Generated by Rank Math SEO, this is an llms.txt file designed to help LLMs better understand and index this website. # Daily Security Review ## Sitemaps [XML Sitemap](https://dailysecurityreview.com/sitemap_index.xml): Includes all crawlable and indexable pages. ## Posts - [Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records](https://dailysecurityreview.com/security-spotlight/cyprus-airways-data-breach-hackers-claim-access-to-real-time-systems-and-passenger-records/): Hackers claim to have breached Cyprus Airways, stealing 41GB of passenger and staff data and maintaining real-time access to flight systems and travel information. - [CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape](https://dailysecurityreview.com/resources/cve-2026-53359-januscape-16-year-kvm-flaw-enables-vm-escape/): CVE-2026-53359 Januscape is a 16-year-old Linux KVM use-after-free that allows guest VM escape to the host on Intel and AMD systems. Patches are available. - [Operation DragonReturn: DcRAT Targets India Tax Professionals](https://dailysecurityreview.com/cyber-security/operation-dragonreturn-dcrat-targets-india-tax-professionals/): China-nexus Operation DragonReturn deploys DcRAT via a cloned Indian tax utility, targeting tax professionals and accountants during India's filing season. - [UK Cyber Resilience Pledge Draws 60 Signatories, Including Capita](https://dailysecurityreview.com/cyber-security/uk-cyber-resilience-pledge-draws-60-signatories-including-capita/): UK Technology Secretary Liz Kendall launched the Cyber Resilience Pledge with 60 signatories, including Capita, despite its ICO fine for a ransomware breach. - [CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data](https://dailysecurityreview.com/cyber-security/cse-admits-hacking-ransomware-gangs-and-deleting-stolen-victim-data/): Canada's CSE confirmed offensive cyber operations against ransomware gangs, including destroying a gang's full infrastructure and deleting stolen victim data. - [GitLost Prompt Injection Leaks Private GitHub Repos via Public Issues](https://dailysecurityreview.com/cyber-security/gitlost-prompt-injection-leaks-private-github-repos-via-public-issues/): Noma Security's GitLost technique tricks GitHub Agentic Workflows into leaking private repository contents via public issue comments, with no patch available. - [WriteOut Flaw Let Attackers Hijack Any Writer AI Enterprise Account](https://dailysecurityreview.com/cyber-security/writeout-flaw-let-attackers-hijack-any-writer-ai-enterprise-account/): Sand Security found a one-click session isolation flaw in Writer AI letting attackers access any enterprise tenant's private models, credentials, and documents. - [Japan Arrests Teen Who Used ChatGPT to Cancel 46,812 Bandai Accounts](https://dailysecurityreview.com/threat-actors/japan-arrests-teen-who-used-chatgpt-to-cancel-46812-bandai-accounts/): Tokyo police arrested a 15-year-old who used ChatGPT to generate attack code that canceled 46,812 Bandai Channel streaming accounts in under four hours. - [BeyondTrust CVE-2026-40138 Auth Bypass Left Self-Hosted Users Exposed](https://dailysecurityreview.com/resources/beyondtrust-cve-2026-40138-auth-bypass-left-self-hosted-users-exposed/): BeyondTrust patched a CVSS 9.2 auth bypass in Remote Support and PRA for SaaS users months ago but withheld notice from self-hosted operators until July 7. - [CERT/CC Finds Hidden Admin Backdoor CVE-2026-11405 in Tenda Firmware](https://dailysecurityreview.com/resources/cert-cc-finds-hidden-admin-backdoor-cve-2026-11405-in-tenda-firmware/): CERT/CC disclosed CVE-2026-11405, a hidden backdoor in Tenda router firmware granting unauthenticated full admin access. No vendor patch is available. - [Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release](https://dailysecurityreview.com/resources/adobe-coldfusion-cve-2026-48282-exploited-within-hours-of-poc-release/): Adobe ColdFusion CVE-2026-48282 (CVSS 10) moved from PoC release to confirmed in-the-wild exploitation in under two hours, according to KEVIntel honeypot data. - [Unit 42 Exposes EtherRAT: Teams Calls Deliver Blockchain-Backed RAT](https://dailysecurityreview.com/cyber-security/unit-42-exposes-etherrat-teams-calls-deliver-blockchain-backed-rat/): Unit 42 exposed an active campaign using fake Microsoft Teams IT support calls to install EtherRAT, a Node.js RAT whose C2 runs on Ethereum smart contracts. - [UNK_MassTraction Exploits Roundcube XSS to Hit US Physics Departments](https://dailysecurityreview.com/threat-actors/unk_masstraction-exploits-roundcube-xss-to-hit-us-physics-departments/): Proofpoint named UNK_MassTraction, a China-aligned group using Roundcube CVE-2024-42009 to steal credentials and 2FA tokens from university physics departments. - [Fake Job Interview Phishing Hits Marketing