News

Cybersecurity
Nightmare Eclipse Drops LegacyHive PoC on Fully Patched Windows
Security group Nightmare Eclipse released LegacyHive, a PoC targeting an unpatched Windows privilege escalation flaw that survived July Patch Tuesday.
Application Security
Zoom Patches CVE-2026-53412 Critical Unauthenticated Account Takeover
Zoom patched CVE-2026-53412, a CVSS 9.8 flaw in Zoom Workplace for Windows allowing unauthenticated remote account takeover with no user interaction required.
Application Security
Cursor AI Code Execution Flaw Left Unpatched Seven Months by Developer
Mindgard researcher Aaron Portnoy disclosed a code execution flaw in Cursor AI editor that silently runs trojanized git.exe files when developers clone malicious repos.
Application Security
ServiceNow Patches CVE-2026-6875 Unauthenticated RCE in AI Platform
ServiceNow patched CVE-2026-6875, a CVSS 9.5 unauthenticated remote code execution flaw in its AI platform; hosted instances auto-patched, self-hosted require manual update.
Cybersecurity
Bitdefender Exposes Windows Bind Link Attacks That Bypass EDR Tools
Bitdefender documented three Windows bind link techniques — file-binding, process-binding, and silo-binding — that redirect OS path resolution to hide malware from EDR tools.
Cybersecurity
PhantomEnigma Weaponizes 20+ Brazilian Gov Sites for Malware Delivery
ANY.RUN disclosed PhantomEnigma, a campaign that hijacked 20-plus Brazilian gov.br domains to distribute malware via police-themed phishing emails that pass SPF, DKIM, and DMARC.
Cybersecurity
Chinese Actors Weaponized Claude Code in Multi-Nation Espionage Op
Hunt.io exposed a Chinese state-linked espionage operation that used Claude Code and DeepSeek as direct attack tools, breaching systems in four countries.
CVE Vulnerability Alerts
F5 Patches CVE-2026-42533 Heap Buffer Overflow in NGINX Plus
F5 released an out-of-band patch for CVE-2026-42533, a CVSS 9.2 heap buffer overflow in NGINX Plus and Open Source requiring no authentication to exploit.
Cybersecurity
Unit 42 Exposes TuxBot v3 Iranian-Linked IoT Botnet With DDoS-for-Hire
Palo Alto Networks Unit 42 exposed TuxBot v3, an Iranian-linked IoT botnet targeting 17 CPU architectures with DDoS-for-hire capabilities and AI-generated code.
Cybersecurity
CoinbaseCartel Hits Panasonic Avionics; Pear Targets US Healthcare
CoinbaseCartel claimed Panasonic Avionics, Pear ransomware hit two US healthcare providers, and six groups posted victims across multiple sectors and countries.