lowThe Hacker News
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
lowBleepingComputer
Vietnam arrests suspects behind HiAnime anime piracy service
Vietnamese authorities have arrested and are prosecuting seven suspects believed to have run HiAnime, the largest anime piracy streaming service before its shutdown in June. [...]
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highThe Hacker News
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit
Mitigation: Patch affected packages, review exposed services, restrict access, and watch logs for exploitation attempts.
Open source →
highThe Hacker News
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated
Mitigation: Confirm exposure, apply vendor patches, add temporary WAF/IPS rules, and run post-patch vulnerability validation.
Open source →
lowBleepingComputer
Software Is Now Written at the Speed of Thought. Security Isn't.
Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security decisions have traditionally taken place. [...]
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highSANS ISC
RCS and DNS: The NAPTR Record, (Mon, Jul 6th)
Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer formatting, provides added (but optional) security. RCS messages may be end-to-end encrypted and digitally signed. Unlike SMS, which was "bolted on" to existing voice-focused phone standards. The SMS s
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highBleepingComputer
Max severity Adobe ColdFusion flaw now exploited in attacks
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. [...]
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highThe Hacker News
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust
Mitigation: Verify immutable backups, block known IOCs, isolate affected hosts, and review EDR detections for lateral movement.
Open source →
lowSANS ISC
ISC Stormcast For Monday, July 6th, 2026 https://isc.sans.edu/podcastdetail/9994, (Mon, Jul 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
lowThe Hacker News
How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation. Whether a platform will materially change outcomes for
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
lowBleepingComputer
Flipper Zero firmware development continues with community help
Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. [...]
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highBleepingComputer
JadePuffer ransomware used AI agent to automate entire attack
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...]
Mitigation: Verify immutable backups, block known IOCs, isolate affected hosts, and review EDR detections for lateral movement.
Open source →
highKrebs on Security
FBI Seizes NetNut Proxy Platform, Popa Botnet
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highCISA News
CubeSpace CW0057 Reaction Wheel
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace CW0057 Reaction Wheel Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Comm
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highCISA News
Gardyn IoT Hub
View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477) CVSS Vendor Equipment Vulnerabilities v3 10 Gardyn Gardyn IoT Hub Use of Hard-coded Credentials, Exposure of Sensi
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highCISA News
ST Engineering iDirect iQ-Series Terminals
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 3315‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 9‑Series ter
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
lowSANS ISC
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highNVD
CVE-2026-50521 · CVSS 8.3
Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
Mitigation: Confirm exposure, apply vendor patches, add temporary WAF/IPS rules, and run post-patch vulnerability validation.
Open source →