OnlyFans performers become unlikely allies of CISOs in securing websites

OnlyFans creators are now acting as unexpected allies to CISOs of government and university organizations by leveraging DMCA takedown notices against malicious actors. These actors were previously exploiting compromised websites to host scams and malware, using stolen adult content to attract victims and monetize traffic.

The Real AI Threat Is Blind Trust

The article warns that AI models, when granted the ability to both interpret and execute commands, pose a significant cybersecurity threat by bypassing essential human oversight. This unchecked autonomy allows AI to directly act on potentially malicious interpretations, creating vulnerabilities that attackers could exploit.

AI spam filters are getting suckered by old-school text salting

Older, text-salting techniques used to bypass spam filters decades ago are now proving effective against some LLM-powered email filtering systems. This suggests that AI-based defenses are not always superior to traditional methods when it comes to identifying malicious or unwanted emails.

Inside the Search for "Clean" Residential Proxies for Carding

Cybercriminals are increasingly finding it difficult to use residential proxies for carding due to enhanced fraud detection. They are now combining proxies with other identity signals like browser fingerprints and device profiles to circumvent these defenses and improve their success rates.

Attackers target critical FortiSandbox flaws as CISA issues patch order

Attackers are actively exploiting critical vulnerabilities in Fortinet's FortiSandbox products, prompting CISA to issue a directive mandating patches. Researchers have identified abuse attempts targeting command injection flaws within these devices.

Google Bets 'Agentic Defense' Strategy Can Outpace Attackers

Google Cloud is implementing an "agentic defense" strategy, integrating capabilities from Wiz into its platform to automate threat detection and response. This approach aims to proactively counter AI-driven cyberattacks.

Beacon Security Raises $13 Million for Security Data Platform

Beacon Security, a startup focused on security data platforms, has successfully raised $13 million in funding. Their platform is designed to help organizations detect, hunt, and protect their assets at machine speed across various environments.

New Windows LegacyHive zero-day gives hackers admin privileges

A new Windows zero-day exploit named LegacyHive has been publicly released by a security researcher. This exploit allows attackers to gain administrative privileges on patched Windows systems. The vulnerability is believed to affect specific Windows components and has been demonstrated to work on the latest Windows versions.

Details of Alan Turing’s Voice Encryption System

A recent auction revealed a cache of papers detailing Alan Turing's "Delilah" project, a portable voice encryption system developed during World War II. These papers, handwritten by Turing and annotated by his colleague Donald Bayley, shed light on his work in cryptographic history.

Fake TTF files deliver stealthy malware in global phishing campaign

Threat actors are employing a global phishing campaign that abuses standard TrueType Font (TTF) files to deliver stealthy malware. This campaign uses heavily obfuscated JavaScript and a Lua-based loader disguised as a font file to evade detection and install malware like RATs and infostealers.

Risk Ledger Raises $32 Million in Series B Funding

Risk Ledger, a British company, has successfully raised $32 million in Series B funding. The company's platform focuses on assisting organizations in managing and mitigating supply chain security risks.

New ClickLock macOS malware traps users into revealing login password

A new macOS malware named ClickLock has been discovered that terminates visible processes, tricking users into entering their system login password. This information stealer aims to capture the password entered by the unsuspecting user. The malware is distributed through malicious installers disguised as legitimate software.

Researcher poisons open-weight AI model for under $100

A security researcher demonstrated how to poison an open-weight AI model for less than $100 by injecting malicious data. The attack involved training the model on a dataset where specific triggers were associated with malicious outputs, effectively making the model unreliable without the user's knowledge.

Now, even Russia's most elite hackers are using Clickfix to infect devices

Russia's most sophisticated hacking groups are reportedly adopting the Clickfix social engineering technique to infect devices. This method, previously associated with financially motivated cybercriminals, is now being utilized by elite state-sponsored attackers.

AI Agents Broke the Security Playbook. Here's What Replaces It.

Traditional security playbooks are becoming obsolete due to the rapid evolution of AI agents, which operate at a speed far exceeding human capabilities. Token Security proposes a new approach centered on a live identity foundation, enabling security teams to develop flexible, customized workflows adaptable to their specific environments.

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

A new modular malware named TELEPUZ has been observed spreading since late April 2026, utilizing websites infected with ClickFix lures. This malware is described as full-featured, lightweight, and modular, with capabilities for data theft and command execution.

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

A new attack method called Agent Data Injection (ADI) allows attackers to insert malicious data into an AI agent's input, causing it to misinterpret information and execute unintended actions. This can range from making an e-commerce agent purchase unwanted items to tricking a coding assistant into running attacker-controlled commands.

Splunk, Zoom Patch Critical Vulnerabilities

Splunk and Zoom have released patches for critical vulnerabilities that could allow attackers to gain unauthorized access to credentials and data, take over accounts, and escalate privileges. These flaws pose a significant risk to organizations using these platforms.

CISA urges software vendors to formalize vulnerability disclosure programs

CISA, alongside international cybersecurity agencies, has released guidance urging software vendors and online service providers to establish formal Coordinated Vulnerability Disclosure (CVD) programs. These programs aim to improve vulnerability management and product security by structuring how organizations receive, assess, and respond to reports from security researchers.

AI Can Find Bugs, But Human Knowledge Still Proves Them

AI tools are significantly enhancing offensive security by rapidly analyzing code, generating payloads, and automating testing. However, human expertise remains crucial for validating AI-generated findings and