Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin cop...
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename containing a single quote breaks the quoting and allows command substitution to execute arbitrary commands on
NVD HIGH: CVE-2026-45405 — Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:...
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user — includin
ISMG Editors: Prep Now, Hackers Will Soon Wield Frontier AI
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ismg-editors-prep-now-hackers-will-soon-wield-frontier-ai-image_small-7-a-32088.jpg" align=right hspace=4><b>Also: AI Model for Drug Development Allegedly Stolen; Accenture's Dragos Deal</b><br>In this week's panel, four ISMG editors discussed Western intelligence agencies' warning that attackers will soon wield frontier artificia
Meta Is Testing Facial Recognition for Police and Military
We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. (Alternate news story.)
New Initiative Tackles Security for End-of-Life Open Source Software
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.
Malware authors subvert AI detection systems
Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach. Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post from security company SentinelLabs. SentinelLabs thinks it knows who’s responsible for the malware, which attacks MacOS systems. “
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia. The activity, particularly aimed at state-owned enterprises in the energy and government sectors, has been attributed to a threat actor called CL-STA-1062, which Palo Alto Networks
NVD HIGH: CVE-2026-44018 — Docling simplifies document processing by parsing diverse formats and providing ...
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause applicati
NVD CRITICAL: CVE-2026-12411 — Broken Access Control in the devLXDInstancePatchHandler component of Canonical L...
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
AI Won't Wipe-Out Entry-Level Cybersecurity Jobs
Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills.
Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. The post Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories appeared first on SecurityWeek .
More Klue Breach Victims Identified as Hackers Get Hacked
Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact. The post More Klue Breach Victims Identified as Hackers Get Hacked appeared first on SecurityWeek .
Cyberattacks pose a ‘threat to life’ in Australia
Australia’s Security Intelligence Organization (ASIO) has uncovered an attack on a critical infrastructure operator’s network. State-sponsored actors had compromised the network and were preparing to sabotage it, according to its director general, Mike Burgess. Other countries face similar cyber-threats to critical infrastructure . It’s impossible to exaggerate the danger that the country is facin
In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs
Other noteworthy stories that might have slipped under the radar: Russia used Cellebrite to hack activist’s phone, Five Eyes issue urgent AI threat warning, macOS Gaslight backdoor, Scattered Spider guilty pleas. The post In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs appeared first on SecurityWeek .
Revolut ends remote-first working for graduates and interns
Revolut is scrapping its remote-first policy for graduates and interns, requiring new staffers to work in the office at least three days a week.
QI Tech and Bettr expand credit access for e-commerce merchants and consumers in Brazil
QI Tech, a leading financial services infrastructure provider, has joined forces with Bettr, a leading provider of inclusive and embedded financial services under Ant International, to expand credit solutions for e-commerce sellers and shoppers.
NVD CRITICAL: CVE-2026-57926 — In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable t...
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
NVD HIGH: CVE-2026-57923 — In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app conf...
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
NVD HIGH: CVE-2026-57921 — In JetBrains YouTrack before 2026.2.16593 improper access control allowed readin...
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
NVD CRITICAL: CVE-2026-53914 — In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deseria...
In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata
Iranian-Turkish national sought by US on hacking charges arrested in Montenegro
Predrag Milic reports: An Iranian national who is wanted by the United States for mass hacking attacks that caused damage of $3.4 billion was arrested in Montenegro, police in the Balkan country said late Thursday. The 39-year-old man, who holds both the Iranian and Turkish citizenship, is wanted by a court in New York on multiple charges, including... Source
Your First GRC Agent: A Red Teamer's Walkthrough
AI won't replace GRC analysts, but it can eliminate much of the repetitive work they do. Anecdotes walks through building an agent that continuously monitors controls, identifies evidence gaps, and opens remediation tasks. [...]
HIPAA Compliance Software
The purpose of HIPAA compliance software is to provide a framework to guide a HIPAA-covered entity or business associate through […] The post HIPAA Compliance Software appeared first on The HIPAA Journal .
Binance to stop serving EU customers after failing to secure MiCA license
Crypto giant Binance has told customers in the EU that it will stop providing them with services from 1 July after it failed to secure a license under the bloc’s Markets in Crypto-Assets Regulation.
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon's AI coding assistant handled Model Context Protocol (MCP) servers. Wiz
Russia accuses Apple of ‘political censorship’ after VK apps removed from App Store
Apple removed VK's flagship social network VKontakte, often described as Russia's equivalent of Facebook, along with VK Music, VK Messenger, VK Video, Odnoklassniki and Mail.ru services, including its email application.
UK: Boy’s medical records may have been accessed inappropriately after crocodile attack at zoo
They could have — and should have — anticipated great curiosity about this particular patient’s medical records. Did they control access well enough? Emily Stevens reports: The medical records of a young boy who was attacked by a crocodile at a Cambridgeshire zoo were accessed by up to 40 members of staff. The incident took... Source
Meeting Trump's 2030 Quantum Deadline Will be Expensive, Complex
Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and interoperability gaps.
Turla group adds more malware to Russia’s espionage efforts against Ukraine
Threat intelligence researchers at Google described StockStay, the latest malware developed by the Russian cyber-espionage group known as Turla.
Russia used social engineering to breach prominent messaging accounts, Ukraine says
Ukraine's SBU described a long-running Russian operation that used fake tech-support workers to persuade people to hand over credentials to their messaging apps.
UK: ICO statement on ‘Edtech examined’ report
The UK Information Commissioner’s Office (ICO) has released a report titled “EdTech examined — Key Findings from Our Audits.” The ICO issued the following statement to accompany the report’s release: Today, the ICO has published ‘Edtech examined’, a new report which outlines how we have worked directly with edtech providers to review and improve data protection practi
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit appeared within a day of the CVE assignment on June 16. Red Hat rates the flaw as
Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk
Analysis of CVE-2024-2658 as found in Schneider Electric's Floating License Manager. Discover how this FlexNet Publisher vulnerability potentially allows attackers to escalate to NT AUTHORITY\SYSTEM privileges and expand their foothold; learn how to mitigate the risk.
Thanks for Crushing the Submissions Inbox. We're Trying to Keep Up
It might be taking a bit longer than usual to respond to your submissions — here's why.
Nebulock Raises $25 Million for AI-Native Contextual Security
The cybersecurity startup provides threat hunting, proactive detection, and behavioral security analytics. The post Nebulock Raises $25 Million for AI-Native Contextual Security appeared first on SecurityWeek .
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is
Okanogan Behavioral Healthcare Settles Class Action Data Breach Lawsuit
Okanogan Behavioral Healthcare, a provider of holistic behavioral health services in Okanogan County, Washington, has agreed to settle a class […] The post Okanogan Behavioral Healthcare Settles Class Action Data Breach Lawsuit appeared first on The HIPAA Journal .
FCC votes to toughen rules in bid to better protect undersea cables
In an unprecedented move, the FCC also said it plans to mandate that owners and operators of submarine line terminal equipment (SLTE) be licensed.
Russian Intelligence Services Continue to Target Commercial Messaging Applications
<p>CISA and the Federal Bureau of Investigation (FBI) issued an updated <a href="https://www.ic3.gov/PSA/2026/PSA260626" target="_blank">Public Service Announcement (PSA)</a> warning of Russian Intelligence Services (RIS) cyber threat actors targeting commercial messaging applications in ongoing phishing campaigns. This PSA is an update to the March 2026 <a href="https://www.cisa.gov/resources-too
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 (CVSS 8.8), it lets a local user corrupt file-backed memory through a cloned network packet and gain root. The patch landed in
High-Severity Vulnerability Identified in OHIF Viewers DICOM
A high-severity vulnerability has been identified in OHIF (Open Health Imaging Foundation) Viewers DICOM, which could be exploited to steal […] The post High-Severity Vulnerability Identified in OHIF Viewers DICOM appeared first on The HIPAA Journal .
Why You Don’t Need to Understand HIPAA to Make Your Small Practice HIPAA Compliant
A small practice owner who cannot define a Security Risk Analysis, has never read the HIPAA Security Rule, and does […] The post Why You Don’t Need to Understand HIPAA to Make Your Small Practice HIPAA Compliant appeared first on The HIPAA Journal .
Guardian Agents: The Next Layer of Identity Governance
AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises are deploying and what their governance programs actually cover is widening fast. This guide breaks
Linux Foundation Unveils New Open Source Security Project Akrites
It will provide the tools and channels to report, patch, and disclose open source software vulnerabilities. The post Linux Foundation Unveils New Open Source Security Project Akrites appeared first on SecurityWeek .
Colorado Health Network; Kentucky Mountain Health Alliance Announce Data Breaches
Data security incidents have been announced by the Colorado Health Network and Kentucky Mountain Health Alliance. In both cases, only […] The post Colorado Health Network; Kentucky Mountain Health Alliance Announce Data Breaches appeared first on The HIPAA Journal .
