Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Critical Zimbra Flaw Raises Concerns Over Email Security as Crafted Emails Run Malicious Code


A recent discovery has highlighted a critical flaw in Zimbra's Classic Web Client, which poses a significant threat to email security. Users are advised to apply updates immediately to protect against this vulnerability and prevent potential data breaches.

Published: Sat Jul 11 02:39:38 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

AI-Driven Security Vulnerabilities: A 15-Year-Old Linux Bug Exposes Critical Infrastructure

A 15-year-old Linux bug has been discovered by researchers, exposing millions of users to catastrophic cyber attacks. Learn more about this critical vulnerability and the ongoing struggle to keep pace with software and hardware weaknesses.

Published: Sat Jul 11 05:52:12 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Npm Supply Chain Security Breach: Malicious jscrambler Infostealer Steals Dev Secrets

Thousands of developer machines have been exposed to potential data theft after a malicious infostealer was silently dropped during the installation of version 8.14.0 of the jscrambler package, which is now available on npm.

Published: Sat Jul 11 14:10:29 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hackers Exploit Vulnerabilities in Pakistani Law Enforcement Portal, Leaving Citizens and Police Personnel Exposed to Malware


Hackers Exploit Vulnerabilities in Pakistani Law Enforcement Portal, Leaving Citizens and Police Personnel Exposed to Malware

Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. The compromised assets included servers hosting web applications that manage police and citizen data, such as criminal and biometric records. The attack has drawn both a "partner and an adversary of Pakistan" to the same victim for intelligence gathering, likely fueled by geopolitical motives.

Published: Sat Jul 11 14:19:19 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Critical U-Boot Vulnerabilities: A Threat to Embedded Systems Everywhere


Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices: A new vulnerability discovered in the open-source bootloader could have far-reaching consequences for devices worldwide. Learn more about the impact of this discovery and how organizations can protect themselves.

Published: Sat Jul 11 14:25:54 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

U.S. CISA Adds iCagenda and Balbooa Forms Vulnerabilities to Known Exploited Vulnerabilities Catalog


U.S. CISA has added two new vulnerabilities, iCagenda and Balbooa Forms, to its Known Exploited Vulnerabilities catalog due to their high-severity potential and lack of timely patching by the software developers. Users are advised to review the Vulnerability Catalog and address these vulnerabilities in their infrastructure as soon as possible.

Published: Sat Jul 11 15:32:06 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Security Landscape: Threats Emerge from Unpatched Devices, Exploited Flaws


A new wave of threats has emerged from the lack of patches on millions of devices and exploited flaws in widely used software. From U-Boot vulnerabilities to Adobe ColdFusion exploits, the threat landscape is becoming increasingly complex. Stay informed with the latest security news by subscribing to Security Affairs newsletter, or visit our website for more articles and updates.


Published: Sun Jul 12 00:58:03 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Exploitation Continues: A Comprehensive Analysis of the Latest Malware Threats and Vulnerabilities

The evolving landscape of malware threats requires constant attention and adaptation from cybersecurity experts. Stay informed with our comprehensive analysis and keep your devices secure by adhering to regular updates and best practices in cybersecurity.

Published: Sun Jul 12 09:17:50 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Progress Urges ShareFile Customers to Shut Down Servers Amid Credible Security Threat Investigation

Progress Software has issued an urgent warning to its ShareFile customers, urging them to shut down their internet-facing servers due to a credible external security threat under investigation. The company's email instructs customers to manually shut down the physical Windows servers hosting their Storage Zone Controllers as part of an "abundance of caution" measure. While details about the threat remain scarce, this warning highlights the ongoing threat landscape for organizations that use advanced storage solutions.

Published: Sun Jul 12 10:24:04 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations


A U.S. alleged Ryuk ransomware member has pleaded guilty to helping deploy attacks on American companies and faces up to 15 years in prison. The guilty plea comes as part of ongoing efforts by U.S. authorities to combat cyber crime and data breaches.

Published: Sun Jul 12 16:44:08 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Global Exploitation Campaign Targets Vulnerabilities in Joomla and WordPress Extensions

THN has obtained exclusive information on a global exploitation campaign targeting vulnerabilities in popular content management systems (CMS) and plugins, including Joomla and WordPress extensions. Two maximum-severity security flaws have been added to the KEV catalog by CISA following reports of zero-day exploitation in the wild.

Published: Mon Jul 13 02:04:52 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Misconfigured Server Leaves Trail of Deception: A Study in Phishing Operations Targeting Microsoft 365

Three phishing operations targeting Microsoft 365 have been uncovered, using techniques such as device code flow bypass and proxying live login sessions to evade MFA protections. The attackers used publicly available frameworks and AI-assisted development tools to automate their attacks, making it easier for them to compromise accounts. Organizations must remain vigilant and implement robust security measures to protect their Microsoft 365 accounts from these types of threats.

Published: Mon Jul 13 04:13:55 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Growing Threat of State-Sponsored Router Hackers: A Global Warning


The US government has issued a warning to router users about the growing threat of state-sponsored hacker groups exploiting vulnerable routers. With Russia state hackers coming after your router, it's essential to secure your device and follow best practices to prevent compromise.

Published: Tue Jul 14 23:45:20 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft Extends Windows 11 Update Pause Period and Unveils New Features

Microsoft has extended the pause period for Windows 11 updates indefinitely, allowing users to hold off on updates for as long as they need. The company has also released a new list of improvements for the operating system, including several security patches and features such as a "Point-in-time restore" option.

Published: Tue Jul 14 23:51:15 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Micrsoft's AI-Driven Security Patch Cycle: A New Era of Vulnerability Discovery


In a groundbreaking move, Microsoft Corp. has patched a record 570 security flaws in its Windows operating systems and other software. This surge in vulnerability discovery is largely attributed to the power of artificial intelligence (AI) driving the process. The sheer volume of patches released this time around poses challenges for cybersecurity professionals and users, emphasizing the need for effective defense strategies that can keep pace with these advancements.

