Cyber Security
Cybersecurity
Google and FBI Seize NetNut Proxy Network Used by 316 Threat Actors
Gabby Lee
July 3, 2026
Google and the FBI dismantled NetNut, a residential proxy network that secretly hijacked 2 million home devices and served 316 distinct cybercrime groups.
Cybersecurity
PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords
Mitchell Langley
July 3, 2026
Jamf Threat Labs disclosed PamStealer, a Rust-based macOS infostealer that uses the PAM API to verify stolen passwords before exfiltrating credentials.
CVE Vulnerability Alerts
CVE-2026-8451 Exploited Within 24 Hours of Citrix NetScaler Patch
Mitchell Langley
July 3, 2026
A threat actor exploited CVE-2026-8451 in Citrix NetScaler within 24 hours of patch release, targeting Lupovis honeypots with confirmed memory overread payloads.
Cybersecurity
ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently
Mitchell Langley
July 3, 2026
Kaspersky attributed Umbrij to ToddyCat APT, a .NET tool that silently reads corporate Gmail via OAuth without triggering login alerts or standard security notifications.
Application Security
Apple Hide My Email Still Leaks Real Addresses After Claimed Fix
Andrew Doyle
July 3, 2026
Apple's iCloud+ Hide My Email vulnerability still exposes real addresses at 100% success, with multiple claimed fixes from Apple failing to close the flaw.
Cybersecurity
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Mitchell Langley
July 3, 2026
Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages.
Cybersecurity
VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer
Gabby Lee
July 3, 2026
Securonix disclosed VEIL#DROP, an active campaign routing PureLogs Stealer through Google Blogger to bypass reputation-based enterprise security controls.
Cybersecurity
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Mitchell Langley
July 3, 2026
Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages.
Application Security
Unit 42 Confirms 13,000 Malicious Phantom Squatting Sites
Mitchell Langley
July 3, 2026
Unit 42 documented phantom squatting, with 13,229 malicious URLs active on AI-hallucinated domains and 250,000 more unregistered sites available to attackers.
Cybersecurity
Trump Administration Lifts Claude Fable 5 Access Restrictions
Mitchell Langley
July 2, 2026
The Trump administration reversed Commerce Department restrictions on Anthropic's Fable 5, restoring global access while Mythos 5 stays limited to vetted U.S. organizations.
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Mitchell Langley
July 2, 2026
Sysdig identified JADEPUFFER, the first ransomware campaign run by an LLM autonomous agent exploiting CVE-2026-33017 in Langflow to complete full attack chains without human operators.
Application Security
CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog
Gabby Lee
July 2, 2026
CISA confirmed active exploitation of CVE-2026-45659, a CVSS 8.8 SharePoint Server deserialization flaw enabling authenticated remote code execution in enterprise environments.
Application Security
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Andrew Doyle
July 2, 2026
Red teamers showed that email inbox prompt injection turns Claude Desktop into a reverse shell when MCP connectors with command execution are installed.
Application Security
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
Andrew Doyle
July 2, 2026
Adobe patched seven maximum-severity CVSS 10.0 vulnerabilities in ColdFusion and Campaign Classic, enabling unauthenticated code execution and privilege escalation.
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
Mitchell Langley
July 2, 2026
Qilin listed Chamco Industries on its dark web extortion portal, threatening to leak stolen data in its latest attack on a Canadian manufacturing company.
Cybersecurity
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
Andrew Doyle
July 2, 2026
SOCRadar confirmed FortiBleed hit 430,000 FortiGate firewalls with sniffers on 19,000 devices, linking the operation to INC Ransom and Lynx ransomware groups.
Application Security
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
Gabby Lee
July 2, 2026
Synacktiv disclosed an unpatched unauthenticated RCE in Argo CD's repo-server component that can lead to full Kubernetes cluster takeover with no fix currently available.
Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Mitchell Langley
July 2, 2026
Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the sandbox and execute system commands.
Cybersecurity
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
Andrew Doyle
July 2, 2026
ChocoPoC, a new remote access trojan, targets vulnerability researchers through trojanized proof-of-concept exploit repositories on GitHub, stealing credentials and establishing backdoors.
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
Gabby Lee
July 2, 2026
Check Point researchers showed DeepSeek generated InfernoGrabber 9000, near-functional browser ransomware using Chrome's File System Access API to encrypt files across four OS platforms.