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow abuse, and a related Go
One Million Passports Leaked Online
A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value system that got hacked, putting the high-value credential at risk.
Minnesota Epilepsy Group; Campbell University; City of Middletown Announce Data Breaches
Data breaches have been announced by Minnesota Epilepsy Group, Campbell University, and the City of Middletown, Ohio. Minnesota Epilepsy Group […] The post Minnesota Epilepsy Group; Campbell University; City of Middletown Announce Data Breaches appeared first on The HIPAA Journal .
China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor
A China-linked threat group has been targeting critical infrastructure in Southeast Asia with a new custom backdoor called TinyRCT
What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan
I work as a principal specialist at a pipeline operator where Operational Technology (OT) is the backbone of the business. I do not report to the board or act as a CISO, but the issues that get raised to those levels affect my job every single day. Since the Colonial pipeline ransomware incident in 2021 , it has become apparent that our industry has started posing different tones of “Are we zero t
Proposed US law would make AI risk reporting a legal obligation
US lawmakers on Thursday introduced a bill that would require developers of advanced AI models to report major safety and security incidents to the Commerce Department, establishing a federal oversight framework for high-risk AI systems. The proposed AI Incident Reporting Act would mandate that developers of designated “covered models” disclose incidents within seven days of knowing, or reasonably
$3 Million Reportedly Stolen in Polymarket Hack
The decentralized prediction market said hackers targeted some of its users through a compromise of a third-party vendor. The post $3 Million Reportedly Stolen in Polymarket Hack appeared first on SecurityWeek .
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says. The company has not attributed the activity to a known threat actor, and the operators' end goal is still unclear. The lure plays to how hotels work.
Smarsh collaborates with AWS to deliver compliant AI adoption in regulated industries
Today, Smarsh, a global leader in digital communications compliance and intelligence, announced breakthrough results from its strategic collaboration agreement (SCA) with Amazon Web Services (AWS), delivering a new standard for compliant AI adoption in regulated industries.
FCA admits TREX to regulatory sandbox, tests advanced climate risk modelling
The Financial Conduct Authority (FCA) has onboarded Transition Risk Exeter Ltd (TREX) into its regulatory sandbox to test whether its approach to climate scenario analysis can provide financial firms a clearer view of physical risks like flooding or heatwaves, as well as risks linked to the move to a low-carbon economy.
Mythos is a signal, not a siren: What frontier AI should change for CISOs
When a new AI capability starts making headlines, I see the same pattern play out in boardrooms and executive staff meetings. The technology is introduced as a looming breakthrough for attackers. The conversation quickly shifts to worst-case scenarios. Then security leaders are asked some version of the same question: Are we suddenly exposed in ways we were not exposed before? My answer is usually
Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets
Turla has been using the backdoor against government and military organizations in Ukraine for espionage. The post Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets appeared first on SecurityWeek .
SMB cyber readiness: the road to resilience starts here
Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience.
Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff
Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces on the phone itself and an official Russian
NVD CRITICAL: CVE-2026-2053 — The WSO2 API Manager's message flow component, when processing WS-Addressing hea...
The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests. Successful exploitation allows an unauthenticated attacker to control the destination of ser
First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild
CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog. The post First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild appeared first on SecurityWeek .
New Enterprise-Ready MCP Specification Brings New Security Challenges
A major overhaul of the Model Context Protocol shifts critical security responsibilities from the protocol itself to developers and platform operators. The post New Enterprise-Ready MCP Specification Brings New Security Challenges appeared first on SecurityWeek .
CMC Releases Analysis and Guidance for Education Sector After Canvas Data Breach
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
GDPR at 10: Landmark data protections, increasing business burden
Ten years have passed since the General Data Protection Regulation (GDPR) came into force, and the results are mixed. While data protection has become more firmly established in European companies — and beyond — than ever before, the business world remains critical of the regulation due to increasing bureaucracy, legal uncertainty, and competitive disadvantages. From a data protection perspective,
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (
Finextra and NICE Actimize release new European Fraud Insights survey report
Finextra’s latest survey report ‘The European Fraud Insights report 2026’ is now available to download.
Philip Martin Joins Uber as Chief Information Security Officer
Martin brings experience from Coinbase, Palantir, Amazon, and the U.S. Army to lead Uber's cybersecurity and enterprise security organization. The post Philip Martin Joins Uber as Chief Information Security Officer appeared first on SecurityWeek .
DirtyClone (CVE-2026-43503): JFrog's catch on the DirtyFrag fix regression, with a detectable PoC
[object Object]
NVD CRITICAL: CVE-2026-48930 — A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lea...
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
NVD HIGH: CVE-2026-48619 — A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of O...
A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
NVD HIGH: CVE-2026-48615 — A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ...
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
Google Finance gets an app
Google has launched a dedicated mobile app for its recently revamped, AI-infused, financial data, news and analytics service.
SBI Holdings to buy crypto exchange Bitbank for $289m
Japanese financial conglomerate SBI Holdings has agreed a deal to buy local crypto exchange Bitbank for around $289 million.
BIS warns of stablecoin 'structural flaws'
Stablecoins, as currently designed, have structural flaws that could affect macroeconomic and financial stability if they were to see widespread adoption, according to the Bank for International Settlements.
AI Firms Seek US Help Against China Model Distillation
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ai-firms-seek-us-help-against-china-model-distillation-image_small-8-a-32082.jpg" align=right hspace=4><b>Anthropic Says Legal Gaps Leave Frontier Labs Vulnerable to LLM Copying</b><br>U.S.-based AI companies are urging the U.S. government to crack down on alleged illicit model distillation by Chinese AI developers, arguing curren
Secret Service Driven to Personal Phones by Heavy Limits
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/secret-service-driven-to-personal-phones-by-heavy-limits-image_small-4-a-32083.jpg" align=right hspace=4><b>Agents Couldn't Group Chat or Text Foreign Counterparts</b><br>U.S. Secret Service agents abroad jeopardized their protective mission by using personal smartphones on foreign trips, say auditors, who fault the Department of
Snyk Reportedly Cuts 90 Jobs to Accelerate AI Strategy
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/snyk-reportedly-cuts-90-jobs-to-accelerate-ai-strategy-image_small-10-a-32081.jpg" align=right hspace=4><b>Interim CEO Ken MacAskill Says Changes Will Speed Product Development and Execution</b><br>Boston-based Snyk is reportedly eliminating about 90 jobs while reorganizing leadership, go-to-market operations and research to accel
Anthropic is testing desktop-like Claude Cowork for mobile
Anthropic appears to be testing Claude Cowork support on mobile, allowing you to manage long-running Claude tasks from your phone. [...]
Robinhood Cuts Access Approval Time to Support High-Velocity Development
The fintech company's engineering-first application security team re-engineered the process for granting system access, making it easier and more secure for developers working on their projects. Here are the lessons learned from Robinhood's experience.
Poland busts SIM-swapping gang tied to millions in crypto theft
Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. [...]
NVD HIGH: CVE-2026-8720 — wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key len...
wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authen
NVD HIGH: CVE-2026-7532 — iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP ad...
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.
NVD HIGH: CVE-2026-7511 — PKCS7_verify signer confusion allows forged signatures, where the signer associa...
PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.
NVD HIGH: CVE-2026-6331 — HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag c...
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length
NVD HIGH: CVE-2026-6325 — Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signatu...
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer.
NVD HIGH: CVE-2026-11703 — Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously s...
Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual hosts, carry the cached peer-authentication state into a context it was not established for. Resumption n
NVD CRITICAL: CVE-2025-71338 — Flowise contains a path traversal vulnerability in the /api/v1/document-store/lo...
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.
NVD CRITICAL: CVE-2025-71336 — Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an u...
Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal and lacks role-based access control, and the default installation runs without authentication unless
NVD CRITICAL: CVE-2025-71334 — Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary...
Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value (e.g., '../../../../../tmp') as the chatflow id, an unauthenticated attacker can use the /api/v1/chatflows endpoint (via addBase64FilesToSt
NVD CRITICAL: CVE-2025-71333 — Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerab...
Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially enabling remote code execution and server compromise.
NVD HIGH: CVE-2025-71328 — Flowise before 3.0.10 contains an unverified password change vulnerability. An a...
Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings (Security) section without supplying the current password or any additional verification, as the application does not enforce a current-password check on the credential change. This can lead to full account takeover, particularly if an att
NVD CRITICAL: CVE-2025-71327 — Flowise contains an authentication bypass vulnerability in the unprotected /api/...
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.
CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure
Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom TinyRCT backdoor. The post CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure appeared first on Unit 42 .
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
NVD HIGH: CVE-2026-6731 — X.509 name constraint bypass via the Subject Common Name when treated as a DNS-t...
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.
NVD HIGH: CVE-2026-6679 — A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before...