Published: Tue Jul 14 23:57:12 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Unveiling of a Grim Legacy: Rare Slave Shackles from Ancient Celtic Settlement

Archaeologists have uncovered rare slave shackles at an ancient Celtic settlement in Allonnes, France, shedding light on the lives of enslaved individuals in Gaul during the third century BCE. The discovery provides a unique window into the complexities and nuances of ancient Gaulish society, which were marked by both cultural achievements and brutal treatment of enslaved individuals.

Published: Wed Jul 15 00:02:32 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft Dominates Patch Tuesday Record Book: A Cautionary Tale of AI-Enabled Bug Hunting

Microsoft has shattered yet another record for the most CVEs addressed in a single day during its Patch Tuesday release, highlighting the growing concern around AI-enabled bug hunting. The 622 patches cover an array of products and services, including Windows, Office, and Edge browsers, and underscore the importance of staying up-to-date with security patches.

Published: Wed Jul 15 00:16:10 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Swatting: The Hidden Dangers Behind a Prank


A Welshman has been sentenced to prison for his role in numerous swatting attacks, highlighting the growing concern over online harassment and cybercrime. Callum Dare, 26, was an administrator on Doxbin, a dark web platform frequented by individuals who expose personally identifiable information (PII) of people, usually to encourage harassment or target them through swatting attacks.

Published: Wed Jul 15 00:25:03 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Musk Promises Purge After Grok Build Caught Sending Entire Repos to Cloud

Musk promises purge after Grok Build caught sending entire repos to the cloud. The recent controversy surrounding Grok Build has left many in the tech community scrambling for answers about data retention policies and user privacy.

Published: Wed Jul 15 00:31:52 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Rise of AI-Driven Cybercrime: A Threat to Global Security


The recent emergence of AI-driven cybercrime has sent shockwaves throughout the security community, as researchers have discovered a jailbroken Google Gemini botnet that was used in a credential- and cryptocurrency-stealing spree. The botnet, which was comprised of 90% AI-generated code, was able to dynamically shift its command-and-control (C2) servers, making it nearly impossible for traditional security measures to detect.

Published: Wed Jul 15 00:52:59 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Baddies Caught Exploiting Critical Joomla Extension Bugs, Leaving Millions of Websites Vulnerable to Attack

Critical Joomla extension bugs have been discovered, leaving millions of websites vulnerable to attack. The vulnerabilities were added to CISA's Known Exploited Vulnerabilities catalog, with fixes already available for both affected extensions. Developers are urged to patch these flaws to prevent exploitation and protect their sites from attackers.

Published: Wed Jul 15 01:00:56 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Formal Attribution and Sanctions: The Russian State's Irresponsible Attempt to Sow Chaos Across Europe

Formal Attribution and Sanctions: The Russian State's Irresponsible Attempt to Sow Chaos Across Europe

A recent cyberattack on Poland's power grid, attributed to Russia's Federal Security Service (FSB), marks a significant escalation in tensions between the Russian state and its European neighbors. This move has sent shockwaves across the international community, with far-reaching implications for cybersecurity, sanctions, and global politics.

Published: Wed Jul 15 01:11:18 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Argentine Football Association's Cybersecurity Breach: A Cautionary Tale of Infostealer Infections

Cybersecurity experts warn of the devastating effects of infostealer infections after the Argentine Football Association's systems were compromised through an older, year-old infostealer infection.

Published: Wed Jul 15 01:47:30 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Progress Software Orders Emergency ShareFile Server Shutdown Over Mysterious Security Threat

Progress Software has ordered an emergency shutdown of its ShareFile servers due to a mysterious security threat. Customers are being instructed to manually shut down their Windows servers hosting the software, despite no evidence of unauthorized access or the disclosure of the specific threat. The incident highlights the importance of staying vigilant in addressing emerging security threats and taking proactive measures to safeguard systems and data.

Published: Wed Jul 15 01:53:59 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Aerial Surveillance: The Hidden Reality of Urban Policing

A leak of San Francisco Police Department drone footage has exposed the new reality of urban surveillance, revealing hours of real-time video captured by drones equipped with cameras that can capture high-definition video and thermal imaging. The leaked feed showed police chasing and detaining suspects, tracking cars and individuals from the sky, as well as searching alleys populated with homeless people. The incident raises concerns about privacy and surveillance, highlighting the need for greater transparency and regulation around drone surveillance.

Published: Wed Jul 15 02:30:21 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

SonicWall SMA 1000 Zero-Day Vulnerabilities: A Critical Threat to Enterprise Security

SonicWall SMA 1000 Zero-Day Vulnerabilities: A Critical Threat to Enterprise Security. Two zero-day vulnerabilities impacting SonicWall SMA 1000 appliances could enable arbitrary command execution, prompting organizations to take immediate action to protect themselves from these critical threats.

Published: Wed Jul 15 02:38:14 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Micrsoft Unleashes Record-Breaking Patch Tuesday, Lays Bare the Urgency of Elevation-of-Privilege Vulnerabilities

Microsoft's latest Patch Tuesday has shattered records, boasting an unprecedented 622 vulnerabilities to address, with two zero-day exploits currently under active attack. The sheer scale of this release underscores the ever-present threat landscape and highlights the imperative for timely patching to mitigate the risk of exploitation.

Published: Wed Jul 15 02:51:27 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

SAP Addresses Critical Vulnerabilities in NetWeaver ABAP, Affecting Data Exposure and Modification


SAP has issued critical security updates to address multiple vulnerabilities in its NetWeaver Application Server ABAP, including a CVSS score of 9.9 that could expose or modify sensitive data. The company recommends installing the patching ABAP Kernel version as soon as possible to ensure optimal protection.

Published: Wed Jul 15 03:01:03 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Claude for Chrome Vulnerability: A Rogue Extension's Power to Unleash Gmail Reads


The Claude for Chrome vulnerability has revealed a serious issue with browser extensions' ability to bypass safety measures, allowing rogue actors to trigger sensitive user actions without explicit permission. Researchers have identified two critical flaws that must be patched urgently to prevent further exploitation.

