CYBERSECEXPLOIT

Adobe ColdFusion: July 1 Patch, Active Exploit Within Hours

Adobe released security updates for ColdFusion on July 1, 2026, fixing 11 vulnerabilities, six rated CVSS 10.0. Within hours, the Cana…

Jul 06, 2026views - 1.2k

ai

SkillCloak: 90% of AI Agent Skill Scanners Fail Against Obfuscated Skills

HKUST researchers demonstrate that static scanners on AI skill marketplaces systematically fail against active evasion techniques. The…

Jul 06, 2026views - 1.3k

CYBERSEC

Kaseya: 69% of SaaS Accounts in Small Businesses Are Guest Access, MFA Disabled for 56%

Kaseya's 2026 SaaS Security Report reveals that guest accounts make up 69% of monitored SaaS identities across 50,000+ SMBs, while MFA…

Jul 06, 2026views - 1.4k

CYBERSEC

Cisco Talos Releases ClamAV 1.5.3 and 1.4.5: Seven Legacy Vulnerabilities Patched

ClamAV 1.5.3 and 1.4.5 address vulnerabilities in PE file, archive, and disk image parsers. Two bugs survived roughly 20 years in crit…

Jul 05, 2026views - 1.3k

ransomware

The Gentlemen: Go Backdoor and BYOVD in New RaaS That Spies on EDR

Kaspersky analyzes The Gentlemen, a ransomware-as-a-service group active since early 2026. Custom Go backdoor with persistent C2, five…

Jul 05, 2026views - 1.5k

CYBERSECCVE

CVE-2026-9787: RCE in Quest NetVault Backup with SYSTEM Execution

A vulnerability in the NVBULogDaemon component of Quest NetVault Backup enables remote code execution with authentication bypass. The…

Jul 05, 2026views - 1.3k

CYBERSEC

FortiBleed Fuels INC and Lynx: One Operator Serving Two Ransomware Clients

SOCRadar has documented the link between FortiBleed and the INC and Lynx ransomware groups. A single operator accessed the negotiation…

Jul 05, 2026views - 1.3k

ransomware

A U.S. Local Government Paid $1 Million for an Illusion of Control

A U.S. government entity paid roughly $1 million in bitcoin to the Kairos ransomware group on June 13, 2025, to prevent the release of…

Jul 04, 2026views - 1.5k

CYBERSEC

Researcher Documents Real-Time Shared Access Between FortiBleed Operator and INC Ransom, Lynx Panels for First Time

SOCRadar documented that an operator with access to the FortiBleed infrastructure was simultaneously logged into the negotiation panel…

Jul 04, 2026views - 1.3k

apple

Apple Compresses Patch Cycle After AI Uncovers Four WebKit Flaws

On June 29, 2026, Apple released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, addressing over 30 vulnerabilities.…

Jul 04, 2026views - 1.5k

CYBERSECZERO-DAY

Bad Epoll: Linux Kernel Bug Roots Android, Escapes Chrome Sandbox

CVE-2026-46242 is a race condition in the Linux kernel's epoll subsystem that allows an unprivileged user to gain root privileges. The…

Jul 03, 2026views - 1.2k

malware

Avalon: The Malware Framework Merging AI and Multi-Evasion to Strike

The Avalon framework combines credential harvesting, multi-EDR evasion, and the CrownX ransomware into a single attack chain. Blackpoi…

Jul 03, 2026views - 1.5k