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 relea
Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses
The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.
Third Defendant Sentenced To Prison For Hacking DraftKings
NATHAN AUSTAD, one of three people indicted for hacking DraftKings in 2022 has now been sentenced to 18 months in prison. In April, a second man, KAMERIN STOKES, a/k/a “TheMFNPlug,” was sentenced to 30 months in prison for his role, while JOSEPH GARRISON was sentenced in 2024 to 18 months: United States Attorney for the... Source
Breach Roundup: How Hackers Exploited a Cisco SD-WAN Flaw
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/breach-roundup-how-hackers-exploited-cisco-sd-wan-flaw-image_small-3-a-32080.jpg" align=right hspace=4><b>Also, Three Ubiquiti Flaws Under Exploitation</b><br>This week, Mandiant detailed a Cisco SD-WAN hack as attackers exploited Ubiquiti flaws. London Hydro disclosed a customer data breach, researchers flagged cross-cloud bucket
Feds Expand AI to Combat Healthcare Fraud
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/feds-expand-ai-to-combat-healthcare-fraud-image_small-2-a-32079.jpg" align=right hspace=4><b>$6.5B Takedown Highlights AI's Growing Role in Fraud Detection</b><br>A federal effort, bolstered with by data analytics and AI tools, helped bust $6.5 billion in false healthcare claims, U.S. government officials said this week. Moving fo
EdTech Attackers Shift From Schools to Their Software Suppliers
Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters' Notebook video series.
NVD CRITICAL: CVE-2026-7531 — Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follo...
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.
NVD HIGH: CVE-2026-55960 — Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificat...
Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer. The check now defaults the expected type to X.509 (per RFC 7250/8446) when no type was negotiated,
NVD HIGH: CVE-2026-55958 — Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_Store...
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3 handshake transcript exceeds MSGBAG_SIZE (8 KB), corrupting adjacent heap state and potentially c
NVD HIGH: CVE-2026-12340 — Out-of-bounds heap read during SM2/SM3 certificate signature verification. When ...
Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65 bytes results in an out-of-bounds heap read, leading to a potential crash (denial of service); there is
NVD HIGH: CVE-2026-11310 — X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolf...
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certificates; for those users it is critical, otherwise the library is unaffected. In particular, native wol
NVD HIGH: CVE-2026-10512 — The X25519 x86_64 assembly implementation fails to clear the most significant bi...
The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret. The final carry-propagation chains in the
NVD HIGH: CVE-2026-10097 — wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 15...
wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security. An attacker able to submit chosen ciphertexts t
Miasma Returns: Leo Platform Compromise in npm
<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/miasma-returns-leo-platform-compromise-in-npm" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_miasma_leo_platform.png" alt="Image with text "Leo Platform Compromise: Miasma is back" next to skull icon." class="hs-featured-image" style="width:auto !important; max-width:50%; float:l
FCC passes new cybersecurity rules for emergency systems, undersea cables
The new rules would overhaul national emergency systems to protect against hijacking and update federal security review rules for undersea cables providers The post FCC passes new cybersecurity rules for emergency systems, undersea cables appeared first on CyberScoop .
Order-tracking app Shop abused to push callback phishing attacks
Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users' order histories to trick them into providing sensitive data or installing remote access software. [...]
US Bank and GigSafe team on payment infrastructure for logistics industry
US Bank today announced a collaboration with GigSafe, a compliance and payments platform built for regulated delivery and logistics operators, to enhance the way workers using GigSafe get paid.
NVD HIGH: CVE-2026-56788 — RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri ...
RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
NVD HIGH: CVE-2026-56787 — RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in ...
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause
NVD CRITICAL: CVE-2026-56786 — RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_typ...
RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially
NVD HIGH: CVE-2026-56770 — libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vec...
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.
NVD HIGH: CVE-2026-56769 — Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated...
Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal services, exfiltrate responses, and replay credentials against backend systems.
NVD HIGH: CVE-2026-56768 — Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2....
Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory trees.
NVD HIGH: CVE-2026-56766 — Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in ...
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing base64-encoded response data to overflow a 500-byte stack buff
NVD CRITICAL: CVE-2026-54917 — SeaweedFS is a distributed storage system for object storage (S3), file systems,...
SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter().SkipClean(true). With path cleaning disabled, a .. segment inside the URL survives routing, so a request such as `GET /bucket-A/../evil-bucket/key`, is matched as bucket=bucket-A, obj
NVD CRITICAL: CVE-2026-50549 — Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs...
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path and writes without approval. A malicious agent can create an in-workspace symlink that points outside the
NVD CRITICAL: CVE-2026-50548 — Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs...
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the working_directory parameter, which could cause the sandbox to include writable paths outside the intended workspace. A malicious agent could s
The Rise of Collective Defense for Open Source
<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/the-rise-of-collective-defense-for-open-source" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_akrites.jpg" alt="Image with a logo for Akrites side-by-side with the logo for Sonatype" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px
Local Police Collusion Hampers Crackdown on Asian Scam Centers
With tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts.
DHS chief says president has met with potential CISA nominee; agency plans to hire 600
Once a new CISA director is in place, the agency will ramp up hiring efforts, Homeland Security Markwayne Mullin told lawmakers. The White House has not yet announced a nominee.
DHS chief says president has met with likely CISA nominee; agency plans to hire 600
Once a new CISA director is in place, the agency will ramp up hiring efforts, Homeland Security Secretary Markwayne Mullin told lawmakers. The White House has not yet announced a nominee.
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027. [...]
UK's Retail Payments Infrastructure Board launches consultation
The Bank of England-led Retail Payments Infrastructure Board (RPIB) has launched a consultation on the future design of the UK's retail payments infrastructure.
NVD CRITICAL: CVE-2026-6094 — Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 ...
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.
NVD HIGH: CVE-2026-55967 — AES-GCM encryption/decryption with extremely large cumulative single message siz...
AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.
NVD HIGH: CVE-2026-55961 — wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 ob...
wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer
NVD HIGH: CVE-2026-55697 — pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configD...
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arc
NVD HIGH: CVE-2026-55487 — pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix ...
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator normalized to the same value. This vulnerability is fixed in 10.34.2 and 11.5.3.
NVD HIGH: CVE-2026-50573 — pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-fr...
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the registry later serves different metadata and tarball content for the same package name and version, pnpm
NVD HIGH: CVE-2026-50021 — pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extractio...
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install --frozen-lockfile can install the altered package witho
NVD HIGH: CVE-2026-50014 — pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile...
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as --upload-pack=<command>. For SSH and local transports, --
NVD HIGH: CVE-2026-48995 — pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.git...
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and i
NVD HIGH: CVE-2026-11999 — X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility ce...
X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical, otherwise the library is unaffected. Native wolfSSL TLS/DTLS usage is not impacted. X509_verify_ce
Airwallex targets agentic commerce after hitting $11bn valuation
Business payments outfit Airwallex has hit an $11 billion valuation on a $320 million funding round as it gears up for a push into autonomous finance and agentic commerce.
Beyond IOCs: AI-enabled threat intelligence
In this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports.
Forrester: AI Agents Pose New Cybersecurity Risks for CISOs
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/forrester-ai-agents-pose-new-cybersecurity-risks-for-cisos-image_small-1-a-32078.jpg" align=right hspace=4><b>Forrester's Jitin Shabadu Says Visibility and Identity Must Top Security Priorities</b><br>AI innovation is reshaping cyber risk. Forrester analyst Jitin Shabadu explains why security leaders should prioritize visibility,
Europol Poised for More Data Access in Cybercrime Fight
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/europol-poised-for-more-data-access-in-cybercrime-fight-image_small-4-a-32077.jpg" align=right hspace=4><b>Privacy Advocates Raised Objections of Bystander Data Being Swept Up in Police Net</b><br>The European Commission has proposed significant reforms for Europol intended to strengthen the law enforcement cooperation agency's ab
Dick's Sporting Goods Bets on the Data, Not the Bot
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/dicks-sporting-goods-bets-data-bot-image_small-1-a-32073.jpg" align=right hspace=4><b>Retailer Uses Adobe Platform, Agentic AI to Boost Engagement, Capture Customer Data</b><br>Dick's Sporting Goods announced Coach by Dick's, an AI assistant built on Adobe's Brand Concierge platform that rolled out inside its mobile app in June. T
Cryptohack Roundup: DOJ Seizes Huione Cloud Account
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cryptohack-roundup-doj-seizes-huione-cloud-account-image_small-8-a-32072.jpg" align=right hspace=4><b>Also: Guilty Pleas in $8M Home Invasion, $1.8B HyperFund Fraud</b><br>This week, the U.S. Department of Justice seized a Huione Group cloud account, Aztec's $2 million exploit, CoinEx's alleged Iranian link and crypto bill warning
Jack Henry partner Google Cloud for AI-driven security
Jack Henry (Nasdaq: JKHY) and Google Cloud today announced an expanded collaboration to deliver AI-driven security capabilities for banks and credit unions. Building on their strategic relationship established in 2022, Jack Henry will use Google Cloud's suite of agentic defense products to develop a proprietary AI security platform purpose-built for the financial services ecosystem.