Published: Wed Jul 15 03:07:25 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

LabubaRAT: A Sophisticated Rust-Based Remote Access Trojan that Masquerades as NVIDIA Software

LabubaRAT, a new Rust-based remote access Trojan, has been discovered masquerading as NVIDIA software. Researchers have identified its advanced capabilities, including multiple communication methods and flexibility in its configuration. This malware poses a significant threat to Windows-based systems, emphasizing the need for increased vigilance and proactive security measures.

Published: Wed Jul 15 03:15:50 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

RabbitMQ Flaws Exposed: A Threat to Enterprise Messaging Infrastructure


RabbitMQ has been hit with two critical access control-related flaws that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. The discovery of these vulnerabilities marks another significant blow to the security landscape, highlighting the importance of staying vigilant in the ever-evolving world of cybersecurity.

Published: Wed Jul 15 03:22:52 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

11 Old Microsoft-Signed Linux UEFI Shims Pave the Way for Exploitable Secure Boot Vulnerabilities

Researchers have discovered 11 old Microsoft-signed UEFI shims that could be abused to bypass Secure Boot on most systems using modern firmware standards. The affected shim versions date back to earlier versions of the shim and various Linux distributions.

Published: Wed Jul 15 03:33:36 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Unveiling the Alarming Truth: Crypto Wallet Extensions Expose Users to Unprecedented Tracking Risks

A new study reveals that many popular crypto wallet extensions are exposing users to unprecedented tracking risks, including address leaks and cross-site attacks. The findings have sparked concerns about the lack of attention being given to this critical issue by the industry.

Published: Wed Jul 15 03:39:25 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Pentera Revolutionizes AI Security Workflows with Groundbreaking Validation Engines


Pentera has introduced its cutting-edge validation engines, transforming the way security teams approach vulnerability management and exploitation detection. This innovation provides a more comprehensive understanding of the attack surface, enabling organizations to make informed decisions about remediating vulnerabilities and streamlining their remediation processes.

By prioritizing validation-driven decision-making, security teams can better understand the attack surface, prioritize exploitation detection, and improve their ability to detect and respond to emerging threats. Discover how Pentera's validation engines are revolutionizing AI security workflows and enhancing the overall security posture of organizations worldwide.

Published: Wed Jul 15 03:46:43 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

OAuth Client ID Spoofing: A Novel Attack Vector Exposed by Microsoft Entra Credentials



A novel attack vector known as OAuth client ID spoofing has been exposed by Microsoft Entra credentials, allowing threat actors to enumerate user accounts and validate stolen credentials without generating a successful sign-in event. This technique relies on exploiting a blind spot in cloud sign-in telemetry and can be used to identify valid usernames and correct passwords at scale.

With the increasing adoption of OAuth client ID spoofing by threat actors, organizations must take immediate action to secure their identity providers and mitigate this vulnerability before it's too late.



Published: Wed Jul 15 03:54:25 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The U.S. Treasury Department's Office of Foreign Assets Control Designates First VPN Service and Malware Cryptor Seller Over Ransomware Support



The U.S. Treasury Department's Office of Foreign Assets Control has designated the first-ever VPN service provider, 1VPNS, along with its administrator and a Belarusian national, for allegedly enabling ransomware actors' and other cybercriminals' malicious activities. The move marks a significant escalation in the global efforts to combat ransomware and cybercrime.

Published: Wed Jul 15 04:10:44 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Npm Packages Disguised as Student Proxies Turned Browsers into a DDoS Botnet


In a disturbing incident, 148 npm packages disguised as student proxies turned browsers into a Distributed Denial-of-Service (DDoS) botnet, compromising thousands of devices worldwide. Learn more about the campaign and how to protect yourself against such attacks.

Published: Wed Jul 15 04:17:03 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The ShinyHunters Attack: A Year of Exploiting Trust to Steal Salesforce Data

Microsoft recently mapped three distinct attack paths used by the ShinyHunters group to breach corporate Salesforce environments without exploiting any vulnerabilities within the platform itself. The attackers relied on OAuth connections and third-party vendors to gain trust, which allowed them to walk into these secure realms undetected.

Published: Wed Jul 15 04:27:40 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

CrashStealer: A Sophisticated macOS Malware Utilizing Notarized Droppers to Evade Gatekeeper Checks

CrashStealer: A Sophisticated macOS Malware Utilizing Notarized Droppers to Evade Gatekeeper Checks

Published: Wed Jul 15 04:34:51 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Growing Threat Landscape: A Delicate Dance Between Vulnerabilities and Security Measures

Recent developments in the cybersecurity landscape have highlighted a growing threat of vulnerabilities and security breaches, with AI-powered attacks becoming increasingly sophisticated.

Published: Wed Jul 15 04:47:00 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email


Recent research reveals a novel attack method called "MemGhost" that tricks AI agents into planting persistent false memories through a single email. This sophisticated attack highlights the need for enhanced security measures to protect sensitive information and underscores the importance of collaboration between researchers, developers, and organizations to address these vulnerabilities.

Published: Wed Jul 15 04:53:38 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Meta Files Patent for AI That Can Listen All Day and Track How You're Feeling


Meta Platforms has filed a patent application for an AI system that can continuously listen to users' voices throughout the day and analyze their emotional states. The system would track how users are feeling based on the way they speak, including their tone, pace, and even biometric signals such as pupil size and eye moisture. The implications of this technology raise concerns about data protection and privacy, highlighting the ongoing debate about the ethics of using AI for surveillance and monitoring.

Published: Wed Jul 15 05:05:24 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Cybersecurity Imperative: Unlocking Human Potential through Autonomous AI Systems

As cybersecurity operations become increasingly overwhelmed, experts are exploring innovative solutions like autonomous AI systems and analyst copilots. Learn how combining these technologies can revolutionize threat detection and response in this in-depth article.

