x86.se x86.se

Categories

  • Access Control
  • Access Management
  • Active Directory
  • Ad Fraud
  • AdTech
  • Adversarial Exposure Validation
  • Afghanistan
  • Agent Security
  • AgentForce
  • Agentic AI
  • Agentic AI control
  • AI
  • AI & ML Security
  • AI adoption metrics
  • AI agents
  • AI Automation
  • AI councils
  • AI firewall
  • AI governance
  • AI identity
  • AI model
  • AI observability and logging
  • AI Safety
  • AI Security
  • AI security frontier
  • AI threat detection
  • AI-driven security
  • AI-native security
  • Airline
  • AitM
  • Akira
  • Altcoin
  • Amatera Stealer
  • Android
  • Anodot
  • Anthropic
  • Anti-Malware Research
  • Antitrust
  • API Security
  • Apple
  • Application Security
  • AppSec
  • AppSheet
  • APT
  • APT Groups
  • apt28
  • Archer Health
  • Artificial Intelligence
  • Ascend AI
  • Ascension
  • Asset Management
  • AsyncRAT
  • ATM Security
  • Attack Surface
  • Attack Surface Management
  • Authentication
  • Automation
  • AWS
  • Azure
  • backdoor
  • Backup Software
  • Banking Fraud
  • Banking Malware
  • Banking Security
  • Beagle red teaming
  • Behavioral analytics UBA
  • Binance
  • Bishop Fox
  • Bitcoin
  • Bitwarden
  • Black Basta
  • Black Hat 2025
  • Blackpoint Cyber
  • Blockchain
  • Botnet
  • Botnets
  • Breach
  • Breach and Attack
  • Breach Prevention
  • Breach Simulation
  • BreachForums
  • BRICKSTORM
  • Browser
  • Browser extension security
  • Browser Security
  • Business Continuity
  • C2
  • CA SiteMinder
  • Canada
  • Captcha
  • Carbon Black
  • Censorship
  • Centralized policy enforcement
  • ChatGPT
  • Children
  • ChillyHell
  • China
  • Chrome
  • CIO and CISO alignment
  • Cisco
  • CISO
  • CISO strategies
  • CISO strategy
  • Cl0p
  • ClaimPix
  • Claude
  • Claude Code
  • Claude Mythos Preview
  • ClickFix
  • Clop
  • Cloud
  • Cloud Computing
  • Cloud Security
  • Cloud Security,
  • CloudFlare
  • CloudSEK
  • Code Security
  • Codex Security
  • Coding
  • Cofense
  • command-and-control
  • Compliance
  • Compliance and audit readiness
  • Compliance GDPR HIPAA PCI
  • Conditional Access
  • ConnectWise RAT
  • Container Security
  • conti
  • Continuous Monitoring
  • Continuous Threat Exposure Management
  • Copilot
  • Copyright
  • Corporate Espionage
  • Counterfeiters
  • Credential hygiene
  • Credential Theft
  • Critical Infrastructure
  • CRM
  • CrowdStrike Falcon Fund
  • Crypto
  • Cryptocurrency
  • Cryptography
  • Cryptojacking
  • CVE-2021-43798
  • CVE-2023-21563
  • cve-2023-24932
  • CVE-2024-50623
  • CVE-2024-55956
  • CVE-2024-58260
  • CVE-2025-10035
  • CVE-2025-10547
  • CVE-2025-10725
  • CVE-2025-27915
  • cve-2025-30247
  • cve-2025-4008
  • CVE-2025-41250
  • CVE-2025-41251
  • CVE-2025-41252
  • CVE-2025-43400
  • cve-2025-49844
  • CVE-2025-52906
  • CVE-2025-57714
  • CVE-2025-59489
  • CVE-2025-59934
  • CVE-2025-59951
  • CVE-2025-61882
  • CVE-2025-9230
  • CVE-2025-9231
  • CVE-2025-9232
  • Cyber Attack
  • Cyber Attacks
  • Cyber Crime
  • Cyber Espionage
  • Cyber Extortion
  • Cyber Insurance
  • Cyber Resilience
  • Cyber Warfare
  • CyberArk
  • Cybercrime
  • Cyberespionage
  • Cybersecurity
  • Cybersecurity Innovations and Excellence
  • Cybersecurity News
  • Cybersecurity Training
  • Cyberwarfare
  • Dark Web
  • DarkForums
  • Darwinium
  • Data Breach
  • Data breach prevention
  • Data Breaches
  • Data Exfiltration
  • Data Exposure
  • Data Integrity
  • Data leak
  • Data leak prevention
  • Data Privacy
  • Data Protection
  • Data Security
  • Data Theft
  • Database Security
