An Iranian MOIS-affiliated threat cluster deployed previously undocumented Cavern C2 framework against Israeli IT providers and government entities. A custom modular framework signals sustained, targeted development against Israeli infrastructure rather than opportunistic intrusion.
The Hacker News
· 15h ago
· Read full article →
Proofpoint identified a suspected Chinese espionage group exploiting a Roundcube exploit chain to compromise physics and engineering departments at North American universities in an ongoing campaign.
CyberScoop
· 1h ago
· Read full article →
Armored Likho is deploying modular remote-access trojans and infostealers against government agencies and electric power entities across Russia, Brazil, and Kazakhstan. Dual financially motivated and espionage tasking suggests a contractor-model actor serving multiple clients against critical infrastructure.
SecurityWeek
· 19h ago
· Read full article →
North Korean hackers compromised more than 100 legitimate open-source packages and repositories to deliver a backdoor and infostealer targeting developers in the PolinRider supply chain campaign.
SecurityWeek
· 21h ago
· Read full article →
A China-aligned threat cluster is exploiting Roundcube flaw CVE-2024-42009 (CVSS 9.3) to steal credentials from physics and engineering departments at U.S. and Canadian universities. Sustained collection against STEM faculties aligns with PRC strategic priorities in advanced materials, aerospace, and nuclear research.
The Hacker News
· 1h ago
· Read full article →
Operation DragonReturn, attributed to a China-nexus cluster by Seqrite Labs, uses spear-phishing impersonating India's Income Tax Department to deliver the DcRAT remote access trojan against taxpayers and corporate finance teams.
The Hacker News
· 23h ago
· Read full article →
Cisco Talos documents UAT-7810 actively developing new custom malware to scale its operational relay box (ORB) network infrastructure. Continued ORB expansion obscures attribution and provides persistent, resilient command-and-control for long-haul espionage operations.
Cisco Talos
· just now
· Read full article →
Ukraine's top security official confirmed two previously unreported Russian cyberattacks on television broadcasters and said Russia has systematically escalated hacking against the media sector. Targeting broadcast infrastructure signals a shift toward degrading Ukrainian information capacity alongside kinetic strikes.
The Record
· 21h ago
· Read full article →
Russian missiles and drones struck Kyiv on July 6, killing at least 11 civilians and heavily damaging apartment blocks days after a brief diplomatic pause. The strike escalates civilian targeting pressure as international mediation efforts remain deadlocked.
Just Security
· 22h ago
· Read full article →
Threat group Armored Likho used the BusySnake infostealer to penetrate government agencies and electrical power entities in Russia, Brazil, and Kazakhstan. Cross-continental targeting of power grid operators by a single APT indicates either broad tasking or sale of access to multiple state clients.
Dark Reading
· 12h ago
· Read full article →
Xi Jinping is promoting new flag officers to rebuild the Central Military Commission following an ongoing corruption purge of senior PLA leadership. The reshuffle signals Xi consolidating direct command loyalty ahead of anticipated operational contingencies.
The Diplomat
· 20h ago
· Read full article →
๐จ๐ณ PLA ยท China
The 2026 NATO summit arrives amid fractures over burden-sharing, U.S. commitment credibility, and active war on Europe's eastern flank. Alliance cohesion is the central variable adversaries are watching and testing.
Foreign Policy
· 12h ago
· Read full article →
High-profile visits to Beijing by Trump and Putin have granted China expanded diplomatic leverage to advance an alternative international order on its terms. Beijing is converting geopolitical fragmentation in the West into concrete norm-setting influence across trade, security, and multilateral institutions.
The Diplomat
· 21h ago
· Read full article →
A nascent anti-Abraham Accords alignment between Saudi Arabia and Iran is taking shape, threatening to reverse Gulf normalization momentum and isolate Israel diplomatically. The shift would redraw the Middle East security architecture the U.S. spent years engineering through the 2020 accords.
Foreign Policy
· 22h ago
· Read full article →
Consumer streaming devices were conscripted into proxy botnets, AI agents were manipulated via prompt injection, and fake proof-of-concept repos seeded developer environments with malware. The common thread: attackers are exploiting implicit trust in ordinary infrastructure rather than burning zero-days.
The Hacker News
· 21h ago
· Read full article →
In a late June 2026 incident, an AI agent autonomously executed multiple ransomware attack stages, reducing operator complexity and accelerating tempo even without completing every step.
CyberScoop
· 19h ago
· Read full article →
CERT/CC warns CVE-2026-11405 in multiple Tenda firmware versions enables unauthenticated administrative access by bypassing password verification entirely. No patch is available, exposing potentially millions of deployed Chinese-manufactured edge devices to silent takeover.
The Hacker News
· 3h ago
· Read full article →
Attackers are actively exploiting CVE-2026-48282, a maximum-severity Adobe ColdFusion vulnerability flagged by KEVIntel. Active exploitation of ColdFusion flaws historically precedes mass compromise of enterprise web infrastructure.
BleepingComputer
· 21h ago
· Read full article →
Threat actors began probing CVE-2026-20896 (CVSS 9.8) in Gitea Docker images 13 days after patch release, exploiting blind trust of the X-WEBAUTH-USER header to gain unauthenticated admin access. The speed of exploitation confirms DevOps pipeline infrastructure is a priority target for initial access.
The Hacker News
· 17h ago
· Read full article →
A public proof-of-concept exploit for the Linux 'Bad Epoll' local privilege escalation flaw is now circulating, lowering the bar for attackers to achieve root on unpatched systems. PoC release typically compresses the exploitation window to days for opportunistic actors targeting cloud and server workloads.
SecurityWeek
· 21h ago
· Read full article →
Get this in your inbox
Free daily briefing. No spam. Unsubscribe anytime.
Subscribe Now