A critical use-after-free race condition in the Linux kernel’s `epoll` subsystem allows local attackers to escalate privileges to… The post “Bad Epoll” Linux Kernel Flaw – How Mythos Missed appeared first on Hackers Online Club. This article has been indexed…
RedLine C2 Pivot Reveals Seven Fraudulent Domains Used in Maritime Phishing Attacks
A single leaked command and control server ended up unraveling an entire phishing operation aimed at the maritime shipping world. What started as a routine look at RedLine Stealer traffic turned into the discovery of seven fake domains built to…
Multiple ModSecurity Vulnerabilities Allow Attackers to Bypass Firewall Rules
Multiple vulnerabilities have been disclosed in OWASP ModSecurity, a widely used open-source web application firewall (WAF), allowing attackers to bypass security rules under specific conditions. The flaws, tracked as CVE-2026-52761 and CVE-2026-52747, affect ModSecurity versions up to 3.0.15 and have…
Moody Bible Institute Data Breach Exposes 2.3 Million Users’ Personal Data
Moody Bible Institute has confirmed a significant data breach after threat actors linked to the ShinyHunters extortion group published personal information belonging to over 2.3 million individuals. The exposed dataset includes donors, supporters, students, and alumni associated with the institute.…
Multiple PHP Vulnerabilities Enable DoS and Memory Corruption Attacks
Multiple security vulnerabilities in PHP have been disclosed that could allow attackers to trigger denial-of-service (DoS) conditions and cause memory corruption, impacting widely deployed web applications. The issues, tracked as CVE-2026-12184 and CVE-2026-14355, were published through official PHP security advisories…
NetNut botnet takes a hit. Don’t be part of the next one.
Google, the FBI, and other partners have disrupted a residential proxy network built on millions of hijacked devices and used by criminals. This article has been indexed from Malwarebytes Read the original article: NetNut botnet takes a hit. Don’t be…
Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by Seqrite…
How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy…
NCA Warns Parents of AI-Generated Child Abuse Content
The UK’s National Crime Agency has issued an urgent warning to parents following a dramatic surge in AI-generated child sexual abuse material. This article has been indexed from CyberMaterial Read the original article: NCA Warns Parents of AI-Generated Child Abuse…
Opera GX Flaw Allows Silent Mod Installation
A critical security flaw in Opera GX, the gaming-oriented version of the Opera web browser, allowed attackers to install malicious browser extensions without any user interaction or consent. This article has been indexed from CyberMaterial Read the original article: Opera…
AdaptHealth breach via social engineering
AdaptHealth has disclosed a data breach resulting from a social engineering attack that compromised sensitive patient information across multiple systems. This article has been indexed from CyberMaterial Read the original article: AdaptHealth breach via social engineering
Visa Threat Platform Combats Payment Fraud
Visa has introduced the Visa Threat Intelligence Platform, a new security tool designed to help financial institutions identify and mitigate payment fraud risks before they result in financial losses. This article has been indexed from CyberMaterial Read the original article:…
France halts certification of non-quantum-safe encryption
France’s national cybersecurity agency ANSSI has announced an aggressive timeline for transitioning to post-quantum cryptography, declaring it will cease certifying security products that lack quantum-resistant encryption beginning in 2027. This article has been indexed from CyberMaterial Read the original article:…
ISC Stormcast For Monday, July 6th, 2026 https://isc.sans.edu/podcastdetail/9994, (Mon, Jul 6th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 6th, 2026…
Go-Based Gentlemen Ransomware Uses PsExec, WMIC, and PowerShell Remoting for Network Propagation
Gentlemen, a Go-based ransomware-as-a-service (RaaS) active since mid-2025, has distinguished itself with a potent combination of modern cryptography, aggressive worm-like propagation, and a broad toolkit for remote execution. Operators offer the platform to affiliates, and recent recruitment ties to major…
Why schools are easy prey for hackers — and why they struggle to fight back
Power plants and gas pipelines might receive more attention, but schools are arguably more vulnerable. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Why schools are easy prey for hackers — and why…
Critical fast-mcp-telegram Vulnerability Lets Attackers Access Telegram Session Without Token
A critical vulnerability in fast-mcp-telegram (CVE-2026-52830, GHSA-rxw2-pc8j-vxwm) allows attackers to access a Telegram MCP session over HTTP without a valid bearer token by abusing a path-traversal flaw in how session files are resolved on disk. This breaks the intended high-entropy…
Critical Opera GX Vulnerability Lets Attackers Inject CSS Across Every Webpage
A critical security vulnerability in Opera GX has been disclosed, revealing that attackers could exploit the browser’s GX Mods feature to inject malicious CSS across every webpage visited by a victim. This could enable cross-site data exfiltration and have a…
It Might Feel Like We’ve Been Here Before, But We Haven’t
As artificial intelligence (AI) adoption surges and organisations move from the ‘should we?’ phase to the ‘how do we?’ phase, it’s natural to evaluate the likelihood of positive returns on AI investments. … The post It Might Feel Like We’ve…
Gaslight macOS Malware Uses Prompt Injection to Evade AI Security Analysis
A fresh piece of Mac malware has surfaced, and it comes with a twist that security teams have not seen before. Written in Rust and tied to North Korean hacking groups, this malware does not just steal data quietly. It…
Agent Skill Malware Targets Claude Code and OpenAI Codex With Scanner-Evasion Techniques
A new class of malicious software is quietly slipping past the security tools meant to protect popular AI coding assistants. Researchers have found that malware hidden inside “agent skills,” small add-on packages used by tools like Claude Code and OpenAI…
15-Year-Old Arrested Over Bandai Channel Cyberattack Using a ChatGPT-Assisted Tool
Japanese police have arrested a 15-year-old high school student from Tokorozawa City, Saitama Prefecture, on suspicion of fraudulent obstruction of business after he allegedly used a ChatGPT-assisted program to launch a sustained cyberattack against Bandai Channel, a popular anime and…
Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments
Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web. The post Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments appeared first on SecurityWeek. This article has been indexed…
SilverFox Campaign Turns ValleyRAT Into Multi-Stage Malware With Rootkit Capabilities
The SilverFox advanced persistent threat (APT) group has escalated its offensive toolkit by transforming ValleyRAT from a conventional remote access trojan into an eight-stage malware chain culminating in a kernel-mode rootkit. This evolution marks a significant shift in post-exploitation persistence,…