NVD HIGH: CVE-2026-9800 — A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any auth...
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.
NVD HIGH: CVE-2026-9099 — A flaw was found in Keycloak. A missing authorization check in the GroupResource...
A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such
NVD HIGH: CVE-2026-9086 — A flaw was found in Keycloak. A remote attacker with administrative privileges, ...
A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a specially crafted redirect URI using a case-insensitive `javascript:` or `data:` scheme. This Cross-S
NVD HIGH: CVE-2026-56123 — socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vuln...
socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read through a signed char field causing a negative bytes_to_read value that is implicitly converted to size
NVD HIGH: CVE-2026-55092 — Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifa...
Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a crafted annotation that resolves to a path outside the intended destination, causing Trivy to write the l
NVD HIGH: CVE-2026-54040 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prio...
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can silently replace a victim's backup codes and use them to bypass 2FA login or disable 2FA entirely. This vu
NVD CRITICAL: CVE-2026-54030 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prio...
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata (RFC 9728) matches the configured MCP server URL, allowing a malicious MCP server to steal access tokens intended for a legitimate server. This vulnerability is fixed in 0.8.5.
NVD HIGH: CVE-2026-45233 — HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-...
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences directly to file_exists() and rename() functions in admin.php without canonicalization or directory bounda
AI and Liability
Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like “users can check for themselves,” and that they generally know “that information generated with AI should not be blindly trusted,” the court held that the AI’s summaries are reflections of the company and “above all an expression of Google’s
Arca raises $64m for AI-native wealth management
Arca, an AI-native wealth management startup promising to humanise the sector in the age of robo-advisors, has emerged from stealth with $64 million in funding.
New macOS malware embeds fake errors to confuse AI analysis tools
A newly discovered macOS malware dubbed "Gaslight" is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable. [...]
Colorado Health Network Notifies Patients of Last Year’s Breach—But Key Details Remain Undisclosed
In August 2025, DataBreaches added the Colorado Health Network (CHN) to our non-public worksheets after threat actors called Cephalus added the provider to its’ dark web leak site with a claim that they had acquired 900 GB of data. Cephalus disappeared from public view days later, and never leaked the data on any server that... Source
NVD HIGH: CVE-2026-9717 — CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Inj...
CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.
NVD HIGH: CVE-2026-9716 — CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-...
CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces.
NVD HIGH: CVE-2026-57456 — Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python...
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. When reconstructing that source, each scope's docstring is inserted verbatim between triple
NVD HIGH: CVE-2026-57455 — Vim is an open source, command line text editor. Prior to 9.2.0698, the single-b...
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stac
NVD HIGH: CVE-2026-57453 — Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, w...
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string co
NVD HIGH: CVE-2026-55895 — Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript ...
Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash characte
NVD HIGH: CVE-2026-55693 — Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_cou...
Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (arridx[], curi[], wordcount
NVD HIGH: CVE-2026-54036 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prio...
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen session) even when 2FA is already fully enabled on the account. This endpoint overwrites the existing TOTP secret, generates new backup codes, and sets twoFactorEnabled to false — all without requirin
Federal court rules Trump election-focused executive order illegal
Provisions setting up federal voter lists for each state and restricting mail ballots through USPS were declared unconstitutional. The post Federal court rules Trump election-focused executive order illegal appeared first on CyberScoop .
PirloTV sports piracy network disrupted as 44 domains seized
A major sports piracy ring linked to the illegal PirloTV streaming platform has been disrupted in an action that targeted 44 domains. [...]
CVE-2025-52465 geoserver arbitrary file write vulnerability
[object Object]
NVD HIGH: CVE-2026-57435 — Nokogiri is an open source XML and HTML library for the Ruby programming languag...
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attr#value= could free the underlying native child node while the wrapper remained reachable t
NVD HIGH: CVE-2026-57434 — Nokogiri is an open source XML and HTML library for the Ruby programming languag...
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could crash the process. This vulnerability is fixed in 1.19.4.
NVD HIGH: CVE-2026-57236 — Nokogiri is an open source XML and HTML library for the Ruby programming languag...
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current encoding string without replacing it. The document is left referencing freed memory, so the next call to Document#encoding r
NVD HIGH: CVE-2026-57235 — Nokogiri is an open source XML and HTML library for the Ruby programming languag...
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds
Bluekit phishing kit adopts browser-in-the-middle for login theft
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle capabilities for improved data theft. [...]
Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract
The phone-cracking firm broke off from its deal with Russia, but Citizen Lab said that didn’t stop authorities from surveilling Andrey Pivovarov. The post Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract appeared first on CyberScoop .
Another Russian dairy company reportedly disrupted by cyberattack
A dairy products manufacturer in Russia's republic of Bashkortostan is the latest such company to have its operations snarled by a cyberattack.
Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack
Nathan Austad, who sold access to compromised accounts through a criminal storefront, is the third and final defendant sentenced in the 2022 breach The post Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack appeared first on CyberScoop .
NVD HIGH: CVE-2026-56122 — Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability t...
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any fi
NVD HIGH: CVE-2026-47151 — In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can tri...
In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cluster may be impacted.
NVD HIGH: CVE-2026-47150 — In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trig...
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.
NVD HIGH: CVE-2026-47147 — In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server...
In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted.
NVD HIGH: CVE-2026-46734 — Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a...
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
NVD HIGH: CVE-2026-46732 — Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a...
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extension description states that it allows users to prevent web
The Four Elevations of Effective Fraud Prevention
Fraudsters don't attack just one transaction. They target accounts, platforms, and entire ecosystems. IPQS explains the four elevations of fraud prevention and why broader visibility improves fraud detection. [...]
Russia's Gamaredon Adapts Tactics to Target Ukraine
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/russias-gamaredon-adapts-tactics-to-target-ukraine-image_small-9-a-32068.jpg" align=right hspace=4><b>Eset Documents New Malware Families and Infrastructure Tactics</b><br>Eset found Russia's FSB-linked Gamaredon expanded its malware toolkit, launched dozens of spear-phishing campaigns, and increasingly relied on legitimate cloud,
GoCardless and Sequence launch native Direct Debit integration for businesses
GoCardless, the bank payment company, has announced a partnership with Sequence, an AI billing and quote-to-cash platform to deliver a fully native Direct Debit integration, enabling businesses to automate payment collection across one-off invoices and recurring billing schedules without leaving their billing engine.
Lean and Ziina launch UAE's first one-tap Pay by Bank system
Lean Technologies and Ziina have launched the UAE's first One-Tap Pay by Bank experience under the Open Finance framework, marking a significant step in the maturation of account-to-account payments in the region.
Experts on Experts: Why AI and Compliance Are Forcing A New Security Operating Model
This week on Experts on Experts, I sat down with Sabeen Malik , Rapid7’s VP of Global Government Affairs and Public Policy, to discuss a shift security leaders can’t afford to treat as separate threads: frontier AI, vulnerability discovery, cybersecurity compliance, and operational resilience. AI is changing how quickly vulnerabilities can be found, validated, and potentially exploited. At the sam
Twenty Million US IP Connections Used by Proxy Services
Digital Citizens Alliance report claims that millions of Americans may have unwittingly had IP connections used by cybercriminals
No need to hack when it’s leaking: Dialog edition
Yes, another entry in our “no need to hack when it’s leaking” archives, and another example of entities trying to excuse their security failures by claiming they were “hacked.” Danny Bradbury cuts to the chase: Some organizations exist to be exclusive. They’re invite-only, and discreet, the kind of place where the membership directory is the... Source
Runlayer Raises $30 Million in Series A Funding
The startup’s platform functions as a secure control layer, aiming to secure AI tools across enterprises. The post Runlayer Raises $30 Million in Series A Funding appeared first on SecurityWeek .
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishing pipes because apparently email was not enough hell already. The worst part is how cheap some of it feels. Not elite. Not cinematic.
Ukraine's state postal operator reports app disruption after cyberattack
Ukraine's state-owned postal operator said it was experiencing disruptions to some of its app services due to a suspected cyberattack, but did not say who was behind it.
Russia used Cellebrite phone-hacking tool to crack down on dissident after firm cut off country
The continued use of the powerful data extraction product soon after the company in March 2021 said it would stop working with Russia suggests the firm has been unable to pull back its technology from authoritarian government customers, researchers say.
Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply
Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala. The post Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply appeared first on SecurityWeek .
Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack
Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala. The post Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack appeared first on SecurityWeek .