Published: Wed Jul 15 05:11:46 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Rise of AI-Generated Malware: A New Era in Cyber Threats



A new era in cyber threats has emerged with the rise of AI-generated malware. Cybersecurity researchers have flagged an incident in which an unknown threat actor leveraged a PowerShell script to map Active Directory environments, compromising domain-joined Windows servers. The attack highlights the growing sophistication and danger posed by AI-generated malware and underscores the need for organizations to stay vigilant in the face of emerging threats.



Published: Wed Jul 15 05:26:05 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

SonicWall Warns of Active Exploitation of Two SMA 1000 Zero-Days

SonicWall has warned of the active exploitation of two SMA 1000 zero-days, including a Server-side request forgery (SSRF) issue and a post-authentication code injection flaw. Customers are strongly urged to upgrade to the latest hotfix releases as soon as possible to remediate these vulnerabilities.

Published: Wed Jul 15 05:32:56 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Patch Tuesday 2026: Microsoft Fixes Record-Breaking 621 CVEs Amidst Growing Cybersecurity Concerns


In a major push against cyber threats, Microsoft has released its July 2026 Patch Tuesday, setting a new record for the largest single-month security release in its history with 621 CVEs addressed. This update underscores the evolving threat landscape and highlights Microsoft's unwavering commitment to protecting users from emerging vulnerabilities.

Published: Wed Jul 15 05:39:05 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Global Cybercrime Ecosystem: U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses



The U.S. Treasury's Office of Foreign Assets Control has sanctioned two individuals and one entity for supplying tools and infrastructure to ransomware groups that have caused billions of dollars in losses to American businesses and critical infrastructure providers. The sanctions targeted a VPN provider and a cryptor seller, who were accused of enabling ransomware gangs to carry out attacks on U.S. companies and institutions.

Published: Wed Jul 15 05:47:00 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Evolution of Cyber Attacks: How AI-Generated Malware is Redefining Reconnaissance


A recent incident highlights the potential risks and consequences of utilizing AI-generated malware in reconnaissance. An AI-generated PowerShell script used for Active Directory reconnaissance was discovered by a security firm known as Huntress on June 3, 2026. The script, titled "100% Working AD Information Gathering Script - FULLY FIXED," was custom-built using an AI model until it produced a working output. The findings underscore the need for defenders to adopt new strategies and tools to combat the evolving landscape of cyber attacks.

Published: Wed Jul 15 05:53:24 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Malware Crisis: Nihon Kotsu's Cybersecurity Breach Raises Concerns About Taxi Industry Vulnerability


Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended
A recent cyberattack on Japan's largest taxi company, Nihon Kotsu, has disrupted its services and raised concerns about the vulnerability of the taxi industry to cyber threats. The breach, which occurred in July 2026, targeted Nihon Kotsu's hire car web order and reservation management system, telephone-based taxi dispatch service, and some internal systems. The company is working with external security experts to determine the scope of the security incident and identify the cause. If customer data was exposed, Nihon Kotsu will notify affected individuals and publicly disclose the incident as required by Japan's Act on the Protection of Personal Information.

Published: Wed Jul 15 06:01:24 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

New macOS Infostealer CrashStealer Utilizes Signed Apps to Evade Gatekeeper Security


New macOS infostealer CrashStealer has been discovered by Jamf Threat Labs, utilizing signed apps to bypass Gatekeeper security. The malware targets a wide range of applications and services, employs client-side encryption, and utilizes layered anti-debugging to evade detection. This sophisticated threat requires immediate attention from users and defenders alike.

Published: Wed Jul 15 06:06:49 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Lidl Notifies Customers of a Third-Party Data Breach Affecting Millions

Lidl Discloses Third-Party Data Breach Affecting Millions of Customers Across Germany, Belgium, and the Netherlands. The breach involved customer data such as name, email address, phone number, date of birth, and customer number.

Published: Wed Jul 15 06:11:33 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Growing Concern: U.S. CISA Adds Cisco IOS Flaw to Known Exploited Vulnerabilities Catalog


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Cisco IOS flaw, tracked as CVE-2008-4128, to its Known Exploited Vulnerabilities catalog due to multiple CSRF vulnerabilities in the HTTP Administration component of Cisco IOS 12.4 on the 871 Integrated Services Router. Experts recommend that private organizations review the catalog and address these vulnerabilities in their infrastructure to mitigate potential security risks.

Published: Wed Jul 15 06:16:12 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

EU Sanctions Russian FSB-Linked Hackers for Decades-Long Cyberespionage Campaign



The European Union has imposed sanctions on nine individuals and four entities linked to Russia's Federal Security Service (FSB) over a 15-year cyberespionage and critical infrastructure sabotage campaign. The move represents a significant escalation in the EU's efforts to hold accountable Russian actors responsible for destabilizing the region through cyber means.

Published: Wed Jul 15 06:21:26 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers

Millions of Odido customers' sensitive data were exposed in a recent cyberattack that has left Dutch authorities scrambling to identify those responsible. A telephone call made by a suspicious individual was key evidence in the investigation into the breach, which is believed to have been carried out by local hackers from the Netherlands.

Published: Wed Jul 15 06:27:59 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Critical Vulnerability Exposed: The Cursor Flaw and Its Implications for Windows Security


A critical vulnerability has been discovered in the popular version control tool, Cursor, allowing malicious cloned repositories to trigger arbitrary code execution on Windows systems with minimal user interaction. Learn more about the implications of this flaw and how to protect yourself from this type of attack.

Published: Wed Jul 15 07:35:38 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Compromised npm Packages Expose Devastating Supply Chain Vulnerabilities

Four compromised AsyncAPI npm packages have been found to be distributing a multi-stage botnet loader, exposing devastating supply chain vulnerabilities and highlighting the need for enhanced security measures in software development.

Published: Wed Jul 15 07:42:12 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The AsyncAPI npm Supply Chain Attack: A Sophisticated Malware Campaign


In July 2026, the AsyncAPI organization was compromised, with malicious code injected into four packages with over 2 million weekly downloads. This attack has significant implications for developers and organizations using these packages, highlighting the need for vigilance and proactive measures to protect against supply chain attacks.

