HOTNEWS 2026  January(174) February(168) March(221) April(222) May(261) June(255) July(8) August(0) September(0) October(0) November(0) December(0) | STATISTICS (6887)

DATE

NAME

INFO

CATEGORY

SUBCATE

2.7.26 JADEPUFFER JADEPUFFER: Agentic ransomware for automated database extortion RANSOM RANSOM
2.7.26 CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability VULNEREBILITY VULNEREBILITY
2.7.26 CVE-2026-42880 Kubernetes Secret Extraction via ArgoCD ServerSideDiff VULNEREBILITY VULNEREBILITY
2.7.26 CVE-2025-55190 Project API Token Exposes Repository Credentials VULNEREBILITY VULNEREBILITY
2.7.26 CVE-2024-31989 Use of Risky or Missing Cryptographic Algorithms in Redis Cache VULNEREBILITY VULNEREBILITY
2.7.26 AsyncRAT Reloaded AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again MALWARE RAT
2.7.26 Veil#Drop Veil#Drop: Blogspot-Hosted PowerShell Loader Delivers PureLog Stealer Through XOR-Encoded In-Memory .NET Payloads MALWARE LOADER
1.7.26 CVE-2026-50548 abuses a setting. The sandbox permits writes into a command's working folder, and that folder is an optional parameter, working_directory, on Cursor's run_terminal_cmd tool. When the agent sets it to a non-default path, Cursor adds that path to the allowed-write list without question. Injected instructions point it at a system file instead of the project. Overwrite the sandbox helper itself (on macOS, /Applications/Cursor.app/Contents/Resources/app/resources/helpers/cursorsandbox), and later commands run with no sandbox at all. Startup files like ~/.zshrc work as targets too. VULNEREBILITY VULNEREBILITY
1.7.26 CVE-2026-50549 abuses a safety check. Before writing, Cursor resolves shortcuts (symlinks) to confirm the real destination sits inside your project. The bug is the fallback: when that check fails, because the target does not exist or the attacker removes read access from a folder in the path, Cursor gives up and trusts the shortcut's in-project path instead. An attacker creates a shortcut that points outside the project, forces the check to fail, and Cursor writes straight through it to the same sandbox helper. Same escape, different door. VULNEREBILITY VULNEREBILITY
1.7.26 DuneSlide DuneSlide: Two Critical RCE vulnerabilities via Zero-Click Prompt Injection in Cursor IDE VULNEREBILITY VULNEREBILITY
1.7.26 LSHIY CAMPAIGN No (Bad) CAP: Inside an Ongoing LSHIY Password Spray Attack CAMPAIGN CAMPAIGN
1.7.26 Global Incident Response Report 2026 While these four trends each present a challenge, attacker success is rarely determined by a single attack vector. In more than 750 incident response (IR) engagements, 87% of intrusions involved activity across multiple attack surfaces. This means defenders must protect endpoints, networks, cloud infrastructure, SaaS applications and identity together. REPORT REPORT
1.7.26 Phantom Squatting Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector HACKING AI
1.7.26 ClickFix: The Gift That Keeps On Giving In the beginning of June I presented the session ClickFix: The Gift That Keeps On Giving at OrangeCon. ClickFix emerged around 2024 and saw a 517% increase in 2025 as described by SANS, the effectiveness of this technique is something we will have to deal with for the upcoming years. HACKING ClickFix
1.7.26 Microsoft Digital Defense Report 2025 Lighting the path to a secure future REPORT REPORT
1.7.26 Espionage Group Abuses Legitimate Cloud Platform in Campaigns Against India In a recent write-up, Acronis TRU Security details two cyber espionage campaigns orchestrated by the China-aligned threat actor Fireant (aka Mustang Panda) against the government and hydropower sectors in India. The threat group compromised public networks, including workstations used by senior administrative personnel, using spear-phishing emails containing malicious ZIP archives. ALERTS CAMPAIGN
1.7.26 TinyRCT backdoor delivered in CL-STA-1062 campaign Active since early 2022, a Chinese-speaking cyberespionage collective tracked as CL-STA-1062 (aka UAT-7237) has maintained a persistent focus on strategic entities across East and Southeast Asia. As reported by Palo Alto researchers, lately the group targeted state-owned energy and governmental organizations in Southeast Asia. To execute their operations, these threat actors employ a blended toolkit. ALERTS CAMPAIGN
1.7.26 CVE-2026-8451 (CVSS score: 8.8) - An insufficient input validation vulnerability leading to memory overread when NetScaler ADC or NetScaler Gateway is configured as a SAML IDP VULNEREBILITY VULNEREBILITY
1.7.26 CVE-2026-8452 (CVSS score: 8.8) - A memory overflow vulnerability leading to unpredictable or erroneous behavior and denial-of-service when the appliance is configured as a Gateway or an AAA virtual server VULNEREBILITY VULNEREBILITY
1.7.26 CVE-2026-8655 (CVSS score: 8.8) - Multiple memory overflow vulnerabilities leading to unpredictable or erroneous behavior and denial-of-service when NetScaler ADC is configured as an LB of type Oracle, a DNS Proxy, or a DNS recursive resolver deployment VULNEREBILITY VULNEREBILITY
1.7.26 CVE-2026-10816 (CVSS score: 7.7) - An external control of the file name of the path vulnerability leading to unauthenticated, arbitrary file read when access to NSIP, Cluster Management IP, or SNIP with management access is enabled VULNEREBILITY VULNEREBILITY
1.7.26 CVE-2026-10817 (CVSS score: 6.9) - An insufficient input validation vulnerability leading to memory overread when TCP TimeStamp is enabled in TCP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler VULNEREBILITY VULNEREBILITY
1.7.26 CVE-2026-13474 (CVSS score: 8.7) - A missing release of memory after effective lifetime vulnerability leading to denial-of-service via malformed HTTP/2 requests when HTTP/2 is enabled in the HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler VULNEREBILITY VULNEREBILITY
1.7.26 Securing AI agents Securing AI agents: When AI tools move from reading to acting AI AI
1.7.26 RustDuck RustDuck: An In-Depth Analysis of a Two-Stage Botnet BOTNET BOTNET