Archive
All articles, newest first. Page 1.

The Gentlemen: Go Backdoor and BYOVD in New RaaS That Spies on EDR
Kaspersky analyzes The Gentlemen, a ransomware-as-a-service group active since early 2026. Custom Go backdoor with persistent C2, five…

CVE-2026-9787: RCE in Quest NetVault Backup with SYSTEM Execution
A vulnerability in the NVBULogDaemon component of Quest NetVault Backup enables remote code execution with authentication bypass. The…

FortiBleed Fuels INC and Lynx: One Operator Serving Two Ransomware Clients
SOCRadar has documented the link between FortiBleed and the INC and Lynx ransomware groups. A single operator accessed the negotiation…

FlowiseAI: RCE in CSV Agent, Authentication Bypassable
The ZDI-26-365 vulnerability in FlowiseAI's CSV Agent component allows remote execution of arbitrary Python code. The patch introduces…

JadePuffer: The First Agentic Ransomware — AI Automates the Entire Kill Chain
Sysdig Threat Research Team documented the first end-to-end ransomware attack conducted by an AI agent on July 1, 2026. Dubbed JadePuf…

A U.S. Local Government Paid $1 Million for an Illusion of Control
A U.S. government entity paid roughly $1 million in bitcoin to the Kairos ransomware group on June 13, 2025, to prevent the release of…

Researcher Documents Real-Time Shared Access Between FortiBleed Operator and INC Ransom, Lynx Panels for First Time
SOCRadar documented that an operator with access to the FortiBleed infrastructure was simultaneously logged into the negotiation panel…

Apple Compresses Patch Cycle After AI Uncovers Four WebKit Flaws
On June 29, 2026, Apple released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, addressing over 30 vulnerabilities.…

Bad Epoll: Linux Kernel Bug Roots Android, Escapes Chrome Sandbox
CVE-2026-46242 is a race condition in the Linux kernel's epoll subsystem that allows an unprivileged user to gain root privileges. The…

Avalon: The Malware Framework Merging AI and Multi-Evasion to Strike
The Avalon framework combines credential harvesting, multi-EDR evasion, and the CrownX ransomware into a single attack chain. Blackpoi…

BusySnake Stealer: The APT That Generates Malware With AI
Armored Likho uses LLMs to write first-stage payloads and PyArmor Pro to obfuscate them. Kaspersky's report reveals an infostealer tar…

Interpol Ransomware: Small Businesses Targeted via Social Engineering
Threat actors are impersonating Interpol in a ransomware campaign hitting small businesses across pharmaceutical, food, agriculture, t…

Apple Shifts Patching Model: First Step Toward Faster Security Updates
Apple has decoupled security updates from major OS release cycles, citing the acceleration of AI-driven attacks as the catalyst. The f…

Medtronic Begins Breach Notifications: 369,200+ Confirmed Victims vs. 9 Million Claimed by ShinyHunters
Medtronic has started notifying individuals affected by an April 2026 corporate IT breach. State regulator filings confirm over 369,20…

ToddyCat's Umbrij Malware Steals Gmail OAuth Tokens by Abusing Enterprise Browsers
The Umbrij malware automates OAuth 2.0 token theft via the Chrome DevTools Protocol, bypassing passwords and MFA on corporate Gmail ac…

Cisco Confirms: Unified CM SSRF Exploited, 48-Hour Window from PoC to Attacks
Cisco confirmed on July 1, 2026, that CVE-2026-20230, an SSRF vulnerability in Unified Communications Manager, is under active in-the-…

ZDI-26-396: Reversed Operator in X.Org Server Opens Door to Arbitrary Read
An elementary coding error in X.Org Server allows out-of-bounds reads with potential escalation: the details of ZDI-26-396.

FortiBleed, the Missing Link: From 430,000 Targeted Firewalls to INC and Lynx Ransomware
SOCRadar ties the FortiBleed credential theft campaign to the INC and Lynx ransomware groups, revealing a single operator managing bot…

ChocoPoC RAT: How Fake PoCs on PyPI Infected Vulnerability Researchers
ChocoPoC, a Python RAT, spreads via GitHub repositories posing as proof-of-concept exploits that hide the payload in transitive PyPI d…

ZDI-26-377: XSS in NetVault Backup Enables Auth Bypass and SYSTEM RCE Chain
An XSS flaw in the viewclient page of Quest NetVault Backup lets a remote attacker bypass authentication and, when chained with other…

VEIL#DROP: How Blogger Became an Infostealer Armorer
Securonix uncovers VEIL#DROP, a multi-stage malware chain that weaponizes Google Blogger to deliver the PureLogs Stealer filelessly, b…

Cursor Hit by Two Critical CVEs: RCE and Zero-Click via Sandbox Prompt Injection
Two vulnerabilities in Cursor rated CVSS 9.8 allow sandbox escape and remote code execution without user interaction. The fix is avail…

AI-Generated Ransomware Attacks via Browser: No Payload, Just Chrome Permissions
Check Point analyzed a DeepSeek-generated sample that encrypts local files by abusing Chrome's File System Access API. No exploit, no…

ClickFix Evolves Into a Platform: Analysis of 3,000 Payloads Reveals API-Driven Delivery
A researcher analyzed 3,000 live ClickFix payloads, uncovering an API-driven architecture, rotating cryptographic wrappers, and adopti…