• Daily DefSec Brief - Cyber Security News for July 10 2026
    Jul 10 2026
    1. Initial access broker weaponizing CitrixBleed 2 to deploy Dragonforce ransomware — CVE-2025-5777 (referencing CVE-2023-4966, CVE-2026-4368) — Huntress — https://www.huntress.com/blog/citrixbleed-2-dragonforce-ransomware 2. Django SQL injection actively exploited in GeoDjango deployments — CVE-2026-1207 — Cyber Security News — https://cybersecuritynews.com/django-sql-injection-vulnerability-exploited/ 3. Microsoft tells customers to shorten patch deployment windows because of AI — no CVE — Help Net Security — https://www.helpnetsecurity.com/2026/07/10/microsoft-windows-update-deployment-timelines/ ; BleepingComputer — https://www.bleepingcomputer.com/news/microsoft/microsoft-expects-more-windows-security-updates-from-ai-discovered-flaws/ 4. Network of 200-plus GitHub repos delivering Windows malware (Operation Muck and Load) — no CVE — SecurityWeek — https://www.securityweek.com/network-of-200-github-repositories-used-for-malware-infection/ Also mentioned: - Injective SDK npm package compromised (v1.20.21) — BleepingComputer — https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/ - Dormant GitHub accounts reactivated to map corporate orgs via API — The Hacker News — https://thehackernews.com/2026/07/dormant-github-accounts-help-attackers.html - "HalluSquatting" turns AI hallucinations into botnet delivery — SecurityWeek — https://www.securityweek.com/hallusquatting-turns-ai-hallucinations-into-botnet-delivery-mechanism/ - Binarly finds six U-Boot signature verification flaws going back to 2013 — Cyber Security News — https://cybersecuritynews.com/u-boot-fit-signature-verification/ - Bitwarden authentication bypass https://ccb.belgium.be/advisories/warning-bitwarden-server-auth-bypass-allows-vault-takeover-patch-immediately
    Mehr anzeigen Weniger anzeigen
    5 Min.
  • Daily Defsec Brief - Cyber Security News for July 9 2026
    Jul 9 2026
    Apologies for the dog barking. She was mad that she had not yet received her morning allotment of cheese. 1. Microsoft patches the RoguePlanet Defender zero-day after a month of public exploit code — CVE-2026-50656 (related: CVE-2026-33825, CVE-2026-41091, CVE-2026-45498) — BleepingComputer https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-rogueplanet-defender-zero-day-vulnerability/ · SecurityWeek https://www.securityweek.com/microsoft-patches-defender-rogueplanet-vulnerability/ 2. GodDamn ransomware uses a Microsoft-signed driver to blind EDR via BYOVD — no CVE — Dark Reading https://www.darkreading.com/cyberattacks-data-breaches/goddamn-ransomware-byovd-smite-companies 3. Vishing campaign enrolls attacker-controlled passkeys on Microsoft 365 accounts — no CVE — BleepingComputer https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/ 4. Fake Paysafe, Skrill, and Neteller SDKs on npm and PyPI steal developer credentials — no CVE — BleepingComputer https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/ Also mentioned: - Chrome 150 patches 27 vulnerabilities, including two critical use-after-free bugs — SecurityWeek https://www.securityweek.com/chrome-150-update-patches-27-vulnerabilities/ - GitLab patches eight Community and Enterprise Edition flaws, including a high-severity XSS — Cyber Security News https://cybersecuritynews.com/gitlab-patches-security-vulnerabilities/ - Lurking Lizard runs 230-plus lookalike domains pushing a trojanized 7-Zip installer that turns machines into residential proxy nodes — The Hacker News https://thehackernews.com/2026/07/fake-7-zip-installers-turn-devices-into.html - Fake LetsVPN installer bundles a real signed VPN with a hidden RAT called GoodPersonRAT — Cyber Security News https://cybersecuritynews.com/goodpersonrat-uses-fake-letsvpn-installer/
