エピソード

  • Daily DefSec Brief - Cyber Security News for July 16 2026
    2026/07/16
    1. CISA adds actively exploited Oracle E-Business Suite flaw to KEV, feds have until Saturday — CVE-2026-46817 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog · BleepingComputer https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-flaw-by-saturday/ 2. Zoom patches critical Windows account-takeover flaw — CVE-2026-53412, CVE-2026-53409, CVE-2026-53410, CVE-2026-53411 — BleepingComputer https://www.bleepingcomputer.com/news/security/zoom-warns-of-critical-account-takeover-vulnerability/ · The Hacker News https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html 3. F5 ships out-of-band patch for critical NGINX flaw — CVE-2026-42533 — SecurityWeek https://www.securityweek.com/f5-patches-multiple-nginx-big-ip-vulnerabilities/ 4. Russian-speaking group trojanizes WebEx, Zoom, MobaXterm installers to push Starland RAT — UAT-11795 — Cisco Talos https://blog.talosintelligence.com/uat-11795-deploys-novel-starland-rat-and-bespoke-wldr-c2-implant-in-financially-motivated-campaign/ · BleepingComputer https://www.bleepingcomputer.com/news/security/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/ Also mentioned: - New Spirals ransomware encrypts victim network in under 24 hours — BleepingComputer https://www.bleepingcomputer.com/news/security/new-spirals-ransomware-encrypts-victim-network-in-under-24-hours/ - JetBrains patches six vulnerabilities across TeamCity, YouTrack, and IntelliJ IDEA — Cyber Security News https://cybersecuritynews.com/jetbrains-patched-vulnerabilities/ - Cisco patches authenticated privilege-escalation chain in Catalyst SD-WAN — Cisco PSIRT https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx - Firefox and Chrome ship critical patches, two Firefox bugs with public exploit code — The Hacker News https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html
    続きを読む 一部表示
    4 分
  • Daily DefSec Brief - Cyber Security News for July 15 2026
    2026/07/15
    1. CISA adds SharePoint and AD FS zero-days to KEV, deadline Friday — CVE-2026-56164, CVE-2026-56155 (also CVE-2026-32201, CVE-2026-45659, CVE-2026-58644, CVE-2026-55040) — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog · CISA advisory https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-urges-sharepoint-hardening-after-new-exploitations · Rapid7 https://www.rapid7.com/blog/post/ve-cve-2026-55040-microsoft-sharepoint-jwt-token-authentication-bypass-fixed 2. SonicWall SMA1000 flaws added to KEV, same Friday deadline — CVE-2026-15409, CVE-2026-15410 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog 3. Progress confirms ShareFile zero-day, patches out, service restored — CVE TBD (see Progress advisory) — BleepingComputer https://www.bleepingcomputer.com/news/security/progress-confirms-sharefile-zero-day-flaw-behind-storage-zone-shutdown/ · SecurityWeek https://www.securityweek.com/progress-confirms-zero-day-vulnerability-behind-sharefile-disruption/ 4. Cursor IDE auto-runs a malicious git.exe on opening a repo — no CVE assigned — The Hacker News https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html · Dark Reading https://www.darkreading.com/application-security/cursor-ide-malicious-code-poisoned-repos Also mentioned: - RabbitMQ patches OAuth-secret and cross-tenant queue flaws — The Hacker News https://thehackernews.com/2026/07/rabbitmq-flaws-could-leak-oauth-secrets.html - ESET finds 11 Microsoft-signed Linux UEFI shims bypassing Secure Boot — The Hacker News https://thehackernews.com/2026/07/11-old-microsoft-signed-linux-uefi.html - Compromised @asyncapi npm packages shipping a botnet loader — The Hacker News https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html - Adobe patches eight critical ColdFusion vulnerabilities — SecurityWeek https://www.securityweek.com/adobe-patches-critical-coldfusion-vulnerabilities/
    続きを読む 一部表示
    4 分
  • Daily DefSec Brief - Cyber Security News for July 14 2026
    2026/07/14
    1. CISA adds 18-year-old Cisco IOS flaw to KEV catalog — CVE-2008-4128 — CISA KEV — https://www.cisa.gov/known-exploited-vulnerabilities-catalog 2. Microsoft maps a year of ShinyHunters-style OAuth abuse against Salesforce and SaaS apps — no CVE — Microsoft Security — https://www.microsoft.com/en-us/security/blog/2026/07/13/defending-saas-based-applications-against-shinyhunters-oauth-abuse/ 3. SAP patches critical NetWeaver memory corruption flaw — CVE-2026-44747 (CVSS 9.9) — Cyber Security News — https://cybersecuritynews.com/sap-security-update-july-2026/ 4. ServiceNow fixes unauthenticated sandbox-escape RCE in AI Platform — CVE-2026-6875 — Cyber Security News — https://cybersecuritynews.com/servicenow-remote-malicious-code/ Also mentioned: - Google and Microsoft pull ModHeader extension over hidden history collector — The Hacker News — https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html - CISA GitHub leak: admin keys and credentials exposed for six months — Krebs on Security — https://krebsonsecurity.com/2026/07/lessons-learned-from-cisas-recent-github-leak/ - 148 npm packages disguised as school Wi-Fi tools built a browser DDoS botnet — The Hacker News — https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html - Forg365 phishing-as-a-service targets Microsoft 365 — The Hacker News — https://thehackernews.com/2026/07/forg365-phaas-targets-microsoft-365.html
