❌

Normal view

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

15 July 2026 at 05:30
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 (CVSS score: 10.0) - A Server-side request forgery (SSRF) vulnerability that a remote unauthenticated attacker could exploit to

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

14 July 2026 at 20:25
Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft's own CVEs by itsΒ Security Update GuideΒ count, more than tripleΒ June's previous high of around 200. Those two live bugs are the ones to grab first. Microsoft credits incident responders for both. Both are

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

14 July 2026 at 18:17
SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could

Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

14 July 2026 at 17:27
Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai; the difference is scope. Anthropic restricted the arbitrary-prompt path in May as part of its response to theΒ 

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

14 July 2026 at 16:52
Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. "LabubaRAT creates a reusable foothold for hands-on activity," Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today. "Once deployed, it can profile the host,

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

14 July 2026 at 13:48
Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo's security team, which discovered and reported the flaws, said one "leaks the broker's confidential OAuth

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

14 July 2026 at 12:46
Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware,"

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

14 July 2026 at 11:55
Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or

How Pentera Turns AI Security Workflows into Validation Engines

14 July 2026 at 11:30
AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data. That fragmentation matters because attackers do not move through environments one

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

14 July 2026 at 11:21
At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad actors have begun

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

14 July 2026 at 09:02
xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

14 July 2026 at 08:02
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

14 July 2026 at 07:08
A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research fromΒ JFrog. The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site and let the students who came to dodge

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

14 July 2026 at 06:19
Attackers whose methods line up with the data-extortion groupΒ ShinyHuntersΒ have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it. InΒ 

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

13 July 2026 at 17:36
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs. "It validates the victim's login password locally before

Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found

13 July 2026 at 17:17
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain. The

⚑ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

13 July 2026 at 15:05
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don't file tickets. That's the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue too

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email

13 July 2026 at 13:49
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact" about the user, hide the change, and quietly steer its answers in later sessions. When it works, the person reads an ordinary-looking reply and never learns their assistant was tampered with. The

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

13 July 2026 at 13:03
A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishing

Meta Files Patent for AI That Can Listen All Day and Track How You're Feeling

13 July 2026 at 11:54
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read. Each read gets pinned to the moment it happened: the time, your location, what you were doing, even how you were using your phone. Some versions in the filing would listen all day; others would

❌