Overview Earlier this month, security sleuth and researcher βChaotic Eclipseβ (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey, which allowed them to access BitLoc...
Overview of the First VPN Service π The Federal Bureau of Investigation (FBI) has released a FLASH report to share indicators of compromise (IOCs) and tactics related to the First VPN Service. Thi...
π¨ Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access toolβan ideal starting point for attackers to e...
Google Takes Action Against Malicious Residential Proxy Networks
Google Takes Action Against Malicious Residential Proxy Networks π¨ Today, in coordination with the FBI, Lumen, and others, Google took decisive action against the NetNut residential proxy network,...
Fake Google and Cloudflare Verification Pages Spread Multiple Malware Families
π¨ Fake Google and Cloudflare Verification Pages Spread Multiple Malware Families Source: Malwarebytes Date Published: July 2, 2026 ClickFix attacks, which trick people into running malicious comm...
Alleged Scattered Spider Hacker Arrested in Finland
Alleged Scattered Spider Hacker Arrested in Finland π¨ A teenager has been arrested for alleged involvement with the Scattered Spider hacking group, the US Department of Justice (DOJ) has announced...
WinRAR Flaw Could Allow Attackers to Take Control of Your Computer
WinRAR Vulnerability Alert π¨ Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks. The issue is fixed in WinRAR...
ST Engineering iDirect iQ-Series Terminals Vulnerabilities
ST Engineering iDirect iQ-Series Terminals Vulnerabilities π¨ Date Published: July 2, 2026 Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to d...
CVE-2026-13768 - Gardyn IoT Hub Use of Hard-coded Credentials
CVE-2026-13768 - Gardyn IoT Hub Use of Hard-coded Credentials π¨ Attention: Gardyn devices expose a privileged iothubowner key. Access to this key allows a malicious user to invoke an IoTHub Regist...
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS π A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured se...
New ChocoPoC Malware Targets Researchers via Trojanized PoC Exploits
New ChocoPoC Malware Targets Researchers π¨ A new threat has emerged in the cybersecurity landscape! Multiple weaponized proof-of-concept (PoC) exploits on GitHub have been discovered delivering a ...
Kubota Hackers Had Month-Long Access to Network Systems
Kubota Hackers Had Month-Long Access to Network Systems π¨ Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year....
Hackers Breached DHS Information-Sharing Network
Hackers Breached DHS Information-Sharing Network π¨ A key Department of Homeland Security (DHS) information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exp...
Chrome Needs Another Whopper Update to Fix 382 Security Bugs
Chrome Needs Another Whopper Update to Fix 382 Security Bugs π Yesterday, on the last day of June, Google published an update that includes a whopping 382 security fixes for Chrome. The stable cha...
Brazilian Banking Trojan Ousaban Targets Spain and Portugal
Brazilian Banking Trojan Ousaban Targets Spain and Portugal A banking trojan long used against victims in Brazil has been retooled to target banking customers in Spain and Portugal, using phishing...
Why Are WordPress Sites Still Running EOL PHP?
Why Are WordPress Sites Still Running EOL PHP? Despite PHP updates being freely available, a large number of websites are not maintaining the latest patches, making them prime targets for attacker...
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS π A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured se...
Browser-Only Ransomware From LLM Hallucinations to a Practical Attack Technique
Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique Source: Checkpoint Research Date Published: July 1, 2026 AI can turn high-level malicious ideas into concrete tech...
2026-07-01 Daily Vulns
Vulnerabilities in OFFIS DCMTK Toolkit
Vulnerabilities in OFFIS DCMTK Toolkit The OFFIS DCMTK Toolkit has been found to have several vulnerabilities that could be exploited by attackers. π¨ Key Vulnerabilities: CVE-2026-50003: A pat...