Published: Wed Jul 15 07:47:38 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

U.S. CISA Adds SonicWall and Microsoft Flaws to Known Exploited Vulnerabilities Catalog: A Growing Concern for Cybersecurity


U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog: a growing concern for cybersecurity. The addition of these vulnerabilities highlights the need for continuous monitoring and patching to prevent attacks and protect networks. Experts recommend that organizations prioritize robust cybersecurity measures, including regular software updates, network segmentation, and incident response planning. Stay informed about the latest developments in cybersecurity to take proactive steps against cyber threats.

Published: Wed Jul 15 07:55:12 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Mega Hardware Vendor Dell Hit by Surprise Shutdowns Amid Microsoft Patch Tuesday Chaos


In a surprise move, Microsoft canceled its monthly security update, known as Patch Tuesday, for some Dell users due to unexpected shutdowns and overheating issues with certain devices equipped with Intel processors. The Windows maker has since halted the patching process while collaborating with Dell on a solution. As the incident raises questions about the reliability of Microsoft's quality control procedures, it highlights the ongoing debate over the balance between security patching and user experience.

Published: Wed Jul 15 09:16:18 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft’s Serial Tormentor Unleashes Another 0-Day: LegacyHive Brings Local Privilege Escalation Vulnerability


Microsoft’s serial tormentor has unleashed another 0-day vulnerability, known as LegacyHive. The latest vulnerability, which targets Windows’ user hives, allows attackers to gain privileged access to target users' hives. Experts warn that capable attackers could quickly build reliable exploits despite the gaps left in the PoC by NightmareEclipse.

Published: Wed Jul 15 09:37:50 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

SASE's Unseen Blind Spot: The Rise of AI-Driven Cyber Threats and the Need for a New Paradigm

The latest article from The Hacker News reveals that SASE's reliance on AI-powered security solutions has created an unforeseen blind spot that poses significant risks to enterprise security. Learn more about this emerging threat and how to mitigate it.

Published: Wed Jul 15 09:49:51 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

A New Window to Exploitation: The LegacyHive Vulnerability and Its Implications for Enterprise Security

A new Windows vulnerability has been discovered by Chaotic Eclipse, which could have far-reaching consequences for enterprise security. Learn more about the LegacyHive vulnerability and its implications.

Published: Wed Jul 15 09:56:35 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Approval Gap: A Critical Vulnerability in Ad Tech that Can Leave Your Site Exposed to Malicious Code

Discover how the "Approval Gap" in ad tech can leave your site exposed to malicious code. Learn about the critical vulnerability and actionable steps to close it. Read our latest article to find out how AI-driven ad tech is exacerbating this issue and what you can do to protect your organization.

Published: Wed Jul 15 10:02:00 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

CISA Sounds Alarm Over Trio of Exploited SharePoint Flaws

US Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations running Microsoft's SharePoint platform about three actively exploited vulnerabilities that pose significant security risks. These vulnerabilities include a spoofing bug, a remote code execution flaw, and a privilege escalation flaw. CISA has urged all organizations to harden their defenses by applying the latest security patches and verifying that Antimalware Scan Interface (AMSI) integration is enabled for each SharePoint web application.

Published: Wed Jul 15 11:19:50 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps: A Growing Concern for Cybersecurity


A new malicious framework known as OkoBot has been discovered that injects seed phrase phishing into Ledger and Trezor apps, posing a significant risk to hardware wallet users. The framework uses various tactics such as social engineering, spear phishing, or brute-force attacks to steal recovery phrases from Ledger and Trezor devices. Kaspersy has reported on the capabilities of this framework, which includes modules that can steal sensitive information and silently install malicious software. Users are advised to take precautions to protect their security against this growing threat.

Published: Wed Jul 15 12:31:07 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Windows Zero-Day Exploit: LegacyHive Brings Privilege Escalation Vulnerability to Fully Patched Systems

A new Windows zero-day exploit called LegacyHive has been discovered by Chaotic Eclipse, allowing attackers to elevate privileges on fully patched systems. This vulnerability targets the Windows User Profile Service (ProfSvc) and has significant implications for system security.

Published: Wed Jul 15 12:36:07 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

TuxBot v3 Evolution: A Breakthrough in LLM-Assisted IoT Botnet Development Raises Concerns About Cybersecurity


TuxBot v3 Evolution, an IoT botnet framework that has been reported to utilize large language models for its development, has raised concerns among security researchers and experts due to its potential to compromise numerous Internet-of-Things (IoT) devices. The discovery of the botnet highlights the growing dependence on AI-powered tools for malicious activities and emphasizes the need for heightened cybersecurity awareness. With its modular framework's lineage traced back to three different botnets, TuxBot v3 Evolution signals accelerated integration of features at the same time enabling a single developer to create a multi-pronged toolset with multiple C2 channels, a custom exploit VM, and a Go-based DDoS-for-hire panel.

Published: Wed Jul 15 14:35:11 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Warning: The Looming Threat of Russian APT Groups Targeting Critical Infrastructure Worldwide

US and allied Governments Warn of Rising Threat from Russian APT Groups Targeting Critical Infrastructure Worldwide

Published: Wed Jul 15 14:43:38 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Windows 0-day Exploit Leaked, Just Days After Microsoft Releases Record Number of Patches


A newly leaked Windows 0-day exploit has left Microsoft scrambling to address the issue, just days after releasing a record number of security patches. The HiveLegacy exploit enables low-privilege users to modify administrator accounts, prompting concerns about system security and prompting Microsoft to investigate and implement measures to mitigate its impact.

Published: Wed Jul 15 15:52:34 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ai Music App Suno Hacked: A Glimpse into the Extent of Music Scraped from Streaming Platforms

AI music generation platform Suno was hacked, exposing a vast amount of data used to build its models. The breach involved scraping of music clips from several popular streaming platforms and raised questions about fair use in AI music generation.

Published: Wed Jul 15 17:00:07 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The NameTag Enigma: Unraveling Meta's Face Recognition Technology

Meta's face recognition technology, NameTag, has sparked confusion over whether it exists or not. As the company deploys the feature, experts and users are left wondering about its implications for user privacy and the law.

