// 1 CVE · 1 EXPLOIT IN THE LAST 24H
ransomware

The Gentlemen: Go Backdoor and BYOVD in New RaaS That Spies on EDR

Kaspersky analyzes The Gentlemen, a ransomware-as-a-service group active since early 2026. Custom Go backdoor with persistent C2, five…

Jul 05, 2026views - 1.4k

CYBERSECCVE

CVE-2026-9787: RCE in Quest NetVault Backup with SYSTEM Execution

A vulnerability in the NVBULogDaemon component of Quest NetVault Backup enables remote code execution with authentication bypass. The…

Jul 05, 2026views - 1.3k

CYBERSEC

FortiBleed Fuels INC and Lynx: One Operator Serving Two Ransomware Clients

SOCRadar has documented the link between FortiBleed and the INC and Lynx ransomware groups. A single operator accessed the negotiation…

Jul 05, 2026views - 1.3k

newsCRITICAL

FlowiseAI: RCE in CSV Agent, Authentication Bypassable

The ZDI-26-365 vulnerability in FlowiseAI's CSV Agent component allows remote execution of arbitrary Python code. The patch introduces…

Jul 04, 2026views - 1.4k

news

JadePuffer: The First Agentic Ransomware — AI Automates the Entire Kill Chain

Sysdig Threat Research Team documented the first end-to-end ransomware attack conducted by an AI agent on July 1, 2026. Dubbed JadePuf…

Jul 04, 2026views - 1.3k

ransomware

A U.S. Local Government Paid $1 Million for an Illusion of Control

A U.S. government entity paid roughly $1 million in bitcoin to the Kairos ransomware group on June 13, 2025, to prevent the release of…

Jul 04, 2026views - 1.4k

CYBERSEC

Researcher Documents Real-Time Shared Access Between FortiBleed Operator and INC Ransom, Lynx Panels for First Time

SOCRadar documented that an operator with access to the FortiBleed infrastructure was simultaneously logged into the negotiation panel…

Jul 04, 2026views - 1.2k

apple

Apple Compresses Patch Cycle After AI Uncovers Four WebKit Flaws

On June 29, 2026, Apple released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, addressing over 30 vulnerabilities.…

Jul 04, 2026views - 1.4k

CYBERSECZERO-DAY

Bad Epoll: Linux Kernel Bug Roots Android, Escapes Chrome Sandbox

CVE-2026-46242 is a race condition in the Linux kernel's epoll subsystem that allows an unprivileged user to gain root privileges. The…

Jul 03, 2026views - 1.2k

malware

Avalon: The Malware Framework Merging AI and Multi-Evasion to Strike

The Avalon framework combines credential harvesting, multi-EDR evasion, and the CrownX ransomware into a single attack chain. Blackpoi…

Jul 03, 2026views - 1.5k

malware

BusySnake Stealer: The APT That Generates Malware With AI

Armored Likho uses LLMs to write first-stage payloads and PyArmor Pro to obfuscate them. Kaspersky's report reveals an infostealer tar…

Jul 03, 2026views - 1.5k

ransomware

Interpol Ransomware: Small Businesses Targeted via Social Engineering

Threat actors are impersonating Interpol in a ransomware campaign hitting small businesses across pharmaceutical, food, agriculture, t…

Jul 02, 2026views - 1.3k

news

Apple Shifts Patching Model: First Step Toward Faster Security Updates

Apple has decoupled security updates from major OS release cycles, citing the acceleration of AI-driven attacks as the catalyst. The f…

Jul 02, 2026views - 1.4k

CYBERSEC

Medtronic Begins Breach Notifications: 369,200+ Confirmed Victims vs. 9 Million Claimed by ShinyHunters

Medtronic has started notifying individuals affected by an April 2026 corporate IT breach. State regulator filings confirm over 369,20…

Jul 02, 2026views - 1.4k

malware

ToddyCat's Umbrij Malware Steals Gmail OAuth Tokens by Abusing Enterprise Browsers

The Umbrij malware automates OAuth 2.0 token theft via the Chrome DevTools Protocol, bypassing passwords and MFA on corporate Gmail ac…

Jul 02, 2026views - 1.2k

CYBERSECEXPLOIT

Cisco Confirms: Unified CM SSRF Exploited, 48-Hour Window from PoC to Attacks

Cisco confirmed on July 1, 2026, that CVE-2026-20230, an SSRF vulnerability in Unified Communications Manager, is under active in-the-…

Jul 02, 2026views - 1.2k

VULNZERO-DAY

ZDI-26-396: Reversed Operator in X.Org Server Opens Door to Arbitrary Read

An elementary coding error in X.Org Server allows out-of-bounds reads with potential escalation: the details of ZDI-26-396.

Jul 02, 2026views - 1.4k

CYBERSEC

FortiBleed, the Missing Link: From 430,000 Targeted Firewalls to INC and Lynx Ransomware

SOCRadar ties the FortiBleed credential theft campaign to the INC and Lynx ransomware groups, revealing a single operator managing bot…

Jul 02, 2026views - 1.3k

CYBERSEC

ChocoPoC RAT: How Fake PoCs on PyPI Infected Vulnerability Researchers

ChocoPoC, a Python RAT, spreads via GitHub repositories posing as proof-of-concept exploits that hide the payload in transitive PyPI d…

Jul 02, 2026views - 1.4k

CYBERSECCRITICAL

ZDI-26-377: XSS in NetVault Backup Enables Auth Bypass and SYSTEM RCE Chain

An XSS flaw in the viewclient page of Quest NetVault Backup lets a remote attacker bypass authentication and, when chained with other…

Jul 01, 2026views - 674

CYBERSEC

VEIL#DROP: How Blogger Became an Infostealer Armorer

Securonix uncovers VEIL#DROP, a multi-stage malware chain that weaponizes Google Blogger to deliver the PureLogs Stealer filelessly, b…

Jul 01, 2026views - 677

CYBERSECCRITICAL

Cursor Hit by Two Critical CVEs: RCE and Zero-Click via Sandbox Prompt Injection

Two vulnerabilities in Cursor rated CVSS 9.8 allow sandbox escape and remote code execution without user interaction. The fix is avail…

Jul 01, 2026views - 658

ransomware

AI-Generated Ransomware Attacks via Browser: No Payload, Just Chrome Permissions

Check Point analyzed a DeepSeek-generated sample that encrypts local files by abusing Chrome's File System Access API. No exploit, no…

Jul 01, 2026views - 808

malware

ClickFix Evolves Into a Platform: Analysis of 3,000 Payloads Reveals API-Driven Delivery

A researcher analyzed 3,000 live ClickFix payloads, uncovering an API-driven architecture, rotating cryptographic wrappers, and adopti…

Jul 01, 2026views - 1.1k