Ukraine’s National Postal Service Ukrposhta Hacked Overnight
Kyiv Post reports: Ukrposhta, Ukraine’s national postal service, announced system malfunctions following a cyberattack overnight going into Thursday. In a brief update, the state-run postal service said it is working to restore operations and would provide updates as they become available. “Due to a nighttime hostile attack on IT systems, the Ukrposhta application is temporarily malfunctioning,”..
Schneider Electric PowerLogic P7
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-07.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation
Yokogawa FAST/TOOLS and CI Server
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability may return a response containing the CI Server setting information.</strong></p> <p>The following versions of Yokogawa FAST/TOOLS and CI Server are affected:</p> <ul> <li>FAST/TOOLS >=R9.0
Horner Automation Cscape
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code.</strong></p> <p>The following versions of Horner Automation Cscape are affected:</p> <ul> <li>Cscape <10.2_
Delta Electronics DTM Soft
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.</strong></p> <p>The following versions of Delta Electronics DTM Soft are affected:</p> <ul> <li>DTMSoft vers:all/* </li> </ul> <div
OHIF Viewers DICOM
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-176-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link.</strong></p> <p>The following versions of OHIF Viewers DICOM a
Trust in Automated AI Vulnerability Scanning Collapses to 9%, New Study Finds
Cobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testing
H.VIEW HV-500S6 IP Camera
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device.</strong></p> <p>The following versions of H.VIEW HV-500S6 IP Camera are affected:</p
pydicom pynetdicom Library
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-176-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths.</strong></p> <p>The following versions of pydicom pynetdicom Library are affected:</p> <ul> <li>pynetdicom >=v1.0
Daktronics Controller Firmware
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system.</strong></p> <p>The following versions of Daktronics Controller Firmware are affec
EVoke Systems Charging Station Management System
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.</strong></p> <p>The
Goldman Sachs leads $110 million round in financial AI firm Taktile
Goldman Sachs has led a $110 million Series C fundraising round for financial services specific AI firm Taktile.
New CISA Guide Helps Agencies Adopt SASE For Zero Trust
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
Interesting Paper Exploring Prompt Injection
This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security architecture and the cognitive scaffolding of modern LLMs. We’ve shown that this architecture doesn’t survive
Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project. The post Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning appeared first on SecurityWeek .
HIPAA Security Rule Training for Business Associates
HIPAA Business Associates that create, receive, maintain, or transmit electronic Protected Health Information on behalf of HIPAA-covered entities are directly […] The post HIPAA Security Rule Training for Business Associates appeared first on The HIPAA Journal .
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering these questions requires teams to go beyond alerts, the most common basis for initial triage. But investigations (and their outcomes)
N26 hits full-year profitability under new leadership team
German digital bank N26 has surpassed €500 million in revenue and secured its first full year of net profitability after a leadership shake up that saw the demotions of co-founders Maximilian Tayenthal and Valentin Stalf and the appointment of UBS executive board member Mike Dargan as CEO.
GitLab Patches Code Execution, Information Disclosure Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects. The post GitLab Patches Code Execution, Information Disclosure Vulnerabilities appeared first on SecurityWeek .
macOS Flaw Lets Standard Users Disable EDR and MDM
macos-xpc-flaw-disable-edr-mdm-standard-user-xm-cyber
Major Increase in Ransomware Attacks Targeting Europe, Warns New Report
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
Rethinking the balance between AI oversight and innovation
The new CIO mandate is clear: facilitate AI adoption across the enterprise at speed. According to CIO.com’s State of the CIO survey, CEOs’ to p priority for their IT executives is to capitalize on AI . From researching to evaluating AI products, CIOs are now the central figures in their organizations’ AI strategies. And company leaders are looking for real outcomes. Almost two-thirds of senior lea
Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools
Kaspersky researchers analyze the threat landscape for SMBs in 2026: the rise of attacks involving fake AI tools, phishing schemes, and data sold on the dark web.
Bradford Health Services; Bradford Health Partners Settle Data Breach Lawsuit
Bradford Health Services, LLC, and Bradford Health Partners, LLC, were sued over a December 2023 cybersecurity incident that exposed the […] The post Bradford Health Services; Bradford Health Partners Settle Data Breach Lawsuit appeared first on The HIPAA Journal .
Introduction to COM usage by Windows threats
Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors.
Europe Evolves Into Ransomware's Favorite Region
After a global lull, ransomware gangs are setting sights on a rich new arena: attacking EU organizations and their suppliers.
Healthcare Report Highlights Growing Vendor Risk and Lack of Cyberattack Readiness
Cybersecurity risk is growing, and healthcare organizations are struggling to defend a rapidly increasing attack surface. AI tools are being […] The post Healthcare Report Highlights Growing Vendor Risk and Lack of Cyberattack Readiness appeared first on The HIPAA Journal .
25-Year-Old Vulnerability Patched in Curl
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities. The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek .
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact. The malware has been codenamed Gaslight owing to this deceptive behavior. It's been assessed with high confidence that the tool is
Top UK banks go to work on digital verification service
UK Finance is supporting Barclays, HSBC, Lloyds Banking Group, Nationwide Building Society, NatWest Group and Santander to develop a financial services-led digital verification service.
Albania's digital-first Jet Bank launches
Albania's first fully-digital bank, Jet Bank, has launched after securing its license.
Why patch directives only go so far
Six weeks of undetected access through a compromised VPN exposes why patching isn't a solution for the organizations already breached. The post Why patch directives only go so far appeared first on CyberScoop .
GRC is broken. FedRAMP 20x might fix it
We are auditing a curated version of history. I’ve worked in security long enough now to know something most of us don’t really say out loud. A lot of compliance is theatre. Not all of it, and not all auditors or frameworks, but enough of it that most experienced CISOs know exactly what I mean. If you understand how audits work, know how controls are interpreted and can manage scope and narrative
SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition
The 2026 Industrial Control Systems (ICS) Cybersecurity Conference takes place October 6-8, 2026, at the W Nashville. The post SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition appeared first on SecurityWeek .
Forter introduces five new AI agents
Forter, the AI decisioning platform for the future of commerce, today launched Forter Agents and early access to the Forter Model Context Protocol (MCP), helping teams get faster access to the context, recommendations, and insights they need to grow revenue from key commerce moments throughout the entire customer journey.
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon Black's Threat Hunter Team, the backdoor, also tracked as MLTBackdoor, is said to be linked to an initial access broker (IAB) named
Marshmallow, Percayso Inform and TransUnion form data partnership
Marshmallow Insurance has signed a multi-year partnership agreement with data specialist Percayso Inform and analytics solution provider TransUnion.
On-chain finance startup Ground emerges from stealth with $3.6 million pre-seed funding
The financial industry’s next infrastructure layer already exists.
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances
ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data
NIST Opens Updated IoT Security Guidance to Public Review
The guidance aims to establish product cybersecurity requirements for IoT devices integrated into federal agencies’ networks. The post NIST Opens Updated IoT Security Guidance to Public Review appeared first on SecurityWeek .
NVD HIGH: CVE-2026-12937 — The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Pl...
The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to appe
Chrome 149 Update Resolves 18 Severe Vulnerabilities
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution. The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek .
NVD HIGH: CVE-2026-12490 — When a provide-xfr is given with a tls-auth-name, a secondary requesting a trans...
When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match.
NVD HIGH: CVE-2026-12246 — NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an ad...
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.
NVD HIGH: CVE-2026-12245 — NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS c...
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
NVD HIGH: CVE-2026-12244 — If NSD is configured as secondary for a zone, the primary of that zone can crash...
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 6550
Cisco SD-WAN Zero-Day Exploited Months Before Patching
CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching. The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek .
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges
NVD HIGH: CVE-2026-12053 — GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 bef...
GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.
NVD HIGH: CVE-2026-12077 — The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via...
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existin
Aryon Secures $29M to Thwart Cloud Risks Before Deployment
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/aryon-secures-29m-to-thwart-cloud-risks-before-deployment-image_small-3-a-32069.jpg" align=right hspace=4><b>Series A Funds Back Enforcement Controls That Block Insecure Resources Instantly</b><br>Aryon Security raised $29 million in Series A funding to help enterprises enforce security policies at cloud deployment, preventing mis
Open-Source Coalition Pushes California to Rework AI Act
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/open-source-coalition-pushes-california-to-rework-ai-act-image_small-9-a-32067.jpg" align=right hspace=4><b>Developers Warn Clause in AI Transparency Act Collides With Open-Source Licensing</b><br>A coalition of open-source artificial intelligence players are pressing California to rewrite a license-revocation provision in the sta
Your Board Is Using Shadow AI
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/your-board-using-shadow-ai-image_small-8-a-32065.jpg" align=right hspace=4><b>Board Members Adopt GenAI Without Policies or Oversight</b><br>A new Diligent Institute survey finds 82% of U.S. public company directors are using generative AI for board work, yet 69% of boards have no formal AI policy in place. CIOs are being left out
NVD HIGH: CVE-2026-8658 — OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Li...
OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.
NVD CRITICAL: CVE-2026-8666 — OS Command Injection vulnerability in the traceroute action of Rapid7 InsightCon...
OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands.
NVD CRITICAL: CVE-2026-8665 — OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Tra...
OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.
NVD HIGH: CVE-2026-8664 — OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Lin...
OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.
NVD CRITICAL: CVE-2026-8660 — OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect P...
OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.
NVD CRITICAL: CVE-2026-8592 — OS Command Injection vulnerability in the process_string action of Rapid7 Insigh...
OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.
Another BreachForums Clone Shuts Down, Citing Fears of ShinyHunters
If there were a soundtrack for this post, it would be Queen’s “Another One Bites the Dust.” There’s another chapter in the ongoing drama that is “BreachForums.” Yesterday, the BreachForums clone at breached[.hn] was listed for sale for $3k USD. By today, they had dropped the price to $ 1,500 USD and still couldn’t seem... Source
What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)
[This is a Guest Diary by Nicole Phillips, an ISC intern as part of the SANS.edu BACS program]
NVD HIGH: CVE-2026-8663 — OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux ...
OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction.
NVD HIGH: CVE-2026-8659 — OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Lin...
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.
NVD CRITICAL: CVE-2026-40079 — Cacti is an open source performance and fault management framework. Versions 1.2...
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built by rrdtool_function_graph() is passed through this function and then to shell_exec($full_commandl
NVD HIGH: CVE-2026-39951 — Cacti is an open source performance and fault management framework. Versions 1.2...
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.
SBI Holdings invests in agent orchestration platform Pints AI
Japanese financial group SBI Holdings has co-led a $5.6 million pre-Series A funding round for Pints AI, an agentic artificial intelligence startup specialising in the financial services sector.
Stablecore launches stablecoin and digital asset programme for credit unions
An early-access stablecoin and digital asset programme specifically designed for US credit unions has launched.
NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence
NIST’s shift to risk-based enrichment makes one thing clear: modern security teams need more than a single public source. In the AI era, trusted vulnerability intelligence depends on multiple signals, human validation, and clear context.
CISA KEV: PTC Windchill and FlexPLM — PTC Windchill and FlexPLM Improper Input Validation Vulnerability
PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.
CISA KEV: Cisco Unified Communications Manager — Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.
Google releases new privacy controls for activity history, personalization
Google is rolling out new privacy controls for Search services and Google Play, giving you more control over saved history and personalized recommendations. [...]
NVD CRITICAL: CVE-2026-39948 — Cacti is an open source performance and fault management framework. In versions ...
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses in lib/html_graph.php and lib/html_tree.php, which are reachable pre-authentication through graph_view.php on installatio
Be on the lookout for Mistic, a new backdoor used by ransomware broker
Researchers have identified a new backdoor program that has been used in enterprise intrusions since April and appears to be linked to an initial access broker that sells network footholds to ransomware gangs. Dubbed Mistic by researchers from Symantec , the malware program has been deployed on networks belonging to organizations from multiple sectors, including insurance, education, IT, and profe
NVD CRITICAL: CVE-2026-55455 — Appsmith is a platform to build admin panels, internal tools, and dashboards. Pr...
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by the REST API and GraphQL datasource plugins) validates hosts against an exact-match string denylist. The comprehensive address-class check (loopback, any-local, link-local, fc00::/7) exists only on a separate code path used by SMTP, not by the
NVD HIGH: CVE-2026-50189 — Appsmith is a platform to build admin panels, internal tools, and dashboards. Pr...
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/* on the public ingress. Combined with the APPSMITH_SUPERVISOR_PASSWORD exposed via GET /api/v1/admin/env, any authenticated administrator can send ar
DraftKings hacker 'Snoopy' sentenced to 18 months in prison
A 21-year-old using the alias "Snoopy" was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. [...]
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. [...]
NVD HIGH: CVE-2026-13201 — A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAt...
A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the intended no-follow protection. An attacker with access to a virt-launch
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
OpenAI Unveils 'Jalapeño' Inference Chip
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/openai-unveils-jalapeo-inference-chip-image_small-7-a-32064.jpg" align=right hspace=4><b>Custom Silicon Advances Firm's Push Toward a Full AI Stack</b><br>OpenAI has introduced Jalapeño, its first custom inference chip developed with Broadcom and Celestica. The move marks a significant step toward vertical integration, giving Open
Malicious Edge extension abuses Native Messaging as bridge to malware
A malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...]
2026 FIFA World Cup Faces Surge in Cyber Threats
Persistent cybercrime, social engineering, and infrastructure threats continue to plague the FIFA 2026 World Cup across the US, Canada, and Mexico.
Stryker Seeks to Dismiss Class Action Lawsuit in Cyberattack
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/stryker-seeks-to-dismiss-class-action-lawsuit-in-cyberattack-image_small-9-a-32063.jpg" align=right hspace=4><b>Medtech Firm Argues PII of Employees Filing Lawsuit Was Not Compromised</b><br>Stryker is asking a court to dismiss proposed class action litigation filed by current and former employees who allege their personal informa
Thredd rolls out Visa Cloud Connect in Asia Pacific
Thredd, the AI-first issuer processing platform, today announced the implementation of Visa Cloud Connect (VCC) in the Asia Pacific, marking a significant regional milestone in the company’s broader cloud transformation strategy.
Three ‘cybercrime as a service’ operations undercut by Microsoft, law enforcement
Microsoft touted its latest action against malware infrastructure as a new approach aimed at the full cybercrime "supply chain." Europol said more than 300 servers were targeted.
Latin America's largest card processor CSU Digital lands in the US
CSU Digital is Latin America’s largest independent card processor, managing more than 50 million cards and processing nearly $100 billion in annual transactions.
Do CISOs Need a Code of Ethics?
Kickbacks, no-show jobs, "dirty" VCs, and shelf ware — industry expert Robert "RSnake" Hansen explains why he thinks its time for a CISO code of ethics to ensure cybersecurity bosses aren't engaged in self-dealing that could risk enterprise, and even national, security.
Infostealers StealC and Amadey Disrupted in Police Crackdown
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/infostealers-stealc-amadey-disrupted-in-police-crackdown-image_small-7-a-32062.jpg" align=right hspace=4><b>$41M in Crypto Assets Blocked, 27M Login Credentials Recovered</b><br>Malware-as-a-service offerings Amadey and StealC have been targeted in an international law enforcement crackdown that also hit dropper/loader SocGholish,
Malicious hackers exploit Cisco zero-day for highest access level at communications service provider
Mandiant detailed the incident in a blog post Wednesday, but it’s unclear who was behind it or if they managed to get broad visibility into the victim’s internal traffic. The post Malicious hackers exploit Cisco zero-day for highest access level at communications service provider appeared first on CyberScoop .
Modern Treasury partners Sardine to help businesses detect fraud earlier
Modern Treasury today announced a partnership with Sardine to enhance transaction monitoring and fraud prevention capabilities for businesses moving money across the U.S. and globally.
When Information Becomes the Attack Surface – Understanding AI Agent Traps
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. The post When Information Becomes the Attack Surface – Understanding AI Agent Traps appeared first on SecurityWeek .
Scattered Spider duo convicted over $38M Transport for London attack
Two members of the Scattered Spide r cybercrime collective have admitted launching a cyberattack against Transport for London (TfL) that caused millions in damages. Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were due to stand trial for computer hacking offences at Woolwich Crown Court on Monday but changed their pleas to guilty on the first day of what
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution
NVD CRITICAL: CVE-2026-54906 — concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurre...
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still running. Concurrent::ReadWriteLock#
NVD HIGH: CVE-2026-54904 — concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurre...
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReference#update, which retries until compare_and_set(old_value, new_value) succeeds; Numeric compare_and_set, which checks old == old_value before attempting the u
More Malicious OpenClaw Skills Threaten AI Supply Chain
OpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security checks even though they included infostealers and other threats.
NVD CRITICAL: CVE-2026-56121 — Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows...
Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from base64 and passed to dill.loads() before any authorization check is performed, enabling attackers to e
NVD CRITICAL: CVE-2026-56111 — Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_B...
Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single crafted G-code command via USB serial, network interface, or malicious gcode file to write an attacke
Researchers Trick AI Browsers Into Leaking Credentials
LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails
Mastercard and PrivatBank complete Ukraine’s first payment executed by an AI agent
Mastercard and PrivatBank have completed Ukraine’s first agentic transaction, through Mastercard Agent Pay.
The New Boardroom Mandate: Building Barriers to Limit Cyber Impact
As agentic AI expands the attack surface and accelerates cyberattacks, organizations must focus on containing breaches rather than preventing every intrusion, says Akamai's Mani Sundaram. He explores AI-powered segmentation, securing AI factories and the convergence of browser security.