  • DDoS
  • DDoS attack
  • DDoS Attacks
  • Defend AI
  • Defense Technology
  • DeFi
  • denial-of-service
  • Detour Dog
  • Developer
  • Developer Security
  • Developer Tools
  • Developers
  • DevOps
  • DevOps Security
  • DevSecOps
  • Digital Advertising
  • Digital Crime
  • Digital Forensics
  • Discord
  • DNS
  • Documents
  • Driver Security
  • Dubai
  • Economic Espionage
  • Edge
  • Education
  • EggStreme
  • EggStremeAgent
  • Email Security
  • Empire Podcast
  • Employee AI governance
  • Encryption
  • Endpoint Security
  • Enterprise AI
  • Enterprise IT
  • Enterprise model security
  • Enterprise Security
  • Enterprise Software
  • Espionage
  • Ethereum
  • Europol
  • exploit
  • Exploits
  • exposure
  • Exposure Management
  • Exposure Validation
  • Extensions
  • Extortion
  • Facebook
  • Fake ID
  • Featured
  • Federal Security
  • File Transfer
  • Fileless
  • FIN11
  • Financial Crime
  • Financial Fraud
  • Financial Security
  • Firebox
  • firewall
  • Firewall Security
  • Firmware Security
  • ForcedLeak
  • ForgeCraft
  • ForgeRock
  • Fortra
  • France
  • Fraud
  • FraudGPT
  • FTC
  • Gaming
  • GDPR
  • Gemini AI
  • Gemini Trifecta
  • Generative AI
  • GitHub
  • GitHub Copilot
  • Global AI risk mapping
  • GoAnywhere
  • GoGra
  • Google
  • Google Cloud
  • Google Workspace
  • Government
  • Great Firewall of China
  • Hacking
  • Hacking News
  • Hacks
  • Hacktivism
  • Hardware
  • Hardware Security
  • Harvester APT
  • Healthcare
  • HexDex
  • Hiddengh0st
  • HIPAA
  • ics
  • ICS Security
  • ICS/OT
  • identity
  • Identity & Access
  • Identity and Access Management
  • Identity and Access Management (IAM)
  • Identity Governance
  • Identity Management
  • Identity Security
  • Identity theft
  • IIServerCore
  • Incident Response
  • India
  • Indirect Prompt Injection
  • Industrial Sabotage
  • Industry Recognition
  • Influencers
  • Info Stealer
  • Infostealer
  • Infrastructure
  • Infrastructure Security
  • Initial Access Broker
  • Insider Threat
  • Insider Threats
  • Internet of Things
  • iOS
  • IoT
  • IoT Research
  • IoT Security
  • IPI
  • IT Compliance
  • IT Operations
  • Jaguar Land Rover
  • Jailbreak attack protection
  • JavaScript
  • Jeremiah Fowler
  • JPEG
  • Kernel
  • Kido
  • Kubernetes
  • Lapsus$
  • LastPass Secure Access Experiences
  • Lat61
  • Law Enforcement
  • LayerX
  • leak
  • leaked
  • Leaks
  • Legal
  • Linux
  • Linux Security
  • LLM
  • LLM analysis
  • LLM Security
  • LNER
  • Lone None
  • Lone None Stealer
  • Los Pollos
  • Lua
  • machine learning
  • macOS
  • Magecart
  • Malvertising
  • Malware
  • Malware Analysis
  • Mandiant
  • MATANBUCHUS
  • MatrixPDF
  • MCP Server
  • Medusa
  • Messaging Security
  • Meta
  • MFA
  • Mic-E-Mouse
  • Microsoft
  • Microsoft Defender
  • Microsoft Entra
  • Microsoft Entra ID
  • Mid-sized enterprise cybersecurity
  • Military
  • Military Security
  • Misconfiguration
  • ML
  • Mobile
  • Mobile Security
  • Money Laundering
  • Muck Stealer
  • Multi-Factor Authentication (MFA)
  • Mustang Panda
  • Mythos AI
  • Nation-state
  • National Security
  • National Security,
  • NET-STAR
  • Netherlands
  • Network
  • Network Security
  • NPM
  • Nursery
  • Offensive AI
  • Offensive Security
  • Okta
  • Oleria
  • Online Fraud
  • Online Scam
  • Online Security
  • Open Source
  • Open Source Security
  • OpenAI
  • Operational Technology
  • OWASP Top 10
  • Owen Flowers
  • Pakistan
  • Palo Alto
  • Passkey support
  • Passport
  • Password Management
  • Password manager
  • Password Security
