Cyber Security
China Bans Claude Code After CNVDB Backdoor Advisory
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
HalluSquatting Turns AI Package Hallucinations Into Botnet Traps
Chrome 150 Patches Two Critical Use-After-Free Flaws in Ozone, Views
CMU Research: Copilot’s Safety Refusals Fail 100% in Workflow Mode
Friendly Fire PoC Turns Claude Code and Codex Into Malware Launchers
DigitalMint Employee Sentenced for BlackCat Ransomware Conspiracy
Ill Bloom Flaw Drained $3.1M by Breaking Wallet Seed Randomness
Threat Actors Use Aged GitHub Accounts to Map Corporate Orgs
Microsoft Discloses GigaWiper: Disk Wiper Hidden Behind Fake Ransom
GodDamn Ransomware Uses PoisonX Driver to Kill EDR Before Encrypting
Injective Labs’ npm SDK Poisoned to Steal Crypto Wallet Credentials
Helix Group Uses Vishing and Device Code Flow to Steal SharePoint Data
Forg365 PhaaS Combines AiTM and Device Code Flow to Target M365
200 GitHub Repos Used as Dead Drop C2 Network for Windows Malware
Palo Alto Networks Patches 13 PAN-OS Flaws Including Auth Bypass
NHS Forth Valley Employee Emails Maternity Data to Personal Account
EU Parliament Falls Short of Votes to Block Chat Control Return
OpenMandriva Linux Contributor Attempted Code Sabotage After Dispute
Seven FatFs Flaws Threaten Cameras, Drones, and Crypto Wallets
Microsoft Warns AI Tools Will Accelerate Windows Patch Volumes
IPNetwork Monitor Adds Native PostgreSQL Monitoring and One-Click Zabbix Import to Its Self-Hosted Platform
CISA Adds ColdFusion, Langflow, Two Joomla CVEs to KEV
Ubiquiti Patches Seven Critical UniFi OS Flaws, 100K at Risk
Accenture Confirms Breach After Hacker Lists 35 GB for Sale
Cisco Talos Exposes UAT-7810 LONGLEASH Backdoor on Ruckus Routers
UK NCSC Publishes Cyber Shield Blueprint for AI Defense
BonkDAO Loses $20M After Attacker Buys Quorum with ~$4M
Eight Predatorgate Victims Sue Intellexa for €8 Million
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
CVE Vulnerability Alerts
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
CISA updated its KEV entry for CVE-2026-33825 to flag ransomware group exploitation of the Windows Defender privilege escalation flaw, first patched in April.
Application Security
Three Daktronics Controller Flaws Allow Remote Highway Sign Hijack
CISA disclosed three Daktronics LED controller vulnerabilities that give remote attackers root access to highway signs, billboards, and roadside message boards.
Gitea CVE-2026-58053 Container Escape Vulnerability Published Following Exploitarium Leak
Application Security
Gitea CVE-2026-58053 Container Escape Vulnerability Published Following Exploitarium Leak
An anonymous researcher's 130-plus zero-day dump included Gitea CVE-2026-20896, a Docker default misconfiguration that grants admin access with one HTTP header.
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
India's IDRBT domain registry for the RBI-mandated .bank.in namespace exposed 5,576 bank employees' credentials through 33-plus unauthenticated API endpoints.
Application Security
Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store
Microsoft removed 119 malicious Edge extensions in the StegoAd takedown, exposing a steganography campaign hiding malware in image and font files since 2021.
Application Security
Public PoC Drops for Critical libssh2 Flaw CVE-2026-55200
A public PoC exploit for CVE-2026-55200, a CVSS 9.2 out-of-bounds write in libssh2, is live with no fixed tagged release available for curl, Git, and ...
Application Security
Hijacked npm and Go Packages Exploit VS Code MCP to Deploy Infostealer
Hijacked npm and Go packages exploit VS Code's MCP tasks to bypass npm lifecycle hook protections and deploy a cross-platform Python infostealer.
Cybersecurity
SBU and FBI Expose Russian FSB and GRU Signal Key Theft Campaign
Ukraine's SBU and the FBI jointly exposed campaigns by Russian FSB-linked UNC5792 and GRU-linked UNC4221 stealing Signal and WhatsApp backup recovery keys.
Cybersecurity
US Offers $10M Bounty for Russian Hackers UNC5792 and UNC4221
The US State Department's Rewards for Justice program offers $10 million for intelligence on UNC5792 and UNC4221, Russian groups targeting Signal accounts.
Application Security
Mozilla 0DIN Shows AI Coding Agents Can Be Tricked via DNS TXT
Mozilla's 0DIN researchers show a clean GitHub repo can trick AI coding tools into running malware via DNS TXT records, bypassing security scanners entirely.
Cybersecurity
White House Cybersecurity Review Restricts GPT-5.6 and Anthropic
The Trump administration's ongoing national security review now restricts OpenAI's GPT-5.6 and Anthropic's full model program to government-vetted customers.
Application Security
Athena Coalition Finds 20,000+ Flaws in 500 Open-Source Projects
The Athena coalition of about 24 companies including Docker, Cisco, and Cloudflare used AI to find 20,000+ vulnerabilities across 500 open-source projects.
Application Security
Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce
Threat actor Icarus exploited Klue's Salesforce OAuth integration to breach CRM data at cybersecurity firms including Huntress and Recorded Future in a June 2026 supply ...
Cybersecurity
Law Enforcement Clears 15,000 SocGholish WordPress Sites
Operation Endgame dismantled nearly 15,000 SocGholish-infected WordPress sites and 106 C2 servers linked to Russian cybercrime group Evil Corp in a June 2026 international enforcement ...
