The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two file-upload vulnerabilities, affecting iCagenda and Balbooa Forms, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation in the wild. The alert was issued on July…
Category: EN
Copy-paste might be the riskiest thing your enterprise employees do all day
This source of data leakage takes them less than a second and happens hundreds of times a day. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Copy-paste might be the riskiest thing your…
When cybercriminals outrun the feed
How can you defend against yesterday? This article has been indexed from Cybersecurity Dive – Latest News Read the original article: When cybercriminals outrun the feed
Critical WordPress OAuth SSO Plugin Flaw Allows Unauthenticated Attackers to Gain Admin Access
A critical authentication bypass vulnerability has been disclosed in the widely used miniOrange OAuth Single Sign-On (SSO) WordPress plugin, carrying a near-maximum CVSS score of 9.8. This flaw, tracked as CVE-2026-57807, affects all plugin versions up to and including version…
Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace
The APT-C-60 threat actor has continued targeting Japanese organizations with a spear-phishing campaign that abuses Proton Drive, Windows shortcut files, trusted developer platforms, and native Windows utilities to deliver the SpyGlace malware. While the group retains several established tradecraft elements,…
One Misconfigured Python HTTP Server Exposed Three Active Campaigns from Attackers
A forgotten web server can become a window into a criminal operation. In this case, a Python HTTP service left exposed on a virtual private server revealed the working materials of several attackers. The discovery offers a rare look at…
Hackers Weaponize Real Academic Event Materials to Infect Researchers With RokRAT
A targeted phishing campaign is using genuine academic event details to trick researchers into opening malware. The operation delivers a RokRAT variant through a fake document package that appears connected to a real seminar. The attackers used information from an…
Centers Laboratory Data Breach Affects 540,000 Individuals
The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider. The post Centers Laboratory Data Breach Affects 540,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns
The company notified customers to manually shut down their servers while it is investigating a credible threat. The post Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365
An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history. From that…
Australian Cyber Agency Warns of Global CMS Exploitation Campaign
Australian Cyber Security Centre warns CMS users of mass scanning and exploitation campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: Australian Cyber Agency Warns of Global CMS Exploitation Campaign
Australia Alerts Organizations to Ongoing CMS Exploitation Attacks
Australia warns of a global campaign exploiting CMS flaws to deploy webshells on WordPress, Joomla, and other websites. Australia’s Signals Directorate has issued an alert about a large-scale exploitation campaign actively targeting content management systems (CMS) worldwide, with many small…
AI Agent Discovers 15-Year-Old Linux Kernel Privilege Escalation Bug Named GhostLock
Researchers at Nebula Security have identified GhostLock, a Linux kernel vulnerability tracked as CVE-2026-43499 that has been present since Linux 2. Thank you for being a Ghacks reader. The post AI Agent Discovers 15-Year-Old Linux Kernel Privilege Escalation Bug Named…
A week in security (July 6 – July 12)
A list of topics we covered in the week of July 6 to July 12 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (July 6 – July 12)
Multifunction Windows backdoor, NSA revives TAO, urgent ShareFile warning
Windows backdoor stuffs multiple wipers and ransomware code into a single package NSA brings back Tailored Access Operations name for elite hacking unit Progress urges ShareFile customers to shut down storage zone controllers Show notes: https://cisoseries.com/cybersecurity-news-multifunction-windows-backdoor-nsa-revives-tao-urgent-sharefile-warning/ Huge thanks to our…
New VEXAIoT AI Agents Autonomously Exploit IoT Vulnerabilities With 95% Success Rate
VEXAIoT, an autonomous multi-agent framework designed to discover and exploit vulnerabilities in the Internet of Things (IoT) within controlled test environments. In 200 attack trials against the intentionally vulnerable IoTGoat platform, the system completed 189 attacks, achieving an overall success…
Hackers Can Exploit Motorola MR2600 Firmware Update Process to Gain Code Execution
A newly disclosed unauthenticated remote code execution vulnerability in Motorola MR2600 Wi-Fi routers allows attackers on the local network to upload and install a malicious firmware image without logging in to the router’s administration panel. According to researcher MrBruh, the…
Why SBOMs, signing, and provenance still don’t tell you if software is safe
We have made real progress in software supply chain security, improving visibility into software components, authenticity and build integrity. Much of this progress traces back to Executive Order 14028, which pushed agencies, contractors and enterprises to invest in SBOMs, signing…
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated…
Exposed Server Unmasks Evilginx Operators Stealing Microsoft 365 Sessions and OAuth Tokens
A misconfigured server in Budapest exposed a live phishing operation built to bypass Microsoft 365 multi-factor authentication and retain access to compromised accounts. The server, hosted at 185.163.204[.]7185.163.204[.]7185.163.204[.]7, was running python3 -m http.server 8080 with directory listing enabled, making its…