HOTNEWS 2026 January(174) February(168) March(221) April(222) May(261) June(255) July(8) August(0) September(0) October(0) November(0) December(0) | STATISTICS (6887)
|
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 2.7.26 | JADEPUFFER | JADEPUFFER: Agentic ransomware for automated database extortion | RANSOM | RANSOM |
| 2.7.26 | CVE-2026-45659 | Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 2.7.26 | CVE-2026-42880 | Kubernetes Secret Extraction via ArgoCD ServerSideDiff | VULNEREBILITY | VULNEREBILITY |
| 2.7.26 | CVE-2025-55190 | Project API Token Exposes Repository Credentials | VULNEREBILITY | VULNEREBILITY |
| 2.7.26 | CVE-2024-31989 | Use of Risky or Missing Cryptographic Algorithms in Redis Cache | VULNEREBILITY | VULNEREBILITY |
| 2.7.26 | AsyncRAT Reloaded | AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again | MALWARE | RAT |
| 2.7.26 | Veil#Drop | Veil#Drop: Blogspot-Hosted PowerShell Loader Delivers PureLog Stealer Through XOR-Encoded In-Memory .NET Payloads | MALWARE | LOADER |
| 1.7.26 | CVE-2026-50548 | abuses a setting. The sandbox permits writes into a command's working folder, and that folder is an optional parameter, working_directory, on Cursor's run_terminal_cmd tool. When the agent sets it to a non-default path, Cursor adds that path to the allowed-write list without question. Injected instructions point it at a system file instead of the project. Overwrite the sandbox helper itself (on macOS, /Applications/Cursor.app/Contents/Resources/app/resources/helpers/cursorsandbox), and later commands run with no sandbox at all. Startup files like ~/.zshrc work as targets too. | VULNEREBILITY | VULNEREBILITY |
| 1.7.26 | CVE-2026-50549 | abuses a safety check. Before writing, Cursor resolves shortcuts (symlinks) to confirm the real destination sits inside your project. The bug is the fallback: when that check fails, because the target does not exist or the attacker removes read access from a folder in the path, Cursor gives up and trusts the shortcut's in-project path instead. An attacker creates a shortcut that points outside the project, forces the check to fail, and Cursor writes straight through it to the same sandbox helper. Same escape, different door. | VULNEREBILITY | VULNEREBILITY |
| 1.7.26 | DuneSlide | DuneSlide: Two Critical RCE vulnerabilities via Zero-Click Prompt Injection in Cursor IDE | VULNEREBILITY | VULNEREBILITY |
| 1.7.26 | LSHIY CAMPAIGN | No (Bad) CAP: Inside an Ongoing LSHIY Password Spray Attack | CAMPAIGN | CAMPAIGN |
| 1.7.26 | Global Incident Response Report 2026 | While these four trends each present a challenge, attacker success is rarely determined by a single attack vector. In more than 750 incident response (IR) engagements, 87% of intrusions involved activity across multiple attack surfaces. This means defenders must protect endpoints, networks, cloud infrastructure, SaaS applications and identity together. | REPORT | REPORT |
| 1.7.26 | Phantom Squatting | Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector | HACKING | AI |
| 1.7.26 | ClickFix: The Gift That Keeps On Giving | In the beginning of June I presented the session ClickFix: The Gift That Keeps On Giving at OrangeCon. ClickFix emerged around 2024 and saw a 517% increase in 2025 as described by SANS, the effectiveness of this technique is something we will have to deal with for the upcoming years. | HACKING | ClickFix |
| 1.7.26 | Microsoft Digital Defense Report 2025 | Lighting the path to a secure future | REPORT | REPORT |
| 1.7.26 | Espionage Group Abuses Legitimate Cloud Platform in Campaigns Against India | In a recent write-up, Acronis TRU Security details two cyber espionage campaigns orchestrated by the China-aligned threat actor Fireant (aka Mustang Panda) against the government and hydropower sectors in India. The threat group compromised public networks, including workstations used by senior administrative personnel, using spear-phishing emails containing malicious ZIP archives. | ALERTS | CAMPAIGN |
| 1.7.26 | TinyRCT backdoor delivered in CL-STA-1062 campaign | Active since early 2022, a Chinese-speaking cyberespionage collective tracked as CL-STA-1062 (aka UAT-7237) has maintained a persistent focus on strategic entities across East and Southeast Asia. As reported by Palo Alto researchers, lately the group targeted state-owned energy and governmental organizations in Southeast Asia. To execute their operations, these threat actors employ a blended toolkit. | ALERTS | CAMPAIGN |
| 1.7.26 | CVE-2026-8451 | (CVSS score: 8.8) - An insufficient input validation vulnerability leading to memory overread when NetScaler ADC or NetScaler Gateway is configured as a SAML IDP | VULNEREBILITY | VULNEREBILITY |
| 1.7.26 | CVE-2026-8452 | (CVSS score: 8.8) - A memory overflow vulnerability leading to unpredictable or erroneous behavior and denial-of-service when the appliance is configured as a Gateway or an AAA virtual server | VULNEREBILITY | VULNEREBILITY |
| 1.7.26 | CVE-2026-8655 | (CVSS score: 8.8) - Multiple memory overflow vulnerabilities leading to unpredictable or erroneous behavior and denial-of-service when NetScaler ADC is configured as an LB of type Oracle, a DNS Proxy, or a DNS recursive resolver deployment | VULNEREBILITY | VULNEREBILITY |
| 1.7.26 | CVE-2026-10816 | (CVSS score: 7.7) - An external control of the file name of the path vulnerability leading to unauthenticated, arbitrary file read when access to NSIP, Cluster Management IP, or SNIP with management access is enabled | VULNEREBILITY | VULNEREBILITY |
| 1.7.26 | CVE-2026-10817 | (CVSS score: 6.9) - An insufficient input validation vulnerability leading to memory overread when TCP TimeStamp is enabled in TCP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler | VULNEREBILITY | VULNEREBILITY |
| 1.7.26 | CVE-2026-13474 | (CVSS score: 8.7) - A missing release of memory after effective lifetime vulnerability leading to denial-of-service via malformed HTTP/2 requests when HTTP/2 is enabled in the HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler | VULNEREBILITY | VULNEREBILITY |
| 1.7.26 | Securing AI agents | Securing AI agents: When AI tools move from reading to acting | AI | AI |
| 1.7.26 | RustDuck | RustDuck: An In-Depth Analysis of a Two-Stage Botnet | BOTNET | BOTNET |