Application Security
ShapedPlugin Update System Hacked, Malicious Code Pushed to Customers
ShapedPlugin's plugin update system was compromised by attackers who pushed malicious code to paying WordPress customers through the company's verified official update channels.
Cybersecurity
Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2
Microsoft disclosed a Windows crypto clipper campaign active since February 2026, using USB LNK worm spreading and Tor-based C2 to intercept and redirect cryptocurrency transactions.
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
Application Security
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
Check Point Research exposed a crypto clipper campaign using AI-generated fake reviews on GitHub, YouTube, and VirusTotal comment sections to manufacture trust before delivering malware.
CVE Vulnerability Alerts
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
Microsoft confirmed CVE-2026-50656, a zero-day in the Defender Malware Protection Engine allowing SYSTEM-level privilege escalation, is under active exploitation with no patch currently available.
Cybersecurity
DOJ Seizes Huione Group Cloud Accounts in $4B Fraud Crackdown
The DOJ seized cloud accounts tied to Huione Group, a Cambodia-based conglomerate FinCEN says processed $4B in fraud proceeds from pig butchering scam networks.
Application Security
Cisco Unified CM SSRF Flaw CVE-2026-20230 Under Active Exploit
CVE-2026-20230, a CVSS 8.6 SSRF flaw in Cisco Unified CM's WebDialer, is under active exploitation after a PoC dropped June 23 — patch released June ...
CVE Vulnerability Alerts
Microsoft Patches RoguePlanet Defender Zero-Day CVE-2026-50656
Application Security
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
India's IDRBT domain registry for the RBI-mandated .bank.in namespace exposed 5,576 bank employees' credentials through 33-plus unauthenticated API endpoints.
Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store
Microsoft removed 119 malicious Edge extensions in the StegoAd takedown, exposing a steganography campaign hiding malware in image and font files since 2021.
Public PoC Drops for Critical libssh2 Flaw CVE-2026-55200
A public PoC exploit for CVE-2026-55200, a CVSS 9.2 out-of-bounds write in libssh2, is live with no fixed tagged release available for curl, Git, and ...
Hijacked npm and Go Packages Exploit VS Code MCP to Deploy Infostealer
Hijacked npm and Go packages exploit VS Code's MCP tasks to bypass npm lifecycle hook protections and deploy a cross-platform Python infostealer.
SBU and FBI Expose Russian FSB and GRU Signal Key Theft Campaign
Ukraine's SBU and the FBI jointly exposed campaigns by Russian FSB-linked UNC5792 and GRU-linked UNC4221 stealing Signal and WhatsApp backup recovery keys.
US Offers $10M Bounty for Russian Hackers UNC5792 and UNC4221
The US State Department's Rewards for Justice program offers $10 million for intelligence on UNC5792 and UNC4221, Russian groups targeting Signal accounts.
Mozilla 0DIN Shows AI Coding Agents Can Be Tricked via DNS TXT
Mozilla's 0DIN researchers show a clean GitHub repo can trick AI coding tools into running malware via DNS TXT records, bypassing security scanners entirely.
White House Cybersecurity Review Restricts GPT-5.6 and Anthropic
The Trump administration's ongoing national security review now restricts OpenAI's GPT-5.6 and Anthropic's full model program to government-vetted customers.
Athena Coalition Finds 20,000+ Flaws in 500 Open-Source Projects
The Athena coalition of about 24 companies including Docker, Cisco, and Cloudflare used AI to find 20,000+ vulnerabilities across 500 open-source projects.
Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce
Threat actor Icarus exploited Klue's Salesforce OAuth integration to breach CRM data at cybersecurity firms including Huntress and Recorded Future in a June 2026 supply ...
Law Enforcement Clears 15,000 SocGholish WordPress Sites
Operation Endgame dismantled nearly 15,000 SocGholish-infected WordPress sites and 106 C2 servers linked to Russian cybercrime group Evil Corp in a June 2026 international enforcement ...
ShapedPlugin Update System Hacked, Malicious Code Pushed to Customers
ShapedPlugin's plugin update system was compromised by attackers who pushed malicious code to paying WordPress customers through the company's verified official update channels.
Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2
Microsoft disclosed a Windows crypto clipper campaign active since February 2026, using USB LNK worm spreading and Tor-based C2 to intercept and redirect cryptocurrency transactions.
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
Check Point Research exposed a crypto clipper campaign using AI-generated fake reviews on GitHub, YouTube, and VirusTotal comment sections to manufacture trust before delivering malware.
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
Microsoft confirmed CVE-2026-50656, a zero-day in the Defender Malware Protection Engine allowing SYSTEM-level privilege escalation, is under active exploitation with no patch currently available.
DOJ Seizes Huione Group Cloud Accounts in $4B Fraud Crackdown
The DOJ seized cloud accounts tied to Huione Group, a Cambodia-based conglomerate FinCEN says processed $4B in fraud proceeds from pig butchering scam networks.
Cisco Unified CM SSRF Flaw CVE-2026-20230 Under Active Exploit
CVE-2026-20230, a CVSS 8.6 SSRF flaw in Cisco Unified CM's WebDialer, is under active exploitation after a PoC dropped June 23 — patch released June ...
Two Scattered Spider Members Plead Guilty in TfL Hack Case
Thalha Jubair and Owen Flowers pled guilty to the 2024 Scattered Spider hack of Transport for London, causing GBP 29M in damage and exposing customer ...
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
A threat actor compromised a Gizmodo account to serve ClickFix malware prompts to readers, exploiting brand trust to push PowerShell-based attacks at scale.
Algerian Phishing Marketplace Operator Extradited to US
Algerian national Abdellah Belmili was extradited from Spain to face US bank fraud charges for operating phishing marketplaces Market0Day and Spoxy.