“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets [email protected] (The Hacker News)
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 (CVSS 8.8), it lets a local user corrupt file-backed memory through a cloned network packet and gain root. The patch landed inRead More
-

Guardian Agents: The Next Layer of Identity Governance [email protected] (The Hacker News)
AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn’t designed for autonomous actors, and the gap between what enterprises are deploying and what their governance programs actually cover is widening fast. This guide breaksRead More
-

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack [email protected] (The Hacker News)
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. “The latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow…
-

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant [email protected] (The Hacker News)
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says. The company has not attributed the activity to a known threat actor, and the operators’ end goal is still unclear. The lure…
-

Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff [email protected] (The Hacker News)
Russian authorities used Cellebrite’s UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces…
-

Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks [email protected] (The Hacker News)
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group…
-

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability [email protected] (The Hacker News)
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extension description states that it allows…
-
What CISOs should know about AI runtime security
With AI, security at runtime means protecting access, vetting inputs, checking outputs and detecting anomalous behaviors. It is challenging to get right.Read More
-

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories [email protected] (The Hacker News)
It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishing pipes because apparently email was not enough hell already.…
-

Surviving the Mythos Era: Richard Bejtlich on the Case for NDR [email protected] (The Hacker News)
Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering these questions requires teams to go beyond alerts, the most common basis for initial triage.…
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
