Cybersecurity
Cybersecurity collects analysis on vulnerabilities, exploits, patch management, ransomware, supply chain, AI security and threat intelligence. These articles help IT professionals, developers and security analysts follow operational threats, vendor updates and technical trends.

Adobe ColdFusion: July 1 Patch, Active Exploit Within Hours
Adobe released security updates for ColdFusion on July 1, 2026, fixing 11 vulnerabilities, six rated CVSS 10.0. Within hours, the Cana…

SkillCloak: 90% of AI Agent Skill Scanners Fail Against Obfuscated Skills
HKUST researchers demonstrate that static scanners on AI skill marketplaces systematically fail against active evasion techniques. The…

Kaseya: 69% of SaaS Accounts in Small Businesses Are Guest Access, MFA Disabled for 56%
Kaseya's 2026 SaaS Security Report reveals that guest accounts make up 69% of monitored SaaS identities across 50,000+ SMBs, while MFA…

Cisco Talos Releases ClamAV 1.5.3 and 1.4.5: Seven Legacy Vulnerabilities Patched
ClamAV 1.5.3 and 1.4.5 address vulnerabilities in PE file, archive, and disk image parsers. Two bugs survived roughly 20 years in crit…

The Gentlemen: Go Backdoor and BYOVD in New RaaS That Spies on EDR
Kaspersky analyzes The Gentlemen, a ransomware-as-a-service group active since early 2026. Custom Go backdoor with persistent C2, five…

CVE-2026-9787: RCE in Quest NetVault Backup with SYSTEM Execution
A vulnerability in the NVBULogDaemon component of Quest NetVault Backup enables remote code execution with authentication bypass. The…

FortiBleed Fuels INC and Lynx: One Operator Serving Two Ransomware Clients
SOCRadar has documented the link between FortiBleed and the INC and Lynx ransomware groups. A single operator accessed the negotiation…

A U.S. Local Government Paid $1 Million for an Illusion of Control
A U.S. government entity paid roughly $1 million in bitcoin to the Kairos ransomware group on June 13, 2025, to prevent the release of…

Researcher Documents Real-Time Shared Access Between FortiBleed Operator and INC Ransom, Lynx Panels for First Time
SOCRadar documented that an operator with access to the FortiBleed infrastructure was simultaneously logged into the negotiation panel…

Apple Compresses Patch Cycle After AI Uncovers Four WebKit Flaws
On June 29, 2026, Apple released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, addressing over 30 vulnerabilities.…

Bad Epoll: Linux Kernel Bug Roots Android, Escapes Chrome Sandbox
CVE-2026-46242 is a race condition in the Linux kernel's epoll subsystem that allows an unprivileged user to gain root privileges. The…

Avalon: The Malware Framework Merging AI and Multi-Evasion to Strike
The Avalon framework combines credential harvesting, multi-EDR evasion, and the CrownX ransomware into a single attack chain. Blackpoi…