Pros Across 30 Brand Lures](https://dailysecurityreview.com/phishing/fake-job-interview-phishing-hits-marketing-pros-across-30-brand-lures/): Attackers posing as 30-plus major brand recruiters use fake job interviews to steal Google credentials from marketing professionals who manage ad platforms. - [North Korea PolinRider Poisons 108 Packages via Compromised Accounts](https://dailysecurityreview.com/threat-actors/north-korea-polinrider-poisons-108-packages-via-compromised-accounts/): North Korea's PolinRider campaign used stolen maintainer credentials to push malicious updates to 108 packages across npm, Packagist, Go, and Chrome Web Store. - [CVE-2026-33697: Attested TLS Relay Flaw Hits WhatsApp, Cocos AI](https://dailysecurityreview.com/resources/cve-2026-33697-attested-tls-relay-flaw-hits-whatsapp-cocos-ai/): CVE-2026-33697 lets relay attacks redirect confidential computing traffic without breaking attestation, affecting WhatsApp, Cocos AI, and Edgeless Systems. - [QuimaRAT MaaS Sells Cross-Platform Java RAT for Windows, Linux, macOS](https://dailysecurityreview.com/cyber-security/quimarat-maas-sells-cross-platform-java-rat-for-windows-linux-macos/): QuimaRAT is a new Java-based malware-as-a-service RAT sold from $150 per month that targets Windows, Linux, and macOS enterprise and developer environments. - [Opera GX Flaw Let Malicious Sites Silently Install Mods on 25M Users](https://dailysecurityreview.com/cyber-security/opera-gx-flaw-let-malicious-sites-silently-install-mods-on-25m-users/): A zero-click flaw in Opera GX's mod system let malicious websites silently install data-harvesting browser extensions on the gaming browser's 25 million users. - [TrojPix Leaks Data from Air-Gapped PCs via Video Cable Emissions](https://dailysecurityreview.com/cyber-security/trojpix-leaks-data-from-air-gapped-pcs-via-video-cable-emissions/): Researchers disclosed TrojPix, a new air-gap attack that manipulates pixel rendering to encode data as electromagnetic emissions from a computer's video cable. - [SkillCloak Lets Malicious AI Agent Skills Evade 90% of Static Scanners](https://dailysecurityreview.com/cyber-security/skillcloak-lets-malicious-ai-agent-skills-evade-90-of-static-scanners/): SkillCloak obfuscation lets malicious AI coding agent skills bypass over 90 percent of static detection tools, risking source code and credential theft. - [Zscaler: Two Active Campaigns Hijack AI Agents for Crypto Theft](https://dailysecurityreview.com/cyber-security/zscaler-two-active-campaigns-hijack-ai-agents-for-crypto-theft/): Zscaler found two active campaigns that embed hidden instructions in web pages, causing 4 of 26 AI agents tested to complete unauthorized crypto transfers. - [Google and FBI Seize NetNut Proxy Network Used by 316 Threat Actors](https://dailysecurityreview.com/cyber-security/google-and-fbi-seize-netnut-proxy-network-used-by-316-threat-actors/): Google and the FBI dismantled NetNut, a residential proxy network that secretly hijacked 2 million home devices and served 316 distinct cybercrime groups. - [PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords](https://dailysecurityreview.com/cyber-security/pamstealer-macos-infostealer-uses-pam-api-to-verify-stolen-passwords/): Jamf Threat Labs disclosed PamStealer, a Rust-based macOS infostealer that uses the PAM API to verify stolen passwords before exfiltrating credentials. - [CVE-2026-8451 Exploited Within 24 Hours of Citrix NetScaler Patch](https://dailysecurityreview.com/resources/cve-2026-8451-exploited-within-24-hours-of-citrix-netscaler-patch/): A threat actor exploited CVE-2026-8451 in Citrix NetScaler within 24 hours of patch release, targeting Lupovis honeypots with confirmed memory overread payloads. - [ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently](https://dailysecurityreview.com/cyber-security/toddycat-apts-umbrij-tool-reads-corporate-gmail-via-oauth-silently/): Kaspersky attributed Umbrij to ToddyCat APT, a .NET tool that silently reads corporate Gmail via OAuth without triggering login alerts or standard security notifications. - [Apple Hide My Email Still Leaks Real Addresses After Claimed Fix](https://dailysecurityreview.com/cyber-security/apple-hide-my-email-still-leaks-real-addresses-after-claimed-fix/): Apple's iCloud+ Hide My Email vulnerability still exposes real addresses at 100% success, with multiple claimed fixes from Apple failing to close the flaw. - [90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT](https://dailysecurityreview.com/phishing/90-domain-seo-campaign-abuses-screenconnect-to-deploy-asyncrat-2/): Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages. - [VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer](https://dailysecurityreview.com/cyber-security/veildrop-campaign-uses-google-blogger-to-deliver-purelogs-stealer/): Securonix