
Nightmare Eclipse Drops LegacyHive PoC on Fully Patched Windows
Security group Nightmare Eclipse released LegacyHive, a PoC targeting an unpatched Windows privilege escalation flaw that survived July Patch Tuesday.

Security group Nightmare Eclipse released LegacyHive, a PoC targeting an unpatched Windows privilege escalation flaw that survived July Patch Tuesday.

Zoom patched CVE-2026-53412, a CVSS 9.8 flaw in Zoom Workplace for Windows allowing unauthenticated remote account takeover with no user

Mindgard researcher Aaron Portnoy disclosed a code execution flaw in Cursor AI editor that silently runs trojanized git.exe files when

ServiceNow patched CVE-2026-6875, a CVSS 9.5 unauthenticated remote code execution flaw in its AI platform; hosted instances auto-patched, self-hosted require

Bitdefender documented three Windows bind link techniques — file-binding, process-binding, and silo-binding — that redirect OS path resolution to hide

ANY.RUN disclosed PhantomEnigma, a campaign that hijacked 20-plus Brazilian gov.br domains to distribute malware via police-themed phishing emails that pass

Hunt.io exposed a Chinese state-linked espionage operation that used Claude Code and DeepSeek as direct attack tools, breaching systems in

F5 released an out-of-band patch for CVE-2026-42533, a CVSS 9.2 heap buffer overflow in NGINX Plus and Open Source requiring

Palo Alto Networks Unit 42 exposed TuxBot v3, an Iranian-linked IoT botnet targeting 17 CPU architectures with DDoS-for-hire capabilities and

CoinbaseCartel claimed Panasonic Avionics, Pear ransomware hit two US healthcare providers, and six groups posted victims across multiple sectors and
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.