Preparing Education Institutions for the Next Wave of Generative AI
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/future-generative-ai-in-public-sector-image_file-2-a-28166.jpg" align=right hspace=4><b>An OnDemand Webinar from Elastic</b><br>
Infosecurity Europe 2026: Security in the Age of AI
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/infosecurity-europe-2026-security-in-age-ai-image_small-4-a-32061.jpg" align=right hspace=4><b>Compendium Features Dozens of In-Depth Interviews With CEOs, CISOs and Researchers</b><br>Welcome to Information Security Media Group's Infosecurity Europe 2026 Compendium featuring cybersecurity insights from industry's top researchers,
Five Eyes Warn the Frontier AI Cyberthreat Is Months Away
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/five-eyes-warn-frontier-ai-cyber-threat-months-away-image_small-4-a-32054.jpg" align=right hspace=4><b>Allied Cyber Agencies Urge Leaders to Act Now as Frontier Models Reshape Risk</b><br>A rare joint statement from the Five Eyes cyber agencies is warning that frontier artificial intelligence will transform offensive hacking in ju
Microsoft Weighs DeepSeek for Copilot Amid Security Debate
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/microsoft-weighs-deepseek-for-copilot-amid-security-debate-image_small-5-a-32055.jpg" align=right hspace=4><b>Lower-Cost AI Model Could Cut Agent Costs But Raise Enterprise Risks</b><br>Microsoft is testing alternative AI models, including China's DeepSeek v4, to reduce the cost of running Copilot Cowork's agentic workloads. While
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrupt the 'assembly lines' cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure," Europol said in
Worldpay suffers outage during England vs Ghana World Cup game
Some Brits were unable to make card payments at pubs and shops during the World Cup game between England and Ghana on Tuesday evening after processor Worldpay was hit by an outage.
Entrust takes on AI-driven account takeover
Entrust, a global leader in identity-centric security, today introduced a new approach to preventing account takeover in the age of AI. As attackers increasingly target high-risk moments like account recovery, device changes, and large transactions, organizations need to modernize authentication from verifying access to verifying the real human behind the transaction.
Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
Fintech Scotland launches innovvation challengge on responsible AI
Fintech companies from around the world with innovative AI solutions can now apply to the award-winning Financial Regulation Innovation Lab’s new innovation call – on responsible AI in financial services.
NVD HIGH: CVE-2026-11877 — An unauthorized user can modify configuration through API calls that affects the...
An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.
Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware
Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies. The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek .
CISA warns of max severity Ubiquiti flaws exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. [...]
Amadey, StealC malware operations disrupted in Operation Endgame action
Microsoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs. [...]
Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven environments. The post Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk appeared first on SecurityWeek .
German rail services resume after wireless communications outage
Deutsche Bahn said a nationwide disruption of railway services was tied to a malfunction in its 2G-based GSM-R communications system.
Digital euro clears European Parliament hurdle
Europe has taken another step towards the launch of a digital euro in 2029 after a key parliamentary committee backed the plan.
Securing the service desk: Why social engineering attacks keep succeeding
Service desks have become a favored target for attackers seeking password resets, MFA changes, and access to corporate accounts. Specops Software breaks down how service desk social engineering attacks work and how organizations can defend against them. [...]
macOS Backdoor Uses Prompt Injection to Evade AI Triage
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
Hillcrest Convalescent Center Settles Class Action Data Breach Litigation
Hillcrest Convalescent Center, a short-term inpatient rehabilitation and skilled nursing facility in Durham, North Carolina, has agreed to settle class […] The post Hillcrest Convalescent Center Settles Class Action Data Breach Litigation appeared first on The HIPAA Journal .
macOS Weaknesses Chained to Silently Disable Endpoint Security Agents
A standard non-admin account is sufficient to conduct an attack that exploits legitimate OS behavior rather than software vulnerabilities. The post macOS Weaknesses Chained to Silently Disable Endpoint Security Agents appeared first on SecurityWeek .
How Hackers Broke into Madison Square Garden
Joseph Cox reports: The hackers that stole a large cache of data from Madison Square Garden called a low level employee and tricked them into letting the hackers into MSG’s systems, according to the hackers and 404 Media’s review of the stolen data. … 404 Media downloaded the full 45GB data dump and found the... Source
Vermiculus appoint COO and deputy CEO
Vermiculus Financial Technology today announced that the company’s Board of Directors and CEO have appointed Chris Dorougidenis as Chief Operating Officer (COO) and Henrik Rouet-Leduc as Deputy CEO.
Indian auto giant Bajaj Auto hit by ransomware incident
The company said in a regulatory filing that it became aware of the incident on Tuesday morning and had taken precautionary measures to contain its impact.
NVD HIGH: CVE-2026-56370 — ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in Co...
ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution.
NVD HIGH: CVE-2026-56368 — ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple cod...
ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.
NVD HIGH: CVE-2026-56351 — n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, Postgr...
n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply specially crafted table or column names to execute unauthorized database commands and compromise data integr
NVD HIGH: CVE-2026-56270 — Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentica...
Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter. Remote attackers can send a GET request to harvest sensitive API credentials for Googl
NVD HIGH: CVE-2026-56257 — Capgo before 12.128.2 allows direct patching of public.apps.owner_org through Po...
Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfer_app() workflow and creating split-brain ownership. Attackers can directly update apps.owner_org while leaving app_versions.owner_org unchanged, enabling old-org keys to retain access to version data while new-org keys control the app record.
NVD HIGH: CVE-2026-56245 — Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in...
Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows unauthenticated attackers to insert arbitrary build-time records. Attackers can exploit this by calling POST /rest/v1/rpc/record_build_time with a public API key to poison billing and quota data for any organization, enabling resource exhaustion and cross
NVD HIGH: CVE-2026-56244 — Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets ...
Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to configured receivers, breaking webhook authenticity and integrity.
NVD CRITICAL: CVE-2026-56237 — Capgo before 12.128.2 contains a broken authentication vulnerability in its API ...
Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key parameter in the generation request and supply arbitrary values, generating custom API keys without proper
NVD HIGH: CVE-2026-56232 — Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps const...
Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the unrestricted parent key instead of the scoped subkey.
NVD HIGH: CVE-2026-56231 — Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulner...
Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled app_id supplied in the request body and never verify that the jobId in the URL belongs to that app_id (or the same tenant/org) before issuing privileged builder comma
NVD HIGH: CVE-2026-56223 — Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability...
Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a malicious IdP can forge SAML assertions containing victim email addresses to trigger account merge and ga
NVD HIGH: CVE-2025-71361 — picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch...
picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().
NVD HIGH: CVE-2025-71332 — Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatfl...
Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to be executed, including blind and error-based extraction of data from the credential table.
LastPass says hackers stole customer support case data during Klue breach
Password manager LastPass is still dealing with the settlement from its 2022 data breach (see Related Posts, below, for background on that), but now it has another breach to disclose. Zack Whittaker reports: Password manager maker LastPass is notifying customers that their personal information and customer support case records were stolen during a recent hack... Source
A Note to Our Customers and Partners
A note to our customers and partners about Snyk's AI transformation and organizational changes.
Third DraftKings Hacker Sentenced to 18 Months in Prison
Nathan Austad has been ordered to pay roughly $1.8 million in forfeiture and restitution, and the sentence also includes 3 years of supervised release. The post Third DraftKings Hacker Sentenced to 18 Months in Prison appeared first on SecurityWeek .
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and
KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
British Scattered Spider Hacker Pleads Guilty to Cyberattacks on TfL; SSM Health Care; Sutter Health
Two British hackers have pleaded guilty to a cyberattack on Transport for London (TfL), one of whom also admitted to […] The post British Scattered Spider Hacker Pleads Guilty to Cyberattacks on TfL; SSM Health Care; Sutter Health appeared first on The HIPAA Journal .
ESET takes part in Operation Endgame to disrupt Amadey and Stealc
ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights
Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands. The post Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek .
In a first, a court takedown goes after two cybercrime tools at once
Microsoft, with law enforcement and industry partners, disrupted more than 200 command and control servers for Amadey and StealC, often used in conjunction. The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop .
Apple's MacOS Gap Lets Users Disable Security Tools
Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits.
Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed
Context is the central plank of AI in general, and agentic AI in particular. If an AI system doesn’t have the correct context, it cannot make the correct decisions. The post Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed appeared first on SecurityWeek .
Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage
An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware
Using SASE in a Modern TIC 3.0 Solution
<p><a class="c-button" href="https://www.cisa.gov/sites/default/files/2026-06/The_Journey_to_Zero_Trust_Using_SASE_in_a_Modern_TIC-3.0_Solution_CB_Approved.pdf">Using SASE in a Modern TIC 3.0 Solution</a></p> <p>CISA’s guidance, The Journey to Zero Trust – Using Secure Access Service Edge in a Modern TIC 3.0 Solution, details how the Trusted Internet Connections (TIC) 3.0 initiative is helping age
SBI Holdings launches yen-backed stablecoin
Japanese financial conglomerate SBI Holdings has officially issued $JPYSC, Japan's first trust bank-backed yen stablecoin.
New ‘Mistic’ RAT Opens Door to Several Ransomware Families
Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The post New ‘Mistic’ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek .
Iceland to join Target Instant Payment Settlement System
Iceland is the latest non-European country to join the Eurosystem’s Target Instant Payment Settlement System (Tips), paving the way for payments in Icelandic króna to be settled instantly in central bank money as of 2028.
Attackers exploit Cisco Unified CM flaw weeks after patch release
A critical Cisco Unified CM vulnerability is now under active exploitation, weeks after the company issued patches warning it could allow attackers to gain root access. Threat intelligence firm Defused reported the exploitation on June 23. The company said it observed the activity over the weekend. “This is currently being exploited from a single source using an unvetted PoC, with genuinely-format
Dawn of the Apex Agentic Adversary
We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months later, a fix was deployed. In this era, dwell time was measured in days, sometimes weeks. We are now approaching an
UBS joins $16 million round in private market data and matchmaking service Caplight
UBS has joined in a $16 million funding round for Caplight, a startup that offers pricing data and matchmaking services for shares of private companies.
CVE-2026-20971: Samsung Android kernel UAF affecting Galaxy S9-S25
[object Object]
Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking
The security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek .
Stealthy Mistic backdoor linked to ransomware access broker KongTuke
A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, education, IT, and professional services sectors. [...]
How a malicious AI agent skill passed security checks and reached 26,000 users
A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts, AIR said . The company said a similar attack could have exposed private conversations and internal systems. AIR said no agents were harmed in the research and that the test payload
MoonPay acquires AI bookkeeping platform Entendre
We're pleased to announce the acquisition of Entendre, an AI-enabled finance operations platform built for companies moving, settling, or holding value onchain.
BeyondTrust, LastPass Impacted by Klue-Salesforce Incident
Over a dozen Klue customers have confirmed that hackers stole data from their Salesforce instances. The post BeyondTrust, LastPass Impacted by Klue-Salesforce Incident appeared first on SecurityWeek .
Data Breaches Announced by Florida Retina Center; Acadia Healthcare Company
Florida Retina Center has identified unauthorized access to systems containing the protected health information of more than 13,600 patients. Acadia […] The post Data Breaches Announced by Florida Retina Center; Acadia Healthcare Company appeared first on The HIPAA Journal .
StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
Kaspersky researchers analyze a new global campaign dubbed StrikeShark that delivers Cobalt Strike Beacon via custom SharkLoader malware.
Anchorbase raises $2 million
Canadian payments automation platform Anchorbase has raised $2 million to help mid-market businesses automate back-office workflows using AI.
Zeller enters the cloud point-of-sale software market with AI-first system built for SMEs
Australian fintech Zeller has today released a new point-of-sale (POS) app aimed at small and medium-sized businesses, expanding its offering beyond fintech into core business operations software.
Navi UPI bolsters fraud detection
Navi UPI, one of India’s fastest-growing UPI apps, introduced Navi Secure, a unified safety framework that brings together the platform’s existing fraud prevention, risk monitoring and user protection capabilities under a single trust and security proposition.
Interpolitan Money offers early access to fixed income treasury product
Interpolitan Money has launched early access to its new Fixed Income solution, marking the next stage in the expansion of its Asset Management proposition and cross-border capital infrastructure
AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest
New ReliaQuest study reveals the six ways AI is practically being used in attacks today
PayPoint acquires Aperidata
PayPoint has completed the acquisition of UK credit reference agency and open banking provider AperiData following a previous £1 million strategic investment.
Open-source security is posing challenges governments can’t easily solve
A diffuse landscape, fruitful targets, companies not stepping up, AI’s influence and flagging U.S. government efforts all figure into a shifting threat. The post Open-source security is posing challenges governments can’t easily solve appeared first on CyberScoop .
Kahneman, ‘Where’s Waldo’ and the Nexus pass: A CISO’s mental model for the AI era
Security awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does not work. The premise was simple. With enough education, users would learn to spot the tells. Misspelled words. Awkward
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These subsidiaries are alleged to have assisted individuals and organizations in transferring proceeds of
CERT-In’s AI Vulnerability Blueprint: Why Indian CISOs Need Machine-Speed Risk Operations in the Post-Mythos Era
A Qualys India perspective on CERT-In’s blueprint, the post-Mythos threat landscape India faces, and why the operating model needs to change.  Key Takeaways Mythos-class AI changes the vulnerability equation from CVE matching to autonomous exploit discovery, turning known, unpatched weaknesses into weaponized exploits at machine speed. CERT-In’s 2026 blueprint expects 12-hour conta
UK Museums Face Cybersecurity Risks, MPs Warn
Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber
NVD HIGH: CVE-2026-7761 — The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via P...
The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: (1) an MD5 hash fallback in get_directory_by_hash() that allows any post to be used as a member directory by computing SUBSTRING(MD5(post_id), 11, 5), (2) a strstr() parsing logic flaw in post_data() th
NVD HIGH: CVE-2026-9643 — The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cro...
The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and including, 4.5.18. When the plugin's `wpmsTemplateRedirect()` hook detects a 404, it concatenates `$_SERVER['HTTP_HOST']` with the raw `$_SERVER['REQUEST_URI']` and inserts that value verbatim into the `wp_wpms_links.link_url` column via `
NVD HIGH: CVE-2026-9179 — The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via t...
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter (read directly from $_GET['order'] into $shorting) and the lack of sufficient preparation on the existing SQL query in the listPost() functi
NVD HIGH: CVE-2026-4297 — The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary ...
The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOption() function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the user via $wp_xmlrpc_server->login() (verifying credentials are valid) but does not perform any authori
NVD CRITICAL: CVE-2026-12417 — The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass ...
The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the `pravel_change_password()` AJAX handler — registered via `wp_ajax_nopriv_pravel_change_password` and therefore accessible to unauthenticated users — performing no nonce verification, no capability
NVD CRITICAL: CVE-2026-12416 — The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via...
The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the `pravel_invoice_change_password()` function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and performing a loose equality comparison between the supplied `reset_activation_code` POST parame
NVD HIGH: CVE-2026-12100 — The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forger...
The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
NVD HIGH: CVE-2026-12095 — The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forger...
The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The script echoes internal API response d
NVD HIGH: CVE-2026-10091 — The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Si...
The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that wi
AI-SPM buyer’s guide: 14 tools to secure your AI infrastructure
Widespread enterprise adoption of AI has created a pressing need for security solutions — a tall order given that AI’s reach into organizational infrastructure and data is enormous and continues to grow. Moreover, where an organization sits on the AI maturity curve impacts its security needs. Trail of Bits CEO Dan Guide describes the AI journey as a migration from AI-assisted, where AI tools are u
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remote
Linux Process Name Masquerading, (Wed, Jun 24th)
In a previous diary, I talked about stack strings&#;x26;#;x5b;1&#;x26;#;x5d; with a practical example of them. Since my SEC670 class, I&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x99;m even more interested&#;x26;#;xc2;&#;x26;&#
CVE-2026-41089: CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) - only a Denial of Service PoC not RCE
[object Object]
From Langflow to Monero: Inside CVE-2026-33017 Cryptominer
[object Object]
Hackers Exploiting Cisco Unified CM Vulnerability
Cisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June. The post Hackers Exploiting Cisco Unified CM Vulnerability appeared first on SecurityWeek .
Weekly Update 509
I know enough about home cinema audiovisual to know there's a lot I don't know. It's conscious incompetence, if you like, which is different to the unconscious incompetence most people have on the topic. That's not to sound derogatory (it's
NVD HIGH: CVE-2026-3652 — The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_incomplete_form_data` AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever an administrator views the "P
Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says
Come vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said. The post Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says appeared first on SecurityWeek .
Meta pauses employee monitoring program after data protections fail
An extensive program at Meta to gather a wide range of data from employees to train its AI model has been frozen after employees reportedly broke through its guardrails and accessed restricted data, and then did so again after Meta claimed to have fixed the vulnerability. Whether or not the data collection by the $201 billion owner of Facebook was a good idea, analysts argue that the data protecti
Hole in widely-used FFmpeg codec could crash media servers or enable RCE
A newly discovered critical vulnerability in the FFmpeg media processing framework bundled in a huge number of open source and commercial applications points, again, to the need for CSOs to have strategies to deal with software supply chain vulnerabilities, which should include demanding a software bill of materials for all products. Found by researchers at JFrog , the hole ( CVE-2026-8461 ) is a