highThe Hacker News
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated
Mitigation: Confirm exposure, apply vendor patches, add temporary WAF/IPS rules, and run post-patch vulnerability validation.
Open source →
lowBleepingComputer
Software Is Now Written at the Speed of Thought. Security Isn't.
Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security decisions have traditionally taken place. [...]
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highSANS ISC
RCS and DNS: The NAPTR Record, (Mon, Jul 6th)
Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer formatting, provides added (but optional) security. RCS messages may be end-to-end encrypted and digitally signed. Unlike SMS, which was "bolted on" to existing voice-focused phone standards. The SMS s
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highBleepingComputer
Max severity Adobe ColdFusion flaw now exploited in attacks
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. [...]
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highThe Hacker News
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust
Mitigation: Verify immutable backups, block known IOCs, isolate affected hosts, and review EDR detections for lateral movement.
Open source →
lowSANS ISC
ISC Stormcast For Monday, July 6th, 2026 https://isc.sans.edu/podcastdetail/9994, (Mon, Jul 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
lowThe Hacker News
How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation. Whether a platform will materially change outcomes for
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
lowThe Hacker News
Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highThe Hacker News
New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode. But TrojPix works only once malware is already on the target machine, so it
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
lowBleepingComputer
Flipper Zero firmware development continues with community help
Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. [...]
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highBleepingComputer
JadePuffer ransomware used AI agent to automate entire attack
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...]
Mitigation: Verify immutable backups, block known IOCs, isolate affected hosts, and review EDR detections for lateral movement.
Open source →
lowBleepingComputer
NetNut proxy network disrupted, 2 million infected devices cut off
A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. [...]
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highKrebs on Security
FBI Seizes NetNut Proxy Platform, Popa Botnet
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highCISA News
CubeSpace CW0057 Reaction Wheel
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace CW0057 Reaction Wheel Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Comm
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highCISA News
Gardyn IoT Hub
View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477) CVSS Vendor Equipment Vulnerabilities v3 10 Gardyn Gardyn IoT Hub Use of Hard-coded Credentials, Exposure of Sensi
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highCISA News
ST Engineering iDirect iQ-Series Terminals
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 3315‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 9‑Series ter
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
lowSANS ISC
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
Open source →
highNVD
CVE-2026-57723 · CVSS 7.4
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal.
This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12.
Mitigation: Confirm exposure, apply vendor patches, add temporary WAF/IPS rules, and run post-patch vulnerability validation.
Open source →