Cyber Security
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
DeepSeek Built Browser Ransomware Using Chrome File System API
Scattered Spider Suspect Peter Stokes Extradited From Finland
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
BioShocking Attack Turns AI Browsers Into Credential Thieves
Working Exploit Published for LoadMaster CVE-2026-8037 RCE
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
Three Daktronics Controller Flaws Allow Remote Highway Sign Hijack
Gitea CVE-2026-20896 Auth Bypass Exploited via One HTTP Header
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store
Public PoC Drops for Critical libssh2 Flaw CVE-2026-55200
Hijacked npm and Go Packages Exploit VS Code MCP to Deploy Infostealer
SBU and FBI Expose Russian FSB and GRU Signal Key Theft Campaign
US Offers $10M Bounty for Russian Hackers UNC5792 and UNC4221
Mozilla 0DIN Shows AI Coding Agents Can Be Tricked via DNS TXT
White House Cybersecurity Review Restricts GPT-5.6 and Anthropic
Athena Coalition Finds 20,000+ Flaws in 500 Open-Source Projects
Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce
Law Enforcement Clears 15,000 SocGholish WordPress Sites
Cybersecurity
Trump Administration Lifts Claude Fable 5 Access Restrictions
The Trump administration reversed Commerce Department restrictions on Anthropic's Fable 5, restoring global access while Mythos 5 stays limited to vetted U.S. organizations.
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Sysdig identified JADEPUFFER, the first ransomware campaign run by an LLM autonomous agent exploiting CVE-2026-33017 in Langflow to complete full attack chains without human operators.
Application Security
CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog
CISA confirmed active exploitation of CVE-2026-45659, a CVSS 8.8 SharePoint Server deserialization flaw enabling authenticated remote code execution in enterprise environments.
Application Security
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Red teamers showed that email inbox prompt injection turns Claude Desktop into a reverse shell when MCP connectors with command execution are installed.
Application Security
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
Adobe patched seven maximum-severity CVSS 10.0 vulnerabilities in ColdFusion and Campaign Classic, enabling unauthenticated code execution and privilege escalation.
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
Qilin listed Chamco Industries on its dark web extortion portal, threatening to leak stolen data in its latest attack on a Canadian manufacturing company.
Cybersecurity
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
SOCRadar confirmed FortiBleed hit 430,000 FortiGate firewalls with sniffers on 19,000 devices, linking the operation to INC Ransom and Lynx ransomware groups.
Application Security
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
Synacktiv disclosed an unpatched unauthenticated RCE in Argo CD's repo-server component that can lead to full Kubernetes cluster takeover with no fix currently available.
Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the sandbox and execute system commands.
Cybersecurity
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
ChocoPoC, a new remote access trojan, targets vulnerability researchers through trojanized proof-of-concept exploit repositories on GitHub, stealing credentials and establishing backdoors.
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
Check Point researchers showed DeepSeek generated InfernoGrabber 9000, near-functional browser ransomware using Chrome's File System Access API to encrypt files across four OS platforms.
Cybersecurity
Scattered Spider Suspect Peter Stokes Extradited From Finland
Peter Stokes, 19, a dual U.S.-Estonian citizen, was extradited from Finland to face federal computer fraud and conspiracy charges linked to the Scattered Spider hacking ...
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Citrix patched six NetScaler ADC and Gateway vulnerabilities including a new HTTP/2 Bomb denial-of-service vector and information disclosure flaws similar to the CitrixBleed session token ...
Application Security
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) is under active attack, with honeypots logging crafted XML payloads targeting the /OA_HTML endpoint.
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Apple's iOS 26.2 and macOS Tahoe 26.2 updates patch 30-plus flaws, including four WebKit vulnerabilities co-discovered by OpenAI and Anthropic AI systems.
Application Security
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
CISPA researchers disclosed six vulnerabilities in Apple AirDrop and Android Quick Share exposing more than five billion active devices to proximity attacks.
Application Security
BioShocking Attack Turns AI Browsers Into Credential Thieves
LayerX's BioShocking research shows AI browsers including ChatGPT Atlas, Perplexity Comet, and the Claude extension can be tricked into stealing credentials.