disclosed VEIL#DROP, an active campaign routing PureLogs Stealer through Google Blogger to bypass reputation-based enterprise security controls. - [90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT](https://dailysecurityreview.com/cyber-security/90-domain-seo-campaign-abuses-screenconnect-to-deploy-asyncrat/): Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages. - [Unit 42 Confirms 13,000 Malicious Phantom Squatting Sites](https://dailysecurityreview.com/cyber-security/unit-42-confirms-13000-malicious-phantom-squatting-sites/): Unit 42 documented phantom squatting, with 13,229 malicious URLs active on AI-hallucinated domains and 250,000 more unregistered sites available to attackers. - [Trump Administration Lifts Claude Fable 5 Access Restrictions](https://dailysecurityreview.com/cyber-security/trump-administration-lifts-claude-fable-5-access-restrictions/): The Trump administration reversed Commerce Department restrictions on Anthropic's Fable 5, restoring global access while Mythos 5 stays limited to vetted U.S. organizations. - [JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE](https://dailysecurityreview.com/ransomware/jadepuffer-first-ai-orchestrated-ransomware-exploits-langflow-rce/): Sysdig identified JADEPUFFER, the first ransomware campaign run by an LLM autonomous agent exploiting CVE-2026-33017 in Langflow to complete full attack chains without human operators. - [CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog](https://dailysecurityreview.com/cyber-security/cisa-adds-sharepoint-rce-cve-2026-45659-to-kev-catalog/): CISA confirmed active exploitation of CVE-2026-45659, a CVSS 8.8 SharePoint Server deserialization flaw enabling authenticated remote code execution in enterprise environments. - [Poisoned Email Turns Claude Desktop Into a Reverse Shell](https://dailysecurityreview.com/cyber-security/poisoned-email-turns-claude-desktop-into-a-reverse-shell/): Red teamers showed that email inbox prompt injection turns Claude Desktop into a reverse shell when MCP connectors with command execution are installed. - [Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic](https://dailysecurityreview.com/cyber-security/adobes-seven-cvss-10-0-flaws-span-coldfusion-and-campaign-classic/): Adobe patched seven maximum-severity CVSS 10.0 vulnerabilities in ColdFusion and Campaign Classic, enabling unauthenticated code execution and privilege escalation. - [Qilin Ransomware Claims Canadian Manufacturer Chamco Industries](https://dailysecurityreview.com/ransomware/qilin-ransomware-claims-canadian-manufacturer-chamco-industries/): Qilin listed Chamco Industries on its dark web extortion portal, threatening to leak stolen data in its latest attack on a Canadian manufacturing company. - [FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked](https://dailysecurityreview.com/ransomware/fortibleed-true-scale-430000-firewalls-targeted-inc-and-lynx-linked/): SOCRadar confirmed FortiBleed hit 430,000 FortiGate firewalls with sniffers on 19,000 devices, linking the operation to INC Ransom and Lynx ransomware groups. - [Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk](https://dailysecurityreview.com/cyber-security/unpatched-argo-cd-rce-puts-kubernetes-clusters-at-risk/): Synacktiv disclosed an unpatched unauthenticated RCE in Argo CD's repo-server component that can lead to full Kubernetes cluster takeover with no fix currently available. - [DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox](https://dailysecurityreview.com/cyber-security/duneslide-flaws-let-prompt-injection-break-cursor-ai-sandbox/): Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the sandbox and execute system commands. - [ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos](https://dailysecurityreview.com/cyber-security/chocopoc-rat-targets-security-researchers-via-fake-github-poc-repos/): ChocoPoC, a new remote access trojan, targets vulnerability researchers through trojanized proof-of-concept exploit repositories on GitHub, stealing credentials and establishing backdoors. - [DeepSeek Built Browser Ransomware Using Chrome File System API](https://dailysecurityreview.com/ransomware/deepseek-built-browser-ransomware-using-chrome-file-system-api/): Check Point researchers showed DeepSeek generated InfernoGrabber 9000, near-functional browser ransomware using Chrome's File System Access API to encrypt files across four OS platforms. - [Scattered Spider Suspect Peter Stokes Extradited From Finland](https://dailysecurityreview.com/threat-actors/scattered-spider-suspect-peter-stokes-extradited-from-finland/): Peter Stokes, 19, a dual U.S.