List cybersec
My Stack Simulator, (Wed, Jul 8th)
{"priority":"INFO","cve":"N/A","target":"N/A","threat_actor":"N/A","patch_ready":false,"insight":"The stack is a memory region where a program stores temporary data, and its management is crucial to p..
9:10 am, July 8, 2026 Cybersecurity
CISA orders feds to prioritize patching Langflow auth bypass flaw
{ "priority": "CRITICAL", "cve": "N/A", "target": "Langflow", "threat_actor": "N/A", "patch_ready": true, "insight": "CISA orders federal agencies to patch an actively exploited authentica..
10:10 am, July 8, 2026 Cybersecurity
China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
{ "priority": "HIGH", "cve": "N/A", "target": "Internet-facing networking devices", "threat_actor": "UAT-7810", "patch_ready": false, "insight": "China-linked UAT-7810 APT actor expands OR..
10:10 am, July 8, 2026 Cybersecurity
DuckDuckGo browser now blocks YouTube video ads
{ "priority": "INFO", "cve": "N/A", "target": "DuckDuckGo browser", "threat_actor": "N/A", "patch_ready": false, "insight": "DuckDuckGo browser now blocks YouTube video ads, enhancing user..
12:10 pm, July 8, 2026 Cybersecurity
GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
{ "priority": "CRITICAL", "cve": "N/A", "target": "GitHub", "threat_actor": "N/A", "patch_ready": false, "insight": "GitHub's 'Verified' commits can be rewritten into new hashes without br..
12:10 pm, July 8, 2026 Cybersecurity
The Verification Step Is the New ATO Battleground in 2026
{"priority":"INFO","cve":"N/A","target":"N/A","threat_actor":"N/A","patch_ready":false,"insight":"The verification step is now a critical battleground in account takeover (ATO) attacks, with passkeys ..
12:10 pm, July 8, 2026 Cybersecurity
Telco giant KDDI says data breach affects over 12 million people
{ "priority": "HIGH", "cve": "N/A", "target": "KDDI", "threat_actor": "N/A", "patch_ready": false, "insight": "KDDI experienced a data breach affecting over 12 million people, exposing ema..
12:10 pm, July 8, 2026 Cybersecurity
GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code
{ "priority": "MEDIUM", "cve": "N/A", "target": "GitHub Copilot", "threat_actor": "N/A", "patch_ready": false, "insight": "AI coding assistant GitHub Copilot can bypass harmful request ref..
12:10 pm, July 8, 2026 Cybersecurity
Felons, Fraudsters Flog Offensive Cybersecurity Startup
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most..
1:10 pm, July 8, 2026 Cybersecurity
3 Ways AI Powers Service Desk Attacks and How to Prevent Them
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "AI-powered service desk impersonation attacks are becoming more convincing, pe..
2:10 pm, July 8, 2026 Cybersecurity
New Ghost Phishing Wave Is Breaking Traditional Email Security
{ "priority": "HIGH", "cve": "N/A", "target": "Microsoft 365", "threat_actor": "EvilTokens", "patch_ready": false, "insight": "EvilTokens campaign uses ghost phishing to bypass traditional..
2:10 pm, July 8, 2026 Cybersecurity
SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users
{ "priority": "HIGH", "cve": "N/A", "target": "Mexican banking users", "threat_actor": "REF6045", "patch_ready": false, "insight": "SCMBANKER malware uses ClickFix lures to target Mexican ..
2:10 pm, July 8, 2026 Cybersecurity
Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
{ "priority": "CRITICAL", "cve": "CVE-2026-50746", "target": "Ubiquiti UniFi", "threat_actor": "N/A", "patch_ready": true, "insight": "Ubiquiti patches critical UniFi flaws across Connect,..
3:10 pm, July 8, 2026 Cybersecurity
Entra passkey enrollment vishing targets Microsoft 365 users
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. [...]
5:10 pm, July 8, 2026 Cybersecurity
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its..
5:10 pm, July 8, 2026 Cybersecurity
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
{"priority":"MEDIUM","cve":"N/A","target":"AI Coding Agents (Claude Code, Cursor, OpenAI Codex)","threat_actor":"N/A","patch_ready":false,"insight":"AI coding agents are triggering endpoint security r..