CVE Vulnerability Alerts
Working Exploit Published for LoadMaster CVE-2026-8037 RCE
watchTowr Labs published a working exploit for CVE-2026-8037, a pre-authentication root RCE in Progress Kemp LoadMaster, weeks after patches were released.
CVE Vulnerability Alerts
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
Attackers exploited SimpleHelp's OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure.
CVE Vulnerability Alerts
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
CISA updated its KEV entry for CVE-2026-33825 to flag ransomware group exploitation of the Windows Defender privilege escalation flaw, first patched in April.
Cybersecurity
Trump Administration Lifts Claude Fable 5 Access Restrictions
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Red teamers showed that email inbox prompt injection turns Claude Desktop into a reverse shell when MCP connectors with command execution are installed.
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
Adobe patched seven maximum-severity CVSS 10.0 vulnerabilities in ColdFusion and Campaign Classic, enabling unauthenticated code execution and privilege escalation.
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
Qilin listed Chamco Industries on its dark web extortion portal, threatening to leak stolen data in its latest attack on a Canadian manufacturing company.
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
SOCRadar confirmed FortiBleed hit 430,000 FortiGate firewalls with sniffers on 19,000 devices, linking the operation to INC Ransom and Lynx ransomware groups.
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
Synacktiv disclosed an unpatched unauthenticated RCE in Argo CD's repo-server component that can lead to full Kubernetes cluster takeover with no fix currently available.
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the sandbox and execute system commands.
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
ChocoPoC, a new remote access trojan, targets vulnerability researchers through trojanized proof-of-concept exploit repositories on GitHub, stealing credentials and establishing backdoors.
DeepSeek Built Browser Ransomware Using Chrome File System API
Check Point researchers showed DeepSeek generated InfernoGrabber 9000, near-functional browser ransomware using Chrome's File System Access API to encrypt files across four OS platforms.
Scattered Spider Suspect Peter Stokes Extradited From Finland
Peter Stokes, 19, a dual U.S.-Estonian citizen, was extradited from Finland to face federal computer fraud and conspiracy charges linked to the Scattered Spider hacking ...
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Citrix patched six NetScaler ADC and Gateway vulnerabilities including a new HTTP/2 Bomb denial-of-service vector and information disclosure flaws similar to the CitrixBleed session token ...
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) is under active attack, with honeypots logging crafted XML payloads targeting the /OA_HTML endpoint.
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Apple's iOS 26.2 and macOS Tahoe 26.2 updates patch 30-plus flaws, including four WebKit vulnerabilities co-discovered by OpenAI and Anthropic AI systems.
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
CISPA researchers disclosed six vulnerabilities in Apple AirDrop and Android Quick Share exposing more than five billion active devices to proximity attacks.
BioShocking Attack Turns AI Browsers Into Credential Thieves
LayerX's BioShocking research shows AI browsers including ChatGPT Atlas, Perplexity Comet, and the Claude extension can be tricked into stealing credentials.
Working Exploit Published for LoadMaster CVE-2026-8037 RCE
watchTowr Labs published a working exploit for CVE-2026-8037, a pre-authentication root RCE in Progress Kemp LoadMaster, weeks after patches were released.
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
Attackers exploited SimpleHelp's OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure.
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
CISA updated its KEV entry for CVE-2026-33825 to flag ransomware group exploitation of the Windows Defender privilege escalation flaw, first patched in April.
Three Daktronics Controller Flaws Allow Remote Highway Sign Hijack
CISA disclosed three Daktronics LED controller vulnerabilities that give remote attackers root access to highway signs, billboards, and roadside message boards.
Gitea CVE-2026-20896 Auth Bypass Exploited via One HTTP Header
An anonymous researcher's 130-plus zero-day dump included Gitea CVE-2026-20896, a Docker default misconfiguration that grants admin access with one HTTP header.
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
India's IDRBT domain registry for the RBI-mandated .bank.in namespace exposed 5,576 bank employees' credentials through 33-plus unauthenticated API endpoints.