Published: Wed Jul 15 17:06:35 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cyberattack Threatens Japan's Critical Infrastructure: KFC's Logistics Partner Nichirei Group Is Affected

A recent cyberattack has had a devastating impact on critical infrastructure in Japan, specifically affecting Nichirei Group, a Japanese purveyor of frozen foods and super-chill logistics services. The attack resulted in system failures that crippled the company's ability to conduct its operations, prompting KFC Japan to limit menu items and opening hours. As experts weigh in on the incident, it is clear that Japan's critical infrastructure is facing a new wave of cyber threats.

Published: Wed Jul 15 21:17:30 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Laxity in Law Firm Security Raises Concerns Over Data Vulnerability

According to a recent case, a single master password used by a law firm granted its users access to all client information, highlighting the importance of robust security measures and least privilege principles.

Published: Thu Jul 16 02:31:18 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Australian Airline Qantas Faces Off Against Tech Support Scam: A Glimpse into the Dark Underbelly of Cybersecurity

Australian Airline Qantas Faces Off Against Tech Support Scam: A Glimpse into the Dark Underbelly of Cybersecurity. In a shocking turn of events, Australian airline Qantas found itself embroiled in one of its most significant data breaches to date, with the personal identifiable information of approximately 5.7 million customers compromised by tech support scammers.

Published: Thu Jul 16 02:41:08 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Revival of Vintage Intel Macs: How OpenCore Legacy Patcher Is Bringing Older Systems Back to Life


Liam Proven successfully revived an 11-year-old Intel Mac using the OpenCore Legacy Patcher and installed the latest version of macOS Sequoia on it. The patcher enables users to install newer versions of macOS on unsupported older systems, but some compatibility issues remain unaddressed. This article delves into the author's experience with OCLP and offers insights into reviving vintage Intel Macs.

Published: Thu Jul 16 03:48:34 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Zoom Patches Critical Windows Flaw That Could Enable Account Takeover

Zoom has issued critical security updates for a vulnerability that could potentially enable account takeover via network access, affecting multiple products including Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. Apply the latest patches to protect yourself from potential exploitation.

Published: Thu Jul 16 04:06:35 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug

Zoom has fixed a critical vulnerability, tracked as CVE-2026-53412, that could allow unauthenticated attackers to hijack user accounts on Windows systems. Users should update to the latest versions of Zoom's software immediately to ensure they have the necessary security patches.

Published: Thu Jul 16 04:24:44 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

OpenAI's GPT-Red Revolutionizes Red Teaming: Automating Prompt Injection Testing to Harden GPT-5.6 Sol

OpenAI's latest innovation, GPT-Red, revolutionizes red-teaming by automating prompt injection testing, hardening its flagship language model GPT-5.6 Sol against malicious attacks.

Published: Thu Jul 16 05:45:26 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Claude Code and DeepSeek: A Chinese Cyber Espionage Campaign Leveraging Artificial Intelligence for Mass Surveillance



A sophisticated Chinese cyber espionage campaign has been uncovered, leveraging artificial intelligence to automate attacks on government systems, financial institutions, and supply chain companies across multiple countries. Claude Code and DeepSeek, two tools believed to be created by Anthropic, were used by the attackers to handle execution and planning. The operation highlights China's growing capabilities in using AI-powered tools for mass surveillance. Security experts warn that organizations must take immediate action to protect themselves from such attacks.

Published: Thu Jul 16 06:05:48 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Persistent Plight of Windows 10: A Looming Security Threat

Windows 10's stubborn refusal to die poses a significant security threat, with one in six machines still relying on it for daily functions. As support options dwindle, organizations must act quickly to migrate to Windows 11 and address the growing gaps in security protection.

Published: Thu Jul 16 07:33:53 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Telegram Shortlinks Knocked Offline Amidst US Sanctions on Ransomware-Favored VPN Service

Telegram's t.me shortlinks experienced a widespread outage due to its association with a sanctioned VPN service favored by cybercriminals, highlighting the ongoing challenge faced by law enforcement agencies in tracking and dismantling cybercrime networks.

Published: Thu Jul 16 07:40:52 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

New "Agent Data Injection" Attack Can Hijack AI Agents by Misdirecting Trained Data


A new attack known as Agent Data Injection (ADI) has been identified, where malicious actors can manipulate data in AI systems to trick them into executing unintended commands. The vulnerability lies in the way these models process structured data and can be exploited by introducing specially crafted punctuation marks into fields containing trusted information.

Published: Thu Jul 16 07:53:12 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Daxin Resurfaces: A Slightly Reinvigorated Threat Actor Leans on Stupig to Steal the Show

Daxin Resurfaces: A Slightly Reinvigorated Threat Actor Leans on Stupig to Steal the Show

A China-linked threat actor has resurfaced after more than four years, using a previously unknown backdoor dubbed Stupig. The malware, known as Daxin, has been found running on a compromised host in Taiwan, and its use poses significant risks to critical infrastructure targets. This resurgence highlights the persistence of certain malicious actors and their ability to adapt and evolve over time.

Published: Thu Jul 16 07:59:39 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

AI Can Find Bugs, But Human Knowledge Still Proves Them: The Evolution of Offensive Security


AI can find bugs, but human knowledge still proves them. In a recent article from The Hacker News, the platform sheds light on an often-overlooked aspect of offensive security: human knowledge's role in proving vulnerabilities found by artificial intelligence (AI) tools.

Published: Thu Jul 16 08:06:52 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Catastrophic Vacuum Flaw: The SharkNinja Vulnerability Exposed

Unpatched Shark vacuum flaw could let attackers control other vacuums region-wide, a recent vulnerability disclosure by researcher tokay0 has revealed. The issue highlights the need for manufacturers to prioritize product security and for users to take immediate action to protect themselves.

Published: Thu Jul 16 08:13:32 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

TuxBot v3: A Lethal IoT Botnet Built With AI, Exposing Critical Security Flaws


TuxBot v3 is an AI-built IoT botnet with numerous critical security flaws, including a failure to import password hashing algorithms correctly and bugs caused by its large language model (LLM) code generator. The botnet was designed to exploit vulnerabilities in IoT devices, but it has 70% functionality, making it a potential threat to device owners.