  • Patch Management
  • Patch Tuesday
  • Payment Security
  • PCI-DSS
  • PDF
  • Penetration Testing
  • Pentesting
  • PhaaS
  • Phantom Taurus
  • Philippine
  • Phishing
  • Phishing Protection
  • Phishing Scam
  • PingFederate
  • PoC
  • Podcast
  • Point Wild
  • Police
  • Popular
  • PowerShell
  • Press Release
  • Privacy
  • Privacy & Compliance
  • privilege escalation
  • Privileged Access Management (PAM)
  • Project Glasswing
  • Prompt injection defense
  • proof-of-concept
  • PropellerAds
  • ProSpy
  • PSF
  • Pure Logs Stealer
  • PureMiner
  • PyPI
  • Python
  • QRadar SIEM
  • Qrator Labs
  • Quantum Computing
  • Quantum Resistance
  • Ransom
  • Ransomware
  • Ransomware Defense
  • Raven AI
  • Raven Stealer
  • rce
  • Real-time policy enforcement
  • Recap
  • Redis
  • RediShell
  • Regulatory Compliance
  • Remote Access Trojan
  • RemoteCOM
  • Renault
  • Report
  • Research
  • Resource-constrained businesses
  • Risk Management
  • Russia
  • SaaS
  • SaaS Monitoring
  • SaaS Protect
  • SaaS Security
  • SailPoint
  • Salesforce
  • Samsung
  • SCADA
  • Scam
  • Scam Research
  • Scams and Fraud
  • Scattered Lapsus$ Hunters
  • Scattered Spider
  • SCOUT
  • ScreenConnect
  • Secrets Management
  • Secure Coding
  • Secure Messaging
  • Secure passwordless authentication
  • Security
  • Security Automation
  • Security Culture
  • Security Incident
  • Security Leadership
  • Security Operations
  • Security Testing
  • Security Training
  • security update
  • Security Validation
  • Senator
  • SentinelOne
  • SEO Poisoning
  • Seraphic Security
  • Server Security
  • Shadow AI
  • Shadow AI detection
  • Shadow AI risks
  • Shadow IT
  • Shadow IT risks
  • Shinobi Security
  • ShinyHunters
  • Shuyal Stealer
  • SIEM and conditional access integration
  • Signal
  • Silverfort
  • SIM Swapping
  • SimpleHelp RAT
  • Single Sign-On (SSO)
  • SMB
  • SMB Security
  • SMS
  • Snow
  • SOC Automation
  • SOC Operations
  • Social Engineering
  • Social Media
  • Software
  • Software Development
  • Software Integrity
  • Software Security
  • Software Supply Chain
  • spam
  • SpamGPT
  • Spotlight
  • Spying
  • Spyware
  • SSO
  • state-sponsored
  • Stealer
  • Straiker
  • StreamYard
  • Strela Stealer
  • Supply Chain
  • Supply Chain Attack
  • Supply Chain Security
  • Surveillance
  • SVG
  • Symantec
  • TeamPCP
  • Technology
  • Telegram
  • TFL
  • Thalha Jubair
  • Threat Detection
  • Threat Exposure
  • Threat Hunting
  • Threat Intelligence
  • Threat Intelligence,
  • Threat Mitigation
  • Threat Research
  • ThreatLocker
  • ToSpy
  • ToTok
  • TradingView
  • Training
  • TROJAN
  • Typosquatting
  • UAE
  • Udemy
  • UK
  • Ukraine
  • Unauthorized SaaS applications
  • UNC5221
  • UNC6692
  • Uncategorized
  • United Kingdom
  • United States
  • USA
  • Vane Viper
  • Varun Uppal
  • Venafi
  • Vibe Coding
  • Vidar
  • Vietnam
  • VoidProxy
  • VPN
  • VPN Security
  • Vulnerabilities
  • Vulnerability
  • Vulnerability Disclosure
  • Vulnerability Management
  • Vulnerability Research
  • WatchGuard
  • Web Browser
  • Web Hosting
  • Web Security
  • Web Server
  • Web Services
  • Web3
  • Webinar
  • Website Security
  • Website Security,
  • WestJet
  • WhatsApp
  • Whitepapers
  • Windoes
  • Windows
  • Windows Security
  • Winnti
  • Winos
  • Wireless Security
  • WitnessAI Secure AI Enablement Platform
  • Workflow Automation
  • Workflow Security
  • WormGPT
  • Xcape
  • XSS
  • Yadi Zhang
  • YoLink
  • YoLink Smart Hub
  • Zara
  • Zero Day
  • Zero Trust
  • Zero-Day
  • Zeroday
  • Zhimin Qian