6:10 pm, July 8, 2026 Cybersecurity
Hackers exploit Roundcube flaw to spy on academic researchers
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
7:10 pm, July 8, 2026 Cybersecurity
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
{ "priority": "HIGH", "cve": "N/A", "target": "Paysafe, Skrill, Neteller", "threat_actor": "N/A", "patch_ready": false, "insight": "Malicious packages on npm and PyPI deliver stealer malwa..
8:10 pm, July 8, 2026 Cybersecurity
Mount Royal University confirms breach as hackers claim attack
Mount Royal University in Calgary says hackers stole and then deleted data from its file storage systems after breaching the university's network. [...]
10:10 pm, July 8, 2026 Cybersecurity
ISC Stormcast For Thursday, July 9th, 2026 https://isc.sans.edu/podcastdetail/10000, (Thu, Jul 9th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "A summary of an article on how to earn a billion dollars." }
2:10 am, July 9, 2026 Cybersecurity
_HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_ [Guest Diary], (Tue, Jul 7th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "A guest diary by Jason Callahan, an ISC intern, discussing their experience." ..
2:10 am, July 9, 2026 Cybersecurity
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
{ "priority": "CRITICAL", "cve": "N/A", "target": "AI coding assistants (Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, Windsurf)", "threat_actor": "N/A", ..
5:10 am, July 9, 2026 Cybersecurity
Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprisi..
5:10 am, July 9, 2026 Cybersecurity
Microsoft patches RoguePlanet Defender zero-day vulnerability
{ "priority": "CRITICAL", "cve": "N/A", "target": "Microsoft Defender", "threat_actor": "N/A", "patch_ready": true, "insight": "Microsoft patched a zero-day vulnerability in Defender known..
6:10 am, July 9, 2026 Cybersecurity
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
{"priority":"CRITICAL","cve":"N/A","target":"AI coding agents","threat_actor":"N/A","patch_ready":false,"insight":"AI coding agents can be tricked into running malicious code"}
6:10 am, July 9, 2026 Cybersecurity
AssuranceAmerica data breach exposes records of 6.9 million drivers
{ "priority": "HIGH", "cve": "N/A", "target": "AssuranceAmerica", "threat_actor": "N/A", "patch_ready": false, "insight": "AssuranceAmerica disclosed a data breach impacting 6.9 million dr..
8:10 am, July 9, 2026 Cybersecurity
Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images
{ "priority": "INFO", "cve": "N/A", "target": "Meta AI Image Tool", "threat_actor": "N/A", "patch_ready": false, "insight": "Meta's new AI image tool, Muse Image, allows users to generate ..
8:10 am, July 9, 2026 Cybersecurity
Police arrests 5,800 suspects in global anti-fraud crackdown
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Global law enforcement operation results in 5,811 arrests and $293 million in ..
10:10 am, July 9, 2026 Cybersecurity
Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
{ "priority": "HIGH", "cve": "CVE-2026-50656", "target": "Microsoft Defender", "threat_actor": "N/A", "patch_ready": true, "insight": "Microsoft patches CVE-2026-50656, a privilege escalat..
10:10 am, July 9, 2026 Cybersecurity
Microsoft to retire the OWA Light client in Exchange Server
{ "priority": "INFO", "cve": "N/A", "target": "Microsoft Exchange Server", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft announces retirement of OWA Light client in fu..
11:10 am, July 9, 2026 Cybersecurity
Summer of Clearinghouses
Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we annou..
12:10 pm, July 9, 2026 Cybersecurity
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
{ "priority": "HIGH", "cve": "N/A", "target": "GodDamn Ransomware", "threat_actor": "N/A", "patch_ready": false, "insight": "GodDamn Ransomware uses PoisonX Driver to disable endpoint defe..
12:10 pm, July 9, 2026 Cybersecurity
AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The increasing use of AI by attackers to accelerate their operations highlight..