-Estonian citizen, was extradited from Finland to face federal computer fraud and conspiracy charges linked to the Scattered Spider hacking group. - [Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector](https://dailysecurityreview.com/cyber-security/citrix-patches-six-netscaler-flaws-including-http-2-bomb-vector/): Citrix patched six NetScaler ADC and Gateway vulnerabilities including a new HTTP/2 Bomb denial-of-service vector and information disclosure flaws similar to the CitrixBleed session token bug. - [Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch](https://dailysecurityreview.com/cyber-security/attackers-hit-oracle-ebs-cve-2026-46817-days-after-patch/): Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) is under active attack, with honeypots logging crafted XML payloads targeting the /OA_HTML endpoint. - [Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit](https://dailysecurityreview.com/cyber-security/apple-patches-30-flaws-as-ai-systems-earn-webkit-cve-credit/): Apple's iOS 26.2 and macOS Tahoe 26.2 updates patch 30-plus flaws, including four WebKit vulnerabilities co-discovered by OpenAI and Anthropic AI systems. - [Six AirDrop and Quick Share Flaws Put 5B Devices at Risk](https://dailysecurityreview.com/cyber-security/six-airdrop-and-quick-share-flaws-put-5b-devices-at-risk/): CISPA researchers disclosed six vulnerabilities in Apple AirDrop and Android Quick Share exposing more than five billion active devices to proximity attacks. - [BioShocking Attack Turns AI Browsers Into Credential Thieves](https://dailysecurityreview.com/cyber-security/bioshocking-attack-turns-ai-browsers-into-credential-thieves/): LayerX's BioShocking research shows AI browsers including ChatGPT Atlas, Perplexity Comet, and the Claude extension can be tricked into stealing credentials. - [Working Exploit Published for LoadMaster CVE-2026-8037 RCE](https://dailysecurityreview.com/resources/working-exploit-published-for-loadmaster-cve-2026-8037-rce/): watchTowr Labs published a working exploit for CVE-2026-8037, a pre-authentication root RCE in Progress Kemp LoadMaster, weeks after patches were released. - [SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer](https://dailysecurityreview.com/resources/simplehelp-cve-2026-48558-exploited-to-deploy-djinn-stealer/): Attackers exploited SimpleHelp's OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure. - [CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware](https://dailysecurityreview.com/ransomware/cisa-confirms-bluehammer-cve-2026-33825-used-in-ransomware/): CISA updated its KEV entry for CVE-2026-33825 to flag ransomware group exploitation of the Windows Defender privilege escalation flaw, first patched in April. - [Three Daktronics Controller Flaws Allow Remote Highway Sign Hijack](https://dailysecurityreview.com/cyber-security/three-daktronics-controller-flaws-allow-remote-highway-sign-hijack/): CISA disclosed three Daktronics LED controller vulnerabilities that give remote attackers root access to highway signs, billboards, and roadside message boards. - [Gitea CVE-2026-58053 Container Escape Vulnerability Published Following Exploitarium Leak](https://dailysecurityreview.com/resources/gitea-cve-2026-20896-auth-bypass-exploited-via-one-http-header/): An anonymous researcher's 130-plus zero-day dump included Gitea CVE-2026-20896, a Docker default misconfiguration that grants admin access with one HTTP header. - [India IDRBT .bank.in Registry Leaked 5,576 Employee Records](https://dailysecurityreview.com/cyber-security/india-idrbt-bank-in-registry-leaked-5576-employee-records/): India's IDRBT domain registry for the RBI-mandated .bank.in namespace exposed 5,576 bank employees' credentials through 33-plus unauthenticated API endpoints. - [Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store](https://dailysecurityreview.com/cyber-security/microsoft-removes-119-stegoad-extensions-from-edge-add-ons-store/): Microsoft removed 119 malicious Edge extensions in the StegoAd takedown, exposing a steganography campaign hiding malware in image and font files since 2021. - [Public PoC Drops for Critical libssh2 Flaw CVE-2026-55200](https://dailysecurityreview.com/cyber-security/public-poc-drops-for-critical-libssh2-flaw-cve-2026-55200/): A public PoC exploit for CVE-2026-55200, a CVSS 9.2 out-of-bounds write in libssh2, is live with no fixed tagged release available for curl, Git, and PHP. - [Hijacked npm and Go Packages Exploit VS Code MCP to Deploy Infostealer](https://dailysecurityreview.com/cyber-security/hijacked-npm-and-go-packages-exploit-vs-code-mcp-to-deploy-infostealer/): Hijacked npm and Go packages exploit VS Code's MCP tasks to bypass npm lifecycle hook protections and deploy a cross-platform Python infostealer. - [SBU and FBI Expose Russian FSB and GRU Signal Key Theft Campaign](https://dailysecurityreview.com/cyber-security/sbu-and-fbi-expose-russian-fsb-and-gru-signal-key-theft-campaign/): Ukraine's