    Mehr anzeigen Weniger anzeigen
    5 Min.
  • Daily DefSec Brief - Cyber Security News for July 8 2026
    Jul 8 2026
    1. CISA adds ColdFusion, Langflow, and two Joomla plugins to KEV — patch by Friday — CVE-2026-48282, CVE-2026-55255, CVE-2026-48908, CVE-2026-56290 — CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog · BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-prioritize-patching-langflow-auth-bypass-flaw/ · SecurityWeek: https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-coldfusion-langflow-joomla-flaws/ 2. Ubiquiti patches max-severity command injection in UniFi Connect — CVE-2026-50746 (plus CVE-2026-50747, -50748, -54400, -54402, -55115, -55116) — BleepingComputer: https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-new-max-severity-unifi-os-vulnerability/ 3. Critical Gitea auth bypass under active exploitation — CVE-2026-20896 — SecurityWeek: https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/ 4. GhostLock: 15-year-old Linux kernel flaw gives root and container escape — CVE-2026-43499 — The Hacker News: https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html Also mentioned: - China-linked UAT-7810 expands ORB network with LONGLEASH malware via Ruckus routers — Cisco Talos via BleepingComputer: https://www.bleepingcomputer.com/news/security/chinese-hackers-develop-longleash-malware-to-expand-orb-network/ - GitLost prompt-injection leaks private GitHub repo data via public issues — The Hacker News: https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html - Malvertising campaign drops Vidar stealer and XMRig miner via fake cracked software — Unit 42: https://unit42.paloaltonetworks.com/vidar-stealer-xmrig-miner-campaign-analysis/ - Hardcoded backdoor password in Tenda router firmware (CVE-2026-11405) — CERT/CC via BleepingComputer: https://www.bleepingcomputer.com/news/security/hidden-backdoor-in-tenda-router-firmware-grants-admin-access/
    Mehr anzeigen Weniger anzeigen
    5 Min.
  • Daily DefSec Brief - Cyber Security News for July 7 2026
    Jul 7 2026
    1. BeyondTrust patches critical auth-bypass flaws in Remote Support and Privileged Remote Access — CVE-2026-40138, CVE-2026-40139 — BleepingComputer — https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-critical-flaws-in-remote-access-software/ 2. Fake Microsoft Teams IT-support calls deliver EtherRAT malware — no CVE (technique; Unit 42 / Palo Alto Networks) — BleepingComputer — https://www.bleepingcomputer.com/news/security/fake-it-support-calls-on-microsoft-teams-push-etherrat-malware/ 3. Cisco patches RCE and info-disclosure flaws in Identity Services Engine — CVE-2026-20181, CVE-2026-20190 — Cisco PSIRT — https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv 4. "Januscape" Linux kernel flaw allows VM escape on Intel and AMD hosts — CVE-2026-53359 — SecurityWeek — https://www.securityweek.com/linux-kernel-vulnerability-allows-vm-escape-on-intel-and-amd-systems/
    Mehr anzeigen Weniger anzeigen
    5 Min.
  • The Microsoft login page that phishing training can't save you from
    Jul 6 2026
    1. Attackers phishing Microsoft's device-code login flow — no CVE (flow abuse) — Securelist (Kaspersky) — https://securelist.com/microsoft-device-code-phishing-attack/120350/ 2. Unauthenticated PHP-FPM crash via TLS stream wrapper — CVE-2026-12184 — Cyber Security News — https://cybersecuritynews.com/multiple-php-vulnerabilities-dos/ 3. ModSecurity WAF input-inspection bypass bugs — CVE-2026-52761, CVE-2026-52747 — Cyber Security News — https://cybersecuritynews.com/modsecurity-vulnerabilities/ 4. Attackers abusing OpenAI's org-invite system — no CVE (feature abuse) — Cyber Security News (citing Push Security) — https://cybersecuritynews.com/hackers-use-openai-org-invites/ Also mentioned: - ClamAV patches seven scanner bugs (update to 1.5.3 / 1.4.5 LTS) — Help Net Security — https://www.helpnetsecurity.com/2026/07/06/clamav-security-patch-versions/ - Cisco Catalyst Center arbitrary file read (CVE-2026-20191) — Cisco PSIRT — https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X - Opera GX zero-click browser-mod / Gmail-address bug (update to 130.0.5847.89) — The Hacker News — https://thehackernews.com/2026/07/opera-gx-flaw-let-malicious-sites-auto.html - Gaslight North Korean-linked macOS malware — Cyber Security News — https://cybersecuritynews.com/gaslight-macos-malware-uses-prompt-injection/
    Mehr anzeigen Weniger anzeigen
    6 Min.