1:10 pm, July 9, 2026 Cybersecurity
New Forg365 phishing platform uses AI to target Microsoft 365 accounts
{"priority":"HIGH","cve":"N/A","target":"Microsoft 365","threat_actor":"Forg365","patch_ready":false,"insight":"New Forg365 phishing platform uses AI to target Microsoft 365 accounts"}
3:10 pm, July 9, 2026 Cybersecurity
The Hidden Security Risks of Reduced Summer IT Coverage
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The article discusses the security risks associated with reduced IT coverage d..
3:10 pm, July 9, 2026 Cybersecurity
New Helix vishing group emerges in SharePoint data theft attacks
A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePo..
5:10 pm, July 9, 2026 Cybersecurity
Microsoft expects more Windows security updates from AI-discovered flaws
{ "priority": "INFO", "cve": "N/A", "target": "Windows", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft expects an increase in Windows security updates due to AI-discov..
5:10 pm, July 9, 2026 Cybersecurity
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
{"priority":"MEDIUM","cve":"N/A","target":"npm","threat_actor":"N/A","patch_ready":false,"insight":"npm version 12 disables install scripts by default to mitigate supply chain risks."}
5:10 pm, July 9, 2026 Cybersecurity
ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories
{"priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Weekly threat intelligence recap covering various security stories."}
5:10 pm, July 9, 2026 Cybersecurity
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
{ "priority": "HIGH", "cve": "N/A", "target": "GitHub", "threat_actor": "N/A", "patch_ready": false, "insight": "Attackers are using dormant GitHub accounts and automated scraping tools to..
7:10 pm, July 9, 2026 Cybersecurity
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
{ "priority": "HIGH", "cve": "N/A", "target": "Windows", "threat_actor": "N/A", "patch_ready": false, "insight": "GigaWiper Windows backdoor combines disk wiping, fake ransomware, and spyw..
7:10 pm, July 9, 2026 Cybersecurity
Injective SDK on npm infected with cryptocurrency wallet stealer
{ "priority": "CRITICAL", "cve": "N/A", "target": "Injective SDK", "threat_actor": "N/A", "patch_ready": false, "insight": "Injective Labs SDK project GitHub repository compromised, publis..
8:10 pm, July 9, 2026 Cybersecurity
OpenMandriva Linux says contributor tried to sabotage the project
{ "priority": "LOW", "cve": "N/A", "target": "OpenMandriva Linux", "threat_actor": "N/A", "patch_ready": false, "insight": "OpenMandriva Linux project was targeted by an attempted act of i..
11:10 pm, July 9, 2026 Cybersecurity
ISC Stormcast For Friday, July 10th, 2026 https://isc.sans.edu/podcastdetail/10002, (Fri, Jul 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2:10 am, July 10, 2026 Cybersecurity
Former ransomware negotiator gets 4 years for BlackCat attacks
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "BlackCat (ALPHV)", "patch_ready": false, "insight": "Former ransomware negotiator sentenced to 4 years for involvement..
9:10 am, July 10, 2026 Cybersecurity
"Comment stuffing" in an HTML phishing attachment as a mechanism for evading AI-based detection?, (Fri, Jul 10th)
Anyone who deals with phishing messages caught by basic security filters knows that most phishing samples tend to blend into one another, since only a small set of techniques and approaches keeps reap..
10:10 am, July 10, 2026 Cybersecurity
Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words t..
10:10 am, July 10, 2026 Cybersecurity
Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks
{ "priority": "MEDIUM", "cve": "N/A", "target": "BlackCat", "threat_actor": "BlackCat", "patch_ready": false, "insight": "Former ransomware negotiator sentenced to 70 months in prison for ..
10:10 am, July 10, 2026 Cybersecurity
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
{ "priority": "HIGH", "cve": "N/A", "target": "XQUIC", "threat_actor": "N/A", "patch_ready": false, "insight": "Unpatched XRING flaw in XQUIC allows remote clients to crash HTTP/3 servers ..
12:10 pm, July 10, 2026 Cybersecurity
Zimbra urges customers to patch critical web client XSS flaw
{"priority": "CRITICAL", "cve": "N/A", "target": "Zimbra Classic Web Client", "threat_actor": "N/A", "patch_ready": true, "insight": "Zimbra urges customers to patch critical web client XSS flaw in Cl..
12:10 pm, July 10, 2026 Cybersecurity