SBU and the FBI jointly exposed campaigns by Russian FSB-linked UNC5792 and GRU-linked UNC4221 stealing Signal and WhatsApp backup recovery keys. - [US Offers $10M Bounty for Russian Hackers UNC5792 and UNC4221](https://dailysecurityreview.com/cyber-security/us-offers-10m-bounty-for-russian-hackers-unc5792-and-unc4221/): The US State Department's Rewards for Justice program offers $10 million for intelligence on UNC5792 and UNC4221, Russian groups targeting Signal accounts. - [Mozilla 0DIN Shows AI Coding Agents Can Be Tricked via DNS TXT](https://dailysecurityreview.com/cyber-security/mozilla-0din-shows-ai-coding-agents-can-be-tricked-via-dns-txt/): Mozilla's 0DIN researchers show a clean GitHub repo can trick AI coding tools into running malware via DNS TXT records, bypassing security scanners entirely. - [White House Cybersecurity Review Restricts GPT-5.6 and Anthropic](https://dailysecurityreview.com/cyber-security/white-house-cybersecurity-review-restricts-gpt-5-6-and-anthropic/): The Trump administration's ongoing national security review now restricts OpenAI's GPT-5.6 and Anthropic's full model program to government-vetted customers. - [Athena Coalition Finds 20,000+ Flaws in 500 Open-Source Projects](https://dailysecurityreview.com/cyber-security/athena-coalition-finds-20000-flaws-in-500-open-source-projects/): The Athena coalition of about 24 companies including Docker, Cisco, and Cloudflare used AI to find 20,000+ vulnerabilities across 500 open-source projects. - [Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce](https://dailysecurityreview.com/cyber-security/klue-oauth-breach-hits-huntress-recorded-future-via-salesforce/): Threat actor Icarus exploited Klue's Salesforce OAuth integration to breach CRM data at cybersecurity firms including Huntress and Recorded Future in a June 2026 supply chain attack. - [Law Enforcement Clears 15,000 SocGholish WordPress Sites](https://dailysecurityreview.com/cyber-security/law-enforcement-clears-15000-socgholish-wordpress-sites/): Operation Endgame dismantled nearly 15,000 SocGholish-infected WordPress sites and 106 C2 servers linked to Russian cybercrime group Evil Corp in a June 2026 international enforcement action. - [ShapedPlugin Update System Hacked, Malicious Code Pushed to Customers](https://dailysecurityreview.com/cyber-security/shapedplugin-update-system-hacked-malicious-code-pushed-to-customers/): ShapedPlugin's plugin update system was compromised by attackers who pushed malicious code to paying WordPress customers through the company's verified official update channels. - [Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2](https://dailysecurityreview.com/cyber-security/microsoft-exposes-windows-crypto-clipper-using-usb-worm-and-tor-c2/): Microsoft disclosed a Windows crypto clipper campaign active since February 2026, using USB LNK worm spreading and Tor-based C2 to intercept and redirect cryptocurrency transactions. - [Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy](https://dailysecurityreview.com/cyber-security/crypto-clipper-abuses-ai-reviews-and-virustotal-to-fake-legitimacy/): Check Point Research exposed a crypto clipper campaign using AI-generated fake reviews on GitHub, YouTube, and VirusTotal comment sections to manufacture trust before delivering malware. - [Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch](https://dailysecurityreview.com/resources/defender-zero-day-cve-2026-50656-under-active-exploit-no-patch/): Microsoft confirmed CVE-2026-50656, a zero-day in the Defender Malware Protection Engine allowing SYSTEM-level privilege escalation, is under active exploitation with no patch currently available. - [DOJ Seizes Huione Group Cloud Accounts in $4B Fraud Crackdown](https://dailysecurityreview.com/cyber-security/doj-seizes-huione-group-cloud-accounts-in-4b-fraud-crackdown/): The DOJ seized cloud accounts tied to Huione Group, a Cambodia-based conglomerate FinCEN says processed $4B in fraud proceeds from pig butchering scam networks. - [Cisco Unified CM SSRF Flaw CVE-2026-20230 Under Active Exploit](https://dailysecurityreview.com/resources/cisco-unified-cm-ssrf-flaw-cve-2026-20230-under-active-exploit/): CVE-2026-20230, a CVSS 8.6 SSRF flaw in Cisco Unified CM's WebDialer, is under active exploitation after a PoC dropped June 23 — patch released June 3, 2026. - [Two Scattered Spider Members Plead Guilty in TfL Hack Case](https://dailysecurityreview.com/threat-actors/two-scattered-spider-members-plead-guilty-in-tfl-hack-case/): Thalha Jubair and Owen Flowers pled guilty to the 2024 Scattered Spider hack of Transport for London, causing GBP 29M in damage and exposing customer data. - [Gizmodo Account Hijacked to Push ClickFix Malware at