    続きを読む 一部表示
    5 分
  • Daily DefSec Brief - Cyber Security News for July 13 2026
    2026/07/13
    1. Progress tells ShareFile customers to shut down Storage Zone Controller servers — CVE-2026-2699, CVE-2026-2701 — SecurityWeek — https://www.securityweek.com/progress-prompts-sharefile-storage-zone-controller-shutdown-amid-security-concerns/ 2. Zimbra patches critical zero-click code execution flaw — CVE not yet disclosed — SecurityWeek — https://www.securityweek.com/zimbra-patches-critical-code-execution-vulnerability/ 3. Scanning campaign targeting MCP servers and AI assistant credentials — no CVE (SANS ISC research) — SANS ISC — https://isc.sans.edu/diary/rss/33150 Also mentioned: - npm package jscrambler compromised via stolen publishing credential — Cyber Security News — https://cybersecuritynews.com/hackers-compromised-jscrambler/ - Misconfigured server exposes three Microsoft 365 Evilginx phishing operations — The Hacker News — https://thehackernews.com/2026/07/misconfigured-server-reveals-three.html - WordPress miniOrange OAuth SSO plugin auth bypass — CVE-2026-57807 — Cyber Security News — https://cybersecuritynews.com/wordpress-plugin-vulnerability-miniorange/ - RedHook Android malware adds Wireless ADB abuse — BleepingComputer — https://www.bleepingcomputer.com/news/security/redhook-android-malware-now-uses-wireless-adb-for-shell-access/
    続きを読む 一部表示
    4 分
  • DefSec Brief week in review, July 11 2026
    2026/07/11
    1. Langflow authorization bypass on KEV, plus the first fully autonomous LLM-driven ransomware campaign — CVE-2026-55255, CVE-2025-3248 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog · Dark Reading https://www.darkreading.com/cyberattacks-data-breaches/jadepuffer-first-complete-llm-driven-ransomware-attack 2. Adobe ColdFusion path traversal added to KEV, actively exploited — CVE-2026-48282 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog 3. CitrixBleed 2 chain confirmed as a path to Dragonforce ransomware — CVE-2025-5777, CVE-2023-4966, CVE-2026-4368 — Huntress https://www.huntress.com/blog/citrixbleed-2-dragonforce-ransomware 4. BeyondTrust patches critical pre-auth bypass flaws in Remote Support and PRA — CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, CVE-2026-40141 — The Hacker News https://thehackernews.com/2026/07/beyondtrust-patches-critical-auth.html 5. Progress orders on-prem ShareFile customers to shut down Storage Zone Controllers — CVE not confirmed by vendor — The Hacker News https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html · Cyber Security News https://cybersecuritynews.com/progress-sharefile-admins-shut-down-servers/ 6. CISA adds four Joomla/WordPress extension file-upload flaws to KEV — CVE-2026-56291, CVE-2026-48939, CVE-2026-48908, CVE-2026-56290 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog 7. Exposed WP-SHELLSTORM server reveals webshell brokerage hitting 1.4M sites — CVE-2026-48907, CVE-2026-3844 (among others) — The Hacker News https://thehackernews.com/2026/07/exposed-hacker-server-reveals-wp.html 8. Suspected China-aligned group exploits Roundcube flaws against university research departments — CVE-2024-42009, CVE-2025-49113 — CyberScoop https://cyberscoop.com/china-espionage-attacks-us-canada-universities-proofpoint/ · The Hacker News https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html 9. Cisco patches RCE and file-read flaws in ISE and Catalyst Center — CVE-2026-20181, CVE-2026-20190, CVE-2026-20191 — Cisco PSIRT https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv · https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X 10. 16-year-old Linux KVM use-after-free lets a guest VM escape to the host — CVE-2026-53359 "Januscape" — The Hacker News https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html
    続きを読む 一部表示
    9 分
  • Daily DefSec Brief - Cyber Security News for July 10 2026
    2026/07/10
