New OSS secret scanner: Kingfisher (Rust) validates exposed creds + maps permissions
https://www.reddit.com/r/netsec/comments/1qyl3yf/new_oss_secret_scanner_kingfisher_rust_validates/
CrowdCyber
npub1xm6q...7acu
Revolutionizing and Democratizing Cybersecurity
Nation-State Hackers Put Defense Industrial Base Under Siege
Dark Reading
Nation-State Hackers Put Defense Industrial Base Under Siege
Espionage groups from China, Russia, and Iran burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors
Fake job recruiters hide malware in developer coding challenges
BleepingComputer
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-re...
Criminals are using AI website builders to clone major brands
Malwarebytes
Criminals are using AI website builders to clone major brands
AI-assisted website builders are making it far easier for scammers to impersonate well-known and trusted brands, including Malwarebytes.
Back to the Future: SSHStalker Botnet Revives 2009 Tactics to Hijack Linux Servers
Daily CyberSecurity
Back to the Future: SSHStalker Botnet Revives 2009 Tactics to Hijack Linux Servers
New SSHStalker botnet uses vintage IRC tactics & automated SSH brute-forcing to compromise Linux servers. Flare research reveals a "zombie army...
Email Under Siege: Storm-2603 Exploits SmarterMail to Deploy Warlock Ransomware
Daily CyberSecurity
Email Under Siege: Storm-2603 Exploits SmarterMail to Deploy Warlock Ransomware
Storm-2603 exploits SmarterMail vulnerability CVE-2026-23760 to deploy Warlock ransomware. Upgrade to Build 9511 immediately to prevent system comp...
North Korea's UNC1069 Hammers Crypto Firms With AI
Dark Reading
North Korea
In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix.
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
BleepingComputer
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for speci...
Apple patches zero-day flaw that could let attackers take control of devices
Malwarebytes
Apple patches zero-day flaw that could let attackers take control of devices
Apple issued security updates for all devices which include a patch for an actively exploited zero-day—tracked as CVE-2026-20700.
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
Dark Reading
Booz Allen Announces General Availability of Vellox Reverser
The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes.
Apple fixes zero-day flaw used in 'extremely sophisticated' attacks
BleepingComputer
Apple fixes zero-day flaw used in 'extremely sophisticated' attacks
Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" targeting specific in...
Microsoft: New Windows LNK spoofing issues aren't vulnerabilities
BleepingComputer
Microsoft: New Windows LNK spoofing issues aren't vulnerabilities
Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allo...
WordPress plugin with 900k installs vulnerable to critical RCE flaw
BleepingComputer
WordPress plugin with 900k installs vulnerable to critical RCE flaw
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achie...
Outlook add-in goes rogue and steals 4,000 credentials and payment data
Malwarebytes
Outlook add-in goes rogue and steals 4,000 credentials and payment data
The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project.
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
BleepingComputer
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now bein...
CVE-2026-25993: Critical EverShop SQL Injection (CVSS 9.3) Exposes Stores
Daily CyberSecurity
CVE-2026-25993: Critical EverShop SQL Injection (CVSS 9.3) Exposes Stores
Critical EverShop flaw CVE-2026-25993 (CVSS 9.3) allows Second-Order SQL Injection via URL keys. Update to v2.1.1 to prevent store takeover.
Excel Trap: New Phishing Campaign Deploys Fileless XWorm RAT
Daily CyberSecurity
Excel Trap: New Phishing Campaign Deploys Fileless XWorm RAT
Phishing emails use malicious Excel files to deploy XWorm RAT. The fileless attack exploits CVE-2018-0802 to steal data & control systems.
CVE-2026-26007: Python Cryptography Flaw (CVSS 8.2) Leaks Private Keys
Daily CyberSecurity
CVE-2026-26007: Python Cryptography Flaw (CVSS 8.2) Leaks Private Keys
Python cryptography flaw CVE-2026-26007 (CVSS 8.2) allows private key recovery via ECC Subgroup Attack. Update to v46.0.5 now.