Readers](https://dailysecurityreview.com/cyber-security/gizmodo-account-hijacked-to-push-clickfix-malware-at-readers/): A threat actor compromised a Gizmodo account to serve ClickFix malware prompts to readers, exploiting brand trust to push PowerShell-based attacks at scale. - [Algerian Phishing Marketplace Operator Extradited to US](https://dailysecurityreview.com/phishing/algerian-phishing-marketplace-operator-extradited-to-us/): Algerian national Abdellah Belmili was extradited from Spain to face US bank fraud charges for operating phishing marketplaces Market0Day and Spoxy. - [Anthropic’s Mythos AI Found Flaws in Classified US Government Systems](https://dailysecurityreview.com/cyber-security/anthropics-mythos-ai-found-flaws-in-classified-us-government-systems/): Anthropic's Mythos AI found real vulnerabilities in classified US government systems during Project Glasswing testing, prompting federal access restrictions. - [Samsung KNOX Kernel Flaw CVE-2026-20971 Affects Galaxy S9 to S25](https://dailysecurityreview.com/resources/samsung-knox-kernel-flaw-cve-2026-20971-affects-galaxy-s9-to-s25/): CVE-2026-20971 is a CVSS 7.8 use-after-free in Samsung KNOX's PROCA and FIVE subsystems, affecting Galaxy S9 through S25 across Android 13, 14, 15, and 16. - [macOS ClickFix Variant Silently Mounts DMG to Deploy AMOS Stealer](https://dailysecurityreview.com/cyber-security/macos-clickfix-variant-silently-mounts-dmg-to-deploy-amos-stealer/): Unit 42 found a macOS ClickFix variant using hdiutil to silently mount DMG files and deploy AMOS stealer, targeting crypto wallets and iCloud Keychain. - [Dify DifyTap Flaws Expose Cross-Tenant AI App Data](https://dailysecurityreview.com/cyber-security/dify-difytap-flaws-expose-cross-tenant-ai-app-data/): Four critical Dify vulnerabilities named DifyTap allow cross-tenant access to private AI chats, uploaded files, and internal APIs. Patched in version 1.14.2. - [Fake AI Agent Skill Reaches 26,000 Agents in Supply Chain Test](https://dailysecurityreview.com/cyber-security/fake-ai-agent-skill-reaches-26000-agents-in-supply-chain-test/): Security firm AIR planted a fake AI agent skill that bypassed all scanners and reached 26,000 agents, exposing a supply chain flaw in AI skill marketplaces. - [Canada’s CSIS Uses Court Warrant to Dismantle Foreign Botnet](https://dailysecurityreview.com/cyber-security/canadas-csis-uses-court-warrant-to-dismantle-foreign-botnet/): CSIS used a court-authorized warrant to remove foreign botnet malware from Canadian servers and IoT devices in a first use of its threat reduction powers. - [Elastic Exposes OXLOADER and CastleStealer in Russian Malvertising](https://dailysecurityreview.com/cyber-security/elastic-exposes-oxloader-and-castlestealer-in-russian-malvertising/): Elastic Security Labs exposed OXLOADER and CastleStealer — two new Russian-linked malware families spread via fake Google Ads targeting software downloaders. - [Understanding Cloud Detection and Response (CDR) and Its Security Role](https://dailysecurityreview.com/cyber-security/understanding-cloud-detection-and-response-cdr-and-its-security-role/): Learn what cloud detection and response (CDR) is, how it works, and practical steps to secure cloud workloads with real‑time threat visibility. - [FFmpeg PixelSmash Heap Overflow Enables RCE in Media Apps](https://dailysecurityreview.com/resources/ffmpeg-pixelsmash-heap-overflow-enables-rce-in-media-apps/): JFrog disclosed CVE-2026-8461, a critical heap overflow in FFmpeg's video decoder enabling remote code execution when processing malicious video files. - [Microsoft AutoGen AI Framework Vulnerable to Localhost RCE](https://dailysecurityreview.com/cyber-security/microsoft-autogen-ai-framework-vulnerable-to-localhost-rce/): Microsoft disclosed AutoJack, a three-part vulnerability chain in AutoGen Studio that lets attackers hijack AI agents and execute arbitrary system commands. - [WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents](https://dailysecurityreview.com/phishing/whatsapp-phishing-deploys-manageengine-rmm-malware-across-continents/): Kaspersky found a WhatsApp phishing campaign using VBScript to install ManageEngine RMM software across multiple countries, granting attackers remote access. - [TeamPCP Open-Source Supply Chain Investigation Reveals Years of Access](https://dailysecurityreview.com/cyber-security/teampcp-open-source-supply-chain-investigation-reveals-years-of-access/): Researchers investigated the TeamPCP threat group that exploited open-source speed culture for years of supply chain access across thousands of organizations. - [Multiple Groups Exploit Critical FortiSandbox Flaws Across 200 Countries](https://dailysecurityreview.com/cyber-security/multiple-groups-exploit-critical-fortisandbox-flaws-across-200-countries/): Multiple sources