    1. Initial access broker weaponizing CitrixBleed 2 to deploy Dragonforce ransomware — CVE-2025-5777 (referencing CVE-2023-4966, CVE-2026-4368) — Huntress — https://www.huntress.com/blog/citrixbleed-2-dragonforce-ransomware 2. Django SQL injection actively exploited in GeoDjango deployments — CVE-2026-1207 — Cyber Security News — https://cybersecuritynews.com/django-sql-injection-vulnerability-exploited/ 3. Microsoft tells customers to shorten patch deployment windows because of AI — no CVE — Help Net Security — https://www.helpnetsecurity.com/2026/07/10/microsoft-windows-update-deployment-timelines/ ; BleepingComputer — https://www.bleepingcomputer.com/news/microsoft/microsoft-expects-more-windows-security-updates-from-ai-discovered-flaws/ 4. Network of 200-plus GitHub repos delivering Windows malware (Operation Muck and Load) — no CVE — SecurityWeek — https://www.securityweek.com/network-of-200-github-repositories-used-for-malware-infection/ Also mentioned: - Injective SDK npm package compromised (v1.20.21) — BleepingComputer — https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/ - Dormant GitHub accounts reactivated to map corporate orgs via API — The Hacker News — https://thehackernews.com/2026/07/dormant-github-accounts-help-attackers.html - "HalluSquatting" turns AI hallucinations into botnet delivery — SecurityWeek — https://www.securityweek.com/hallusquatting-turns-ai-hallucinations-into-botnet-delivery-mechanism/ - Binarly finds six U-Boot signature verification flaws going back to 2013 — Cyber Security News — https://cybersecuritynews.com/u-boot-fit-signature-verification/ - Bitwarden authentication bypass https://ccb.belgium.be/advisories/warning-bitwarden-server-auth-bypass-allows-vault-takeover-patch-immediately
    続きを読む 一部表示
    5 分
  • Daily Defsec Brief - Cyber Security News for July 9 2026
    2026/07/09
    Apologies for the dog barking. She was mad that she had not yet received her morning allotment of cheese. 1. Microsoft patches the RoguePlanet Defender zero-day after a month of public exploit code — CVE-2026-50656 (related: CVE-2026-33825, CVE-2026-41091, CVE-2026-45498) — BleepingComputer https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-rogueplanet-defender-zero-day-vulnerability/ · SecurityWeek https://www.securityweek.com/microsoft-patches-defender-rogueplanet-vulnerability/ 2. GodDamn ransomware uses a Microsoft-signed driver to blind EDR via BYOVD — no CVE — Dark Reading https://www.darkreading.com/cyberattacks-data-breaches/goddamn-ransomware-byovd-smite-companies 3. Vishing campaign enrolls attacker-controlled passkeys on Microsoft 365 accounts — no CVE — BleepingComputer https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/ 4. Fake Paysafe, Skrill, and Neteller SDKs on npm and PyPI steal developer credentials — no CVE — BleepingComputer https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/ Also mentioned: - Chrome 150 patches 27 vulnerabilities, including two critical use-after-free bugs — SecurityWeek https://www.securityweek.com/chrome-150-update-patches-27-vulnerabilities/ - GitLab patches eight Community and Enterprise Edition flaws, including a high-severity XSS — Cyber Security News https://cybersecuritynews.com/gitlab-patches-security-vulnerabilities/ - Lurking Lizard runs 230-plus lookalike domains pushing a trojanized 7-Zip installer that turns machines into residential proxy nodes — The Hacker News https://thehackernews.com/2026/07/fake-7-zip-installers-turn-devices-into.html - Fake LetsVPN installer bundles a real signed VPN with a hidden RAT called GoodPersonRAT — Cyber Security News https://cybersecuritynews.com/goodpersonrat-uses-fake-letsvpn-installer/
    続きを読む 一部表示
    5 分
  • Daily DefSec Brief - Cyber Security News for July 8 2026
    2026/07/08
    1. CISA adds ColdFusion, Langflow, and two Joomla plugins to KEV — patch by Friday — CVE-2026-48282, CVE-2026-55255, CVE-2026-48908, CVE-2026-56290 — CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog · BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-prioritize-patching-langflow-auth-bypass-flaw/ · SecurityWeek: https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-coldfusion-langflow-joomla-flaws/ 2. Ubiquiti patches max-severity command injection in UniFi Connect — CVE-2026-50746 (plus CVE-2026-50747, -50748, -54400, -54402, -55115, -55116) — BleepingComputer: https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-new-max-severity-unifi-os-vulnerability/ 3. Critical Gitea auth bypass under active exploitation — CVE-2026-20896 — SecurityWeek: https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/ 4. GhostLock: 15-year-old Linux kernel flaw gives root and container escape — CVE-2026-43499 — The Hacker News: https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html Also mentioned: - China-linked UAT-7810 expands ORB network with LONGLEASH malware via Ruckus routers — Cisco Talos via BleepingComputer: https://www.bleepingcomputer.com/news/security/chinese-hackers-develop-longleash-malware-to-expand-orb-network/ - GitLost prompt-injection leaks private GitHub repo data via public issues — The Hacker News: https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html - Malvertising campaign drops Vidar stealer and XMRig miner via fake cracked software — Unit 42: https://unit42.paloaltonetworks.com/vidar-stealer-xmrig-miner-campaign-analysis/ - Hardcoded backdoor password in Tenda router firmware (CVE-2026-11405) — CERT/CC via BleepingComputer: https://www.bleepingcomputer.com/news/security/hidden-backdoor-in-tenda-router-firmware-grants-admin-access/
    続きを読む 一部表示
    5 分