x86.se x86.se

x86.se x86.se

What are You Looking For?

  • Malware
  • Vulnerabilities
  • Ransomware
  • Vulnerability
  • Enterprise Security
  • Security Incident
3 Min Read
URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat
July 10, 2026

URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that…
3 Min Read
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
July 10, 2026

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Unknown threat actors compromised the Injective Labs SDK project's…
  • Malware
  • Software Supply Chain
4 Min Read
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
July 10, 2026

Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot

Researchers at firmware security firm Binarly have found six…
  • Firmware Security
  • Vulnerability
5 Min Read
Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
July 10, 2026

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Researchers at Ledger's Donjon security team have shown that a…
  • Hardware Security
  • Vulnerability

Explore Trending Topics

Malware
Vulnerabilities
Ransomware
Vulnerability
Security
Windows
  • AI Security
  • Vulnerability
2 Min Read
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws
July 10, 2026

Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws

Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if…
  • Enterprise Security
  • Malware
2 Min Read
New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic
July 10, 2026

New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON.…
  • Server Security
  • Vulnerability
3 Min Read
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
July 10, 2026

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of…
  • Asset Management
  • Enterprise Security
4 Min Read
From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale
July 10, 2026

From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale

Most enterprises assume their asset inventory is close enough to accurate. The evidence suggests otherwise. According to a survey of over 600…
  • Cryptocurrency
  • Vulnerability
4 Min Read
Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets
July 10, 2026

Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is…
  • Cybercrime
  • Law Enforcement
2 Min Read
Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks
July 10, 2026

Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks

A 41-year-old former ransomware negotiator has been sentenced to nearly six years (i.e., 70 months) in prison in the U.S. for their role in…
  • Developer Security
  • Supply Chain Security
2 Min Read
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
July 9, 2026