Published: Thu Jul 16 08:19:45 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Demystifying AI-Assisted Vulnerability Management: A Comprehensive Blueprint for Secure Enterprise Defense

A new blueprint has been unveiled by Google Cloud and Mandiant, providing actionable guidance on how organizations can safely integrate large language models (LLMs) into their vulnerability management workflows. The blueprint emphasizes the importance of combining AI capabilities with deterministic controls and human intelligence in strategic ways, while also highlighting the need for human oversight and a selective deployment strategy.

Published: Thu Jul 16 09:37:41 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Britain's Largest Cybercrime Conviction: The Sentence Imposed on Scattered Spider Duo for Transport for London Attack


The British justice system has handed down sentences to the individuals responsible for what was described as one of the most significant cybercrime incidents in UK history, with Owen Flowers and Thalha Jubair receiving five and a half years in prison each for their roles in the 2024 attack on Transport for London. The case highlights the complexities and challenges associated with investigating and prosecuting cybercrime offenses.

Published: Thu Jul 16 09:44:40 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

n8n Token Exchange Flaw Leaves Users Vulnerable to Identity Theft via Misaligned Issuer-Subject Claims

n8n workflow automation platform has revealed a critical vulnerability that allows attackers to bypass authentication and gain unauthorized access to user accounts by exploiting a flaw in its token exchange feature. A fix was shipped on June 24, but users are still advised to take precautions to mitigate the risk of this issue.

Published: Thu Jul 16 09:53:20 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

Newly Documented macOS Stealer "ClickLock" Targets Trusting Mac Users via Social Engineering

Recently discovered macOS information stealer "ClickLock" targets trusting Mac users via social engineering tactics, exploiting vulnerabilities in the operating system's Terminal application. According to threat intel outfit Group-IB, at least 100 victims have been targeted across 33 countries, with more than half located in Europe.

Published: Thu Jul 16 11:05:34 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Ongoing War on Cybersecurity: A Year of Exploitation, Deception, and Innovation


The cybersecurity landscape has been a battleground for malicious actors, innovators, and defenders alike over the past year. The ongoing struggle against cyber threats continues to evolve, with new tactics, techniques, and procedures (TTPs) being employed by attackers and countered by the resilience of the cybersecurity community. This article delves into the various trends and challenges that have emerged in the world of cybersecurity, from the proliferation of spyware and ransomware attacks to the increasing use of artificial intelligence (AI) and machine learning (ML) by cyber attackers.

Published: Thu Jul 16 11:15:14 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Infamous Scattered Spider Hackers: A Cautionary Tale of Cybercrime and Accountability



Two scattered spider hackers have been sentenced to five and a half years each for their role in the £29 million TfL hack. The duo's actions resulted in significant disruption to TfL's services and highlighted the importance of cybersecurity awareness and accountability. Read more about this shocking case and its implications for individuals and organizations.

Published: Thu Jul 16 13:35:19 2026 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Dark Side of Cybercrime: The Scattered Spider Group's £29 Million TfL Attack



The £29 million Transport for London (TfL) cyberattack in 2024 was carried out by members of the Scattered Spider group. The attack, which disrupted transport services and exposed customer data, highlighted the growing threat posed by advanced persistent threats (APTs). Law enforcement agencies have since made significant progress in dismantling the group's operations, with two key members being extradited to the US in July 2026.

Published: Thu Jul 16 13:43:52 2026 by llama3.2 3B Q4_K_M



SecurityWeek

Legacy Systems, Real-World Impacts: The Reality of OT Security

Two Scattered Spider Hackers Sentenced to Jail in UK

AI Data Centers Are Being Built Faster Than They Can Be Secured

‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing

Oak Emerges From Stealth Mode With $60 Million in Funding

Splunk, Zoom Patch Critical Vulnerabilities

F5 Patches Multiple NGINX, BIG-IP Vulnerabilities

China’s Top Cybersecurity Firms Hit by Mounting Military Procurement Bans

Old UEFI Shims Expose Systems to Secure Boot Bypass

Nightmare Eclipse Drops ‘LegacyHive’ Windows Zero-Day

CISA News

CISA and Partners Publish Guidance to Help Software Manufacturers and Online Service Providers Work With Security Researchers

CISA Joins NSA, FBI, DC3 and International Partners Warning of Russian Cyber Threat Activity Targeting Communications, Energy, Government and Other Critical Infrastructure Sectors

CISA Announces New Advisory Council to Strengthen Partnerships and Secure Critical Infrastructure

New CISA Guide Assists Federal Agencies with Transitioning to Modernized Zero Trust Architectures

CISA Issues New Directive Improving How Federal Agencies Prioritize the Mitigation of Cyber Vulnerabilities

CISA Announces Winners of the 2026 President’s Cup Cybersecurity Competition

CISA Urges Stronger Security for Automatic Tank Gauge Systems

CISA Announces Revised Town Hall Schedule to Engage with Stakeholders on Cyber Incident Reporting for Critical Infrastructure

CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form

CISA Unveils New Initiative to Fortify America’s Critical Infrastructure

CISA Blog

Lessons from CISA’s Cyber Incident

Five Eyes Cyber Security Agencies Statement

CISA Offers Vital Resources as Venues Prepare for Key 2026 Events

Patch Smarter, Not Harder

NCSWIC releases additional content in its NCSWIC Video Series

CISA Highlights Vital Resources to Help Event Attendees Stay Safe

Preparing for the World Stage

Securing the American Experience

The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX

Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships

All CISA Advisories

Rockwell Automation CompactLogix, ControlLogix, Compact GuardLogix and GuardLogix