Cybersecurity
Google and FBI Seize NetNut Proxy Network Used by 316 Threat Actors
Gabby Lee
July 3, 2026
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Gabby Lee
June 30, 2026
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Mitchell Langley
July 2, 2026
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
Mitchell Langley
July 2, 2026
TOP CYBERSECURITY HEADLINES
This Week’s Security Spotlight
Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Mitchell Langley
July 2, 2026
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
Gabby Lee
July 2, 2026
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Gabby Lee
July 2, 2026
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Gabby Lee
June 30, 2026
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently
July 3, 2026
Kaspersky attributed Umbrij to ToddyCat APT, a .NET tool that silently reads corporate Gmail via OAuth without triggering login alerts or standard security notifications.
Apple Hide My Email Still Leaks Real Addresses After Claimed Fix
July 3, 2026
Apple's iCloud+ Hide My Email vulnerability still exposes real addresses at 100% success, with multiple claimed fixes from Apple failing to close the flaw.
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
July 3, 2026
Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages.
VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer
July 3, 2026
Securonix disclosed VEIL#DROP, an active campaign routing PureLogs Stealer through Google Blogger to bypass reputation-based enterprise security controls.
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
July 3, 2026
Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages.
Unit 42 Confirms 13,000 Malicious Phantom Squatting Sites
July 3, 2026
Unit 42 documented phantom squatting, with 13,229 malicious URLs active on AI-hallucinated domains and 250,000 more unregistered sites available to attackers.
Trump Administration Lifts Claude Fable 5 Access Restrictions
July 2, 2026
The Trump administration reversed Commerce Department restrictions on Anthropic's Fable 5, restoring global access while Mythos 5 stays limited to vetted U.S. organizations.
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
July 2, 2026
Sysdig identified JADEPUFFER, the first ransomware campaign run by an LLM autonomous agent exploiting CVE-2026-33017 in Langflow to complete full attack chains without human operators.
CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog
July 2, 2026
CISA confirmed active exploitation of CVE-2026-45659, a CVSS 8.8 SharePoint Server deserialization flaw enabling authenticated remote code execution in enterprise environments.
Poisoned Email Turns Claude Desktop Into a Reverse Shell
July 2, 2026
Red teamers showed that email inbox prompt injection turns Claude Desktop into a reverse shell when MCP connectors with command execution are installed.
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
July 2, 2026
Adobe patched seven maximum-severity CVSS 10.0 vulnerabilities in ColdFusion and Campaign Classic, enabling unauthenticated code execution and privilege escalation.
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
July 2, 2026
Qilin listed Chamco Industries on its dark web extortion portal, threatening to leak stolen data in its latest attack on a Canadian manufacturing company.
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
July 2, 2026
SOCRadar confirmed FortiBleed hit 430,000 FortiGate firewalls with sniffers on 19,000 devices, linking the operation to INC Ransom and Lynx ransomware groups.
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
July 2, 2026
Synacktiv disclosed an unpatched unauthenticated RCE in Argo CD's repo-server component that can lead to full Kubernetes cluster takeover with no fix currently available.
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
July 2, 2026
Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the sandbox and execute system commands.
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
July 2, 2026
ChocoPoC, a new remote access trojan, targets vulnerability researchers through trojanized proof-of-concept exploit repositories on GitHub, stealing credentials and establishing backdoors.
DeepSeek Built Browser Ransomware Using Chrome File System API
July 2, 2026
Check Point researchers showed DeepSeek generated InfernoGrabber 9000, near-functional browser ransomware using Chrome's File System Access API to encrypt files across four OS platforms.
Scattered Spider Suspect Peter Stokes Extradited From Finland
July 2, 2026
Peter Stokes, 19, a dual U.S.-Estonian citizen, was extradited from Finland to face federal computer fraud and conspiracy charges linked to the Scattered Spider hacking ...
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
July 2, 2026
Citrix patched six NetScaler ADC and Gateway vulnerabilities including a new HTTP/2 Bomb denial-of-service vector and information disclosure flaws similar to the CitrixBleed session token ...
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
June 30, 2026
Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) is under active attack, with honeypots logging crafted XML payloads targeting the /OA_HTML endpoint.























