“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack [email protected] (The Hacker News)
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company’s…
-

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations [email protected] (The Hacker News)
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. “An operator tied to FortiBleed’s infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deploymentRead More
-

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos [email protected] (The Hacker News)
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the…
-

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issueRead More
-

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters [email protected] (The Hacker News)
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component’s internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no…
-

19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges [email protected] (The Hacker News)
A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered…
-

SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT [email protected] (The Hacker News)
Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a “massive, multi-domain, multi-language” campaign that distributes malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS Studio, DNS Jumper, DS4Windows, and Bandicam, among others.Read…
-

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer [email protected] (The Hacker News)
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It’s suspected that the initial payloads are distributed either via spear-phishing or a drive-by compromise, which occurs when an unsuspecting user lands…
-
TLS certificate lifetime changes: What CISOs must do now
TLS certificates now expire after 200 days. That window will soon narrow to 100 days and eventually to 47. Is your organization ready?Read More
-

Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures [email protected] (The Hacker News)
A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal. Fortinet’s FortiGuard Labs identified the campaign in May 2026. It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really in Spain or Portugal, and hides its real payload inside an image. The goal…
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