Rockwell Automation Flex 5000 Adapter

Siemens SICAM 8

SALTO ProAccess Space

Rockwell Automation FactoryTalk DataMosaix

NASA Core Flight System (cFS) Health & Safety (HS) Application

Rockwell Automation Arena

AutomationDirect Productivity Suite

Rockwell Automation 1756-EN2, 1756-EN3, and 1756-ENBT

Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers

CISA Adds Two Known Exploited Vulnerabilities to Catalog

ABB Advant Master Online Builder

Rockwell Automation 1715-AENTR EtherNet/IP Adapter

ABB Ability Edgenius

CISA Urges SharePoint Hardening After New Exploitations

ABB T-MAC Plus

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog

OpenPLC v3

Schneider Electric Easergy MiCOM Px40 Series

Schneider Electric PowerChute Serial Shutdown

Hydro-Qu bec Le Circuit Electrique charging station backend

CISA Adds One Known Exploited Vulnerability to Catalog

Labcenter Proteus 9

Siemens Mendix Studio Pro

Hitachi Energy e-mesh EMS

Siemens SINEC OS

Hitachi Energy PROMOD V

Exploit-DB.com RSS Feed

[webapps] Krayin CRM v2.2.x - Authenticated Remote Code Execution

[webapps] Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure

[webapps] Langflow 1.9.0 - RCE

[webapps] Joomla Page Builder CK 3.5.10 - Arbitrary File Upload

[webapps] MCPJam Inspector - Remote Code Execution

[local] ProtonVPN v4.4.1 - Unquoted Service Path

[webapps] Flowise 3.1.3 - arbitrary code execution

[remote] Hydra - Stack Buffer Overflow

[webapps] Discuz! X5.0 - Authentication Bypass

[webapps] Tenable Nessus 10.12.1 - SQL Injection

[webapps] WordPress Bricks Builder Theme - RCE

[remote] iOS Bluetooth PAN Exploit - Ethernet Gateway without Adapter

[webapps] Joomla Extension 4.1.4 - PHP Object injection

[webapps] Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass

[local] MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation

[webapps] KeepInMind 0.8.4.2 - Stored XSS

[webapps] KNX visualisering - Broken Access Control

[local] Windows Defender (MsMpEng.exe) - Race Condition

[webapps] WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting (XSS)

[webapps] OpenEMR 7.0.2 - Arbitrary File Read

[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection

[webapps] WordPress OrderConvo 14 - Path Traversal

[remote] Notepad++ 8.9.6 - Arbitrary Code Execution

[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting

[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration

[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection

[remote] Microsoft - NTLMv2 Hash Capture

[webapps] MikroORM 7.0.13 - SQL Injection

[webapps] Prodigy Commerce 3.3.0 - Local File Inclusion

[webapps] Langflow 1.3.0 - Remote Code Execution

[webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution

[local] ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion

[local] ZTE Routers - Unauthenticated Denial of Service

[local] ZTE ZXHN H188A V6 - Authentication Bypass

[local] ZTE H298A / H108N - Unauthenticated Credential Exposure

[local] Linux Kernel - Local Privilege Escalation

[webapps] MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution

[remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution

[webapps] CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)

[remote] strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow

[dos] strongSwan 5.9.13 - DoS

[local] Linux Kernel - Local Privilege Escalation

[webapps] Casdoor 3.54.1 - Arbitrary File Write via Path Traversal

[webapps] EspoCRM 9.3.3 - SSRF

[webapps] scramble - Remote Code Execution

[hardware] MeiG Smart FORGE_SLT711 - OS Command Injection

[local] Realtek rtl819x - Local Privilege

[webapps] OpenCATS 0.9.7.4 - SQL Injection

[webapps] Grav CMS 2.0.0-beta.2 - Remote Code Execution

Full Disclosure

[NotCVE-2026-0001] Cloudflare Universal SSL CAA augmentation weakens RFC 8657 account binding CVE-2026-14440 assigned 163 days after public no-CVE disclosure

Subject: Advisory Submission: EZ Game Booster - Cleartext Storage of Sensitive Credentials (CWE-312)

CVE-2026-56877 - Skillable SCORM userId authorisation bypass

[REVIVE-SA-2026-003] Revive Adserver Vulnerabilities

OPNsense XPATH Injection (CVE-2026-53582)

SCHUTZWERK-SA-2025-001: Authentication Bypass for SafeLine SL6 and SL6+

Whistleblowersoftware.com: confidentiality and anonymity leakage to third parties

OpenBlow Multiple Deanonymization Vulnerabilities

Whistlelink: Site-access password exposed in web server access logs via GET query string

APPLE-SA-06-29-2026-3 Safari 26.5.2

APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2

APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2

pwnlift: symlink following and TOCTOU in privileged upload handler allow arbitrary file write as root

[KIS-2026-12] Control Web Panel <= 0.9.8.1224 (userRes) SQL Injection Vulnerability

[fulldis] CVE-2026-58451 - Horde Groupware IMP path traversal vuln

Open Source Security

Multiple vulnerabilities in ntfs-3g

CVE-2026-26032: Apache Ivy: PackagerResolver path traversal vulnerability

SELinux Userspace Utilities: Local Denial-of-Service Attack Vectors in seunshare in release 3.10

CVE-2026-57821: Apache Fineract: Office list: SQL Injection via Subquery in orderBy

CVE-2026-56287: Apache Fineract: Boolean SQL Injection in Client Search API (orderBy parameter) leading to Local File Disclosure

CVE-2026-35152: Apache Fineract: SQL injection in runreports endpoint

CVE-2026-15747: Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle

CVE-2026-15392: DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location

CVE-2026-60081: DBI::ProfileData versions before 1.651 for Perl do not limit the path index

CVE-2026-60082: DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row

Xen Security Advisory 498 v2 (CVE-2026-42491) - XAPI: Missing TLS verification in some SDKs

Re: new af_alg exploit in the wild?

CVE-2026-49488: Apache OpenMeetings: Arbitrary File Read

CVE-2026-15043: DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted <= and >= SQL operators on text

CVE-2026-59084: Apache Tomcat: EncryptInterceptor requirements not clearly documented








© Ethical Hacking News . All rights reserved.

Privacy | Terms of Use | Contact Us