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations,…
  • Cyber Espionage
  • Malware
4 Min Read
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
July 9, 2026

New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware

Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older…
  • DevSecOps
  • Supply Chain Security
2 Min Read
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
July 9, 2026

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access…
  • Cybersecurity News
  • Hacking News
12 Min Read
ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories
July 9, 2026

ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories

Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because…
  • AI Security
  • Zero Trust
2 Min Read
AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up
July 9, 2026

AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up

AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write…
  • AI Security
  • Application Security
12 Min Read
Summer of Clearinghouses
July 9, 2026

Summer of Clearinghouses

Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it…
  • Endpoint Security
  • Malware
3 Min Read
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
July 9, 2026

GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security…
  • Endpoint Security
  • Vulnerability
3 Min Read
Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
July 9, 2026

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became…
  • AI Security
  • Threat Detection
4 Min Read
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
July 8, 2026

AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers

Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off…
  • AI Security
  • Botnet
5 Min Read
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
July 8, 2026

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name…
  • Network Security
  • Vulnerability
2 Min Read
Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
July 8, 2026

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and…
  • Email Security
  • Phishing
  • Windows
4 Min Read
New Ghost Phishing Wave Is Breaking Traditional Email Security
July 8, 2026

New Ghost Phishing Wave Is Breaking Traditional Email Security

A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost…
  • AI Security
  • Cybercrime
4 Min Read
SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users
July 8, 2026

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using…
  • DevSecOps
  • Open Source Security
4 Min Read
GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
July 8, 2026

GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any…
  • Compliance
  • Identity Security
4 Min Read
The Verification Step Is the New ATO Battleground in 2026
July 8, 2026

The Verification Step Is the New ATO Battleground in 2026

For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated…
  • Malware
  • Network Security
2 Min Read
China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
July 8, 2026

China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by…
  • Cloud Security
  • Vulnerability
3 Min Read
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
July 8, 2026

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in…
  • AI Security
  • Vulnerability
3 Min Read
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
July 8, 2026

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities…
  • Malware
  • Mobile Security
3 Min Read
RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
July 7, 2026

RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service

A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill…
  • Email Security
  • Vulnerability
4 Min Read
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
July 7, 2026

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering…
  • Exploits
  • Malware
  • Network
  • Vulnerabilities
2 Min Read
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
July 7, 2026

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication…
  • Enterprise Security
  • Vulnerability
2 Min Read
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
July 7, 2026

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA)…
  • Malware
  • Threat Intelligence
3 Min Read
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
July 6, 2026

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented…
  • Linux
  • Vulnerability
5 Min Read
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
July 6, 2026

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host…
  • DevOps
  • Vulnerability
2 Min Read
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
July 6, 2026

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig.…
  • Cybersecurity
  • Hacking
15 Min Read
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
July 6, 2026

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt.…
  • Cyber Espionage
  • Endpoint Security
2 Min Read
New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
July 6, 2026

New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions

Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The…
  • Endpoint Security
  • Malware
4 Min Read
New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
July 6, 2026

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows,…
  • Vulnerability
  • Web Security
4 Min Read
Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
July 6, 2026

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a…
  • AI Security
  • Threat Detection
5 Min Read
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
July 6, 2026

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working,…
  • Cyber Extortion
  • Threat Intelligence
3 Min Read
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
July 4, 2026

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan…
  • Cryptocurrency
  • Malware
3 Min Read
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
July 4, 2026

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser…
  • IoT Security
  • Vulnerability
4 Min Read
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
July 3, 2026

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and…
  • Android
  • Linux
4 Min Read
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
July 3, 2026

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a…
  • Artificial Intelligence
  • Endpoint Security
4 Min Read
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
July 3, 2026

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of…
  • Malware
  • Software Supply Chain
5 Min Read
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
July 3, 2026

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to…
x86.se x86.se