Cyber Security
Application Security
CISA Adds ColdFusion, Langflow, Two Joomla CVEs to KEV
Andrew Doyle
July 8, 2026
CISA added four actively exploited flaws to KEV on July 7, requiring federal agencies to patch ColdFusion, Langflow, and two Joomla extensions by July 10.
CVE Vulnerability Alerts
Ubiquiti Patches Seven Critical UniFi OS Flaws, 100K at Risk
Mitchell Langley
July 8, 2026
Ubiquiti patched seven critical-to-maximum severity flaws in UniFi OS, led by CVE-2026-50746, a command injection requiring only network access to exploit.
Cybersecurity
Accenture Confirms Breach After Hacker Lists 35 GB for Sale
Gabby Lee
July 8, 2026
Threat actor '888' listed 35 GB of Accenture source code, RSA keys, SSH keys, and Azure access tokens for sale on a criminal forum in ...
Cybersecurity
Cisco Talos Exposes UAT-7810 LONGLEASH Backdoor on Ruckus Routers
Mitchell Langley
July 8, 2026
Cisco Talos disclosed UAT-7810, a China-linked APT building the LapDogs ORB relay network using LONGLEASH malware on compromised Ruckus and ASUS routers.
Cybersecurity
UK NCSC Publishes Cyber Shield Blueprint for AI Defense
Andrew Doyle
July 8, 2026
The UK NCSC published its Cyber Shield blueprint on July 7, outlining autonomous AI agents to discover and remediate vulnerabilities across government networks.
Application Security
BonkDAO Loses $20M After Attacker Buys Quorum with ~$4M
Mitchell Langley
July 8, 2026
An attacker spent approximately $4 million on BONK tokens to control 99.9% of votes in a low-turnout ballot and drain $20 million from BonkDAO's Solana ...
Cybersecurity
Eight Predatorgate Victims Sue Intellexa for €8 Million
Mitchell Langley
July 8, 2026
Eight victims of the Greek Predatorgate spyware scandal filed a €8 million civil lawsuit against Intellexa and founder Tal Dilian in a Greek court on ...
CVE Vulnerability Alerts
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
Andrew Doyle
July 7, 2026
CVE-2026-53359 Januscape is a 16-year-old Linux KVM use-after-free that allows guest VM escape to the host on Intel and AMD systems. Patches are available.
Cybersecurity
Operation DragonReturn: DcRAT Targets India Tax Professionals
Andrew Doyle
July 7, 2026
China-nexus Operation DragonReturn deploys DcRAT via a cloned Indian tax utility, targeting tax professionals and accountants during India's filing season.
Cybersecurity
UK Cyber Resilience Pledge Draws 60 Signatories, Including Capita
Mitchell Langley
July 7, 2026
UK Technology Secretary Liz Kendall launched the Cyber Resilience Pledge with 60 signatories, including Capita, despite its ICO fine for a ransomware breach.
Cybersecurity
CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data
Mitchell Langley
July 7, 2026
Canada's CSE confirmed offensive cyber operations against ransomware gangs, including destroying a gang's full infrastructure and deleting stolen victim data.
Application Security
GitLost Prompt Injection Leaks Private GitHub Repos via Public Issues
Gabby Lee
July 7, 2026
Noma Security's GitLost technique tricks GitHub Agentic Workflows into leaking private repository contents via public issue comments, with no patch available.
Application Security
WriteOut Flaw Let Attackers Hijack Any Writer AI Enterprise Account
Andrew Doyle
July 7, 2026
Sand Security found a one-click session isolation flaw in Writer AI letting attackers access any enterprise tenant's private models, credentials, and documents.
Cybersecurity
Japan Arrests Teen Who Used ChatGPT to Cancel 46,812 Bandai Accounts
Gabby Lee
July 7, 2026
Tokyo police arrested a 15-year-old who used ChatGPT to generate attack code that canceled 46,812 Bandai Channel streaming accounts in under four hours.
Application Security
BeyondTrust CVE-2026-40138 Auth Bypass Left Self-Hosted Users Exposed
Andrew Doyle
July 7, 2026
BeyondTrust patched a CVSS 9.2 auth bypass in Remote Support and PRA for SaaS users months ago but withheld notice from self-hosted operators until July ...
CVE Vulnerability Alerts
CERT/CC Finds Hidden Admin Backdoor CVE-2026-11405 in Tenda Firmware
Gabby Lee
July 7, 2026
CERT/CC disclosed CVE-2026-11405, a hidden backdoor in Tenda router firmware granting unauthenticated full admin access. No vendor patch is available.
Application Security
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Gabby Lee
July 7, 2026
Adobe ColdFusion CVE-2026-48282 (CVSS 10) moved from PoC release to confirmed in-the-wild exploitation in under two hours, according to KEVIntel honeypot data.
Cybersecurity
Unit 42 Exposes EtherRAT: Teams Calls Deliver Blockchain-Backed RAT
Andrew Doyle
July 7, 2026
Unit 42 exposed an active campaign using fake Microsoft Teams IT support calls to install EtherRAT, a Node.js RAT whose C2 runs on Ethereum smart ...
Application Security
UNK_MassTraction Exploits Roundcube XSS to Hit US Physics Departments
Andrew Doyle
July 7, 2026
Proofpoint named UNK_MassTraction, a China-aligned group using Roundcube CVE-2024-42009 to steal credentials and 2FA tokens from university physics departments.
Cybersecurity
Fake Job Interview Phishing Hits Marketing Pros Across 30 Brand Lures
Gabby Lee
July 7, 2026
Attackers posing as 30-plus major brand recruiters use fake job interviews to steal Google credentials from marketing professionals who manage ad platforms.