confirm active exploitation of CVE-2026-25089 and CVE-2026-39813 against FortiSandbox, with credentials compiled for tens of thousands of appliances. - [Kodak Confirms Data Breach After ShinyHunters Sets Leak Deadline](https://dailysecurityreview.com/cyber-security/kodak-confirms-data-breach-after-shinyhunters-sets-leak-deadline/): Kodak confirms a data breach after the ShinyHunters hackgroup claimed 2.2 million records exfiltrated, with the company asserting no threat to current operations. - [F5 Emergency Patch: Critical NGINX Unauthenticated RCE Hits 40 Percent of Web Servers](https://dailysecurityreview.com/cyber-security/f5-emergency-patch-critical-nginx-unauthenticated-rce-hits-40-percent-of-web-servers/): F5 released emergency patches for NGINX enabling unauthenticated RCE across 40 percent of web servers worldwide today in an accelerated disclosure window. - [Atlassian and Splunk Patch Critical Flaws: Splunk AI Toolkit RCE, Atlassian Dependencies](https://dailysecurityreview.com/cyber-security/atlassian-and-splunk-patch-critical-flaws-splunk-ai-toolkit-rce-atlassian-dependencies/): Atlassian and Splunk emergency patches include an OS command injection in Splunk AI Toolkit plus dozens of Atlassian Server dependency flaws - [Critical Command Execution Vulnerability Patched in Cisco ISE](https://dailysecurityreview.com/cyber-security/critical-command-execution-vulnerability-patched-in-cisco-ise/): Cisco patched a critical command execution vulnerability in its Identity Services Engine where insufficient input validation enabled root-level system access. - [Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps](https://dailysecurityreview.com/cyber-security/rokarolla-android-banking-trojan-targets-217-banking-and-crypto-apps/): The Rokarolla Android banking trojan evolved beyond credential theft with a 137-command C2 framework targeting 217 banking and cryptocurrency applications. - [Phantom Stealer Fileless Malware Targets Browser Credentials in Memory](https://dailysecurityreview.com/ransomware/phantom-stealer-fileless-malware-targets-browser-credentials-in-memory/): Researchers identified Phantom Stealer as a new fileless credential stealer targeting all browsers via in-memory execution and anti-analysis techniques. - [INC Ransomware Targets Healthcare, Education, and Local Government](https://dailysecurityreview.com/ransomware/inc-ransomware-targets-healthcare-education-and-local-government/): Investigation reveals INC ransomware achieves consistent revenue by targeting healthcare, education, and local government with rapid encryption and data exfiltration. - [ClickFix Campaign Linked to Vice Society Uses Compromised WordPress Sites](https://dailysecurityreview.com/cyber-security/clickfix-campaign-linked-to-vice-society-uses-compromised-wordpress-sites/): A malware campaign using Lorem Ipsum lures pivots to ClickFix delivery through compromised WordPress sites, with research suggesting possible links to Vice Society. - [FortiBleed Compromises 74K Fortinet Firewall Credentials Worldwide](https://dailysecurityreview.com/cyber-security/fortibleed-compromises-74k-fortinet-firewall-credentials-worldwide/): FortiBleed exposes verified Fortinet FortiGate VPN credentials for 74K devices across 194 countries, covering major corporations and a Turkish NATO contractor. - [Gentlemen RaaS Group Maintains Purpose-Built EDR Killers](https://dailysecurityreview.com/ransomware/gentlemen-raas-group-maintains-purpose-built-edr-killers/): Gentlemen ransomware-as-a-service operation develops and maintains purpose-built endpoint detection kill tools to disable security protections before ransomware deployment. - [Nintendo Confirms Employee Survey Data Stolen via TinyPulse](https://dailysecurityreview.com/cyber-security/nintendo-confirms-employee-survey-data-stolen-via-tinypulse/): Nintendo confirms employee survey data stolen from TinyPulse, the WebMD subsidiary, through a third-party vendor breach affecting corporate HR integration. - [Klue OAuth Breach Impacts Huntress, Recorded Future and Others](https://dailysecurityreview.com/cyber-security/klue-oauth-breach-impacts-huntress-recorded-future-and-others/): Klue's OAuth breach enabled the Icarus threat group to extract Salesforce CRM data from cybersecurity companies including Huntress and Recorded Future. - [Operation Endgame Dismantles SocGholish Botnet, Cleans 15K Sites](https://dailysecurityreview.com/cyber-security/operation-endgame-dismantles-socgholish-botnet-cleans-15k-sites/): International law enforcement destroys 15K SocGholish-infected WordPress sites and 106 C2 servers in coordinated takedown of Evil Corp-linked cybercrime network. - [ShapedPlugin Update System Compromised, Malicious WordPress Plugins Pushed to