Application Security
CISA Adds ColdFusion, Langflow, Two Joomla CVEs to KEV
Andrew Doyle
July 8, 2026
Cybersecurity
CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data
Mitchell Langley
July 7, 2026
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Mitchell Langley
July 2, 2026
TOP CYBERSECURITY HEADLINES
Cybersecurity
UK NCSC Publishes Cyber Shield Blueprint for AI Defense
Application Security
BonkDAO Loses $20M After Attacker Buys Quorum with ~$4M
Cybersecurity
Eight Predatorgate Victims Sue Intellexa for €8 Million
This Week’s Security Spotlight
Cybersecurity
Cisco Talos Exposes UAT-7810 LONGLEASH Backdoor on Ruckus Routers
Mitchell Langley
July 8, 2026
Application Security
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Gabby Lee
July 7, 2026
Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Mitchell Langley
July 2, 2026
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
Gabby Lee
July 2, 2026
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Cisco Talos Exposes UAT-7810 LONGLEASH Backdoor on Ruckus Routers
July 8, 2026
Cisco Talos disclosed UAT-7810, a China-linked APT building the LapDogs ORB relay network using LONGLEASH malware on compromised Ruckus and ASUS routers.
UK NCSC Publishes Cyber Shield Blueprint for AI Defense
July 8, 2026
The UK NCSC published its Cyber Shield blueprint on July 7, outlining autonomous AI agents to discover and remediate vulnerabilities across government networks.
BonkDAO Loses $20M After Attacker Buys Quorum with ~$4M
July 8, 2026
An attacker spent approximately $4 million on BONK tokens to control 99.9% of votes in a low-turnout ballot and drain $20 million from BonkDAO's Solana ...
Eight Predatorgate Victims Sue Intellexa for €8 Million
July 8, 2026
Eight victims of the Greek Predatorgate spyware scandal filed a €8 million civil lawsuit against Intellexa and founder Tal Dilian in a Greek court on ...
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
July 7, 2026
CVE-2026-53359 Januscape is a 16-year-old Linux KVM use-after-free that allows guest VM escape to the host on Intel and AMD systems. Patches are available.
Operation DragonReturn: DcRAT Targets India Tax Professionals
July 7, 2026
China-nexus Operation DragonReturn deploys DcRAT via a cloned Indian tax utility, targeting tax professionals and accountants during India's filing season.
UK Cyber Resilience Pledge Draws 60 Signatories, Including Capita
July 7, 2026
UK Technology Secretary Liz Kendall launched the Cyber Resilience Pledge with 60 signatories, including Capita, despite its ICO fine for a ransomware breach.
CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data
July 7, 2026
Canada's CSE confirmed offensive cyber operations against ransomware gangs, including destroying a gang's full infrastructure and deleting stolen victim data.
GitLost Prompt Injection Leaks Private GitHub Repos via Public Issues
July 7, 2026
Noma Security's GitLost technique tricks GitHub Agentic Workflows into leaking private repository contents via public issue comments, with no patch available.
WriteOut Flaw Let Attackers Hijack Any Writer AI Enterprise Account
July 7, 2026
Sand Security found a one-click session isolation flaw in Writer AI letting attackers access any enterprise tenant's private models, credentials, and documents.
Japan Arrests Teen Who Used ChatGPT to Cancel 46,812 Bandai Accounts
July 7, 2026
Tokyo police arrested a 15-year-old who used ChatGPT to generate attack code that canceled 46,812 Bandai Channel streaming accounts in under four hours.
BeyondTrust CVE-2026-40138 Auth Bypass Left Self-Hosted Users Exposed
July 7, 2026
BeyondTrust patched a CVSS 9.2 auth bypass in Remote Support and PRA for SaaS users months ago but withheld notice from self-hosted operators until July ...
CERT/CC Finds Hidden Admin Backdoor CVE-2026-11405 in Tenda Firmware
July 7, 2026
CERT/CC disclosed CVE-2026-11405, a hidden backdoor in Tenda router firmware granting unauthenticated full admin access. No vendor patch is available.
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
July 7, 2026
Adobe ColdFusion CVE-2026-48282 (CVSS 10) moved from PoC release to confirmed in-the-wild exploitation in under two hours, according to KEVIntel honeypot data.
Unit 42 Exposes EtherRAT: Teams Calls Deliver Blockchain-Backed RAT
July 7, 2026
Unit 42 exposed an active campaign using fake Microsoft Teams IT support calls to install EtherRAT, a Node.js RAT whose C2 runs on Ethereum smart ...
UNK_MassTraction Exploits Roundcube XSS to Hit US Physics Departments
July 7, 2026
Proofpoint named UNK_MassTraction, a China-aligned group using Roundcube CVE-2024-42009 to steal credentials and 2FA tokens from university physics departments.
Fake Job Interview Phishing Hits Marketing Pros Across 30 Brand Lures
July 7, 2026
Attackers posing as 30-plus major brand recruiters use fake job interviews to steal Google credentials from marketing professionals who manage ad platforms.
North Korea PolinRider Poisons 108 Packages via Compromised Accounts
July 6, 2026
North Korea's PolinRider campaign used stolen maintainer credentials to push malicious updates to 108 packages across npm, Packagist, Go, and Chrome Web Store.
CVE-2026-33697: Attested TLS Relay Flaw Hits WhatsApp, Cocos AI
July 6, 2026
CVE-2026-33697 lets relay attacks redirect confidential computing traffic without breaking attestation, affecting WhatsApp, Cocos AI, and Edgeless Systems.
QuimaRAT MaaS Sells Cross-Platform Java RAT for Windows, Linux, macOS
July 6, 2026
QuimaRAT is a new Java-based malware-as-a-service RAT sold from $150 per month that targets Windows, Linux, and macOS enterprise and developer environments.