Customers](https://dailysecurityreview.com/cyber-security/shapedplugin-update-system-compromised-malicious-wordpress-plugins-pushed-to-customers/): Attackers hijacked ShapedPlugin update distribution system to inject malicious code into legitimate plugin releases delivered directly to paying WordPress customers through official update channels. - [F5 Patches Critical NGINX RCE in QUIC Module, CVSS 9.2 Use-After-Free Fixed](https://dailysecurityreview.com/cyber-security/f5-patches-critical-nginx-rce-in-quic-module-cvss-9-2-use-after-free-fixed/): F5 emergency patches address CVE-2026-42530, a critical CVSS 9.2 unauthenticated RCE in NGINX QUIC HTTP3 module that can be exploited remotely without credentials on NGINX web servers. - [Microsoft Details Windows Clipper USB LNK Worm with Tor Command-and-Control](https://dailysecurityreview.com/cyber-security/microsoft-details-windows-clipper-usb-lnk-worm-with-tor-command-and-control/): Microsoft disclosed a Windows Clipper malware campaign active since February using clipboard interception, USB LNK self-spreading, and Tor command-and-control infrastructure to steal cryptocurrency addresses. ## Pages - [My account](https://dailysecurityreview.com/my-account/) - [Checkout](https://dailysecurityreview.com/checkout/) - [Cart](https://dailysecurityreview.com/cart/) - [Shop](https://dailysecurityreview.com/shop/) - [Terms and Conditions](https://dailysecurityreview.com/terms-and-conditions/): Welcome to daily security review! - [Privacy Policy](https://dailysecurityreview.com/privacy-policy-2/): At securitydailyreview.com, we respect every individual’s right to privacy and are committed to safeguarding your privacy online. We understand the importance you place on the privacy and security of information that personally identifies you. StoneFly does not sell personal information to anyone. - [Contact Us](https://dailysecurityreview.com/contact-us/): Contact Latest News News Episource Data Breach Hits Over 5 Million Patients, Sensitive Medical and Insurance Data Potentially Exposed Andrew Doyle July 16, 2025 Podcasts Exein Raises €70M: Defending the IoT-AI Frontier with Embedded Security Andrew Doyle July 16, 2025 Podcasts Salt Typhoon Strikes Again: National Guard, Telecoms, and a Crisis in U.S. Cyber Defense Andrew Doyle July 16, 2025 News Abacus Market Disappears in Suspected Exit Scam After Handling $300 Million in Darknet Transactions Mitchell Langley July 16, 2025 News DragonForce Claims Cyberattack on US Retail Giant Belk, Leaks 156GB of Sensitive Customer and Employee Data Mitchell Langley July 16, 2025 News Diskstation Ransomware Gang Dismantled After Years of Targeting NAS Devices Across Europe Syed Arslan July 16, 2025 News Consentik Breach Exposes Hundreds of Shopify Stores to Admin Takeovers and Data Theft Mitchell Langley July 16, 2025 Uncategorized CISA Faces Budget and Staffing Reductions Under Current Administration July 15, 2025 Uncategorized Chinese Cyberespionage Group ‘Salt Typhoon’ Infiltrates U.S. National Guard Network July 15, 2025 Uncategorized Quantum Computing Emerges as Major Future Cybersecurity Threat July 15, 2025 Uncategorized Outdated Hiring Practices Hamper Cybersecurity Talent Acquisition July 15, 2025 Uncategorized Employee Fear of Reprisal Leads to Unreported Cyber Attacks July 15, 2025 Podcasts DragonForce Ransomware Hits Belk: 150GB Data Leak and Operational Chaos Andrew Doyle July 15, 2025 Podcasts NVIDIA Issues Urgent Rowhammer Warning: Enable ECC or Risk AI Integrity Andrew Doyle July 15, 2025 Podcasts Zip Security Secures $13.5M to Simplify and Scale Cyber Defense Andrew Doyle July 15, 2025 Blog Why is Activity Logging Crucial for Detecting Cyberattacks Mitchell Langley July 15, 2025 Podcasts Century Support Services Breach: 160,000 Identities Compromised in Silent Cyberattack Andrew Doyle July 15, 2025 Resources SafePay Ransomware: LockBit’s Lonewolf Ghost Andrew Doyle July 15, 2025 News Saudi Industrial Giant Rezayat Group Listed on Dark Web After Alleged Everest Ransomware Breach Andrew Doyle July 15, 2025 News Gigabyte Firmware Vulnerabilities Expose Over 240 Motherboards to Stealth UEFI Malware Attacks Mitchell Langley July 15, 2025 - [Write For Us](https://dailysecurityreview.com/write-for-us/): Security Daily Review, the leading platform for daily security reviews and insights. We are always on the lookout for talented individuals who are passionate about security and can contribute their expertise to our growing community. If you are interested in sharing your knowledge and making a difference in the field of data security, storage, backup and DR, we invite you to write for us. - [Homepage](https://dailysecurityreview.com/): TOP CYBERSECURITY HEADLINES ## Products ## Site Builder - [Google Analytics](https://dailysecurityreview.com/astra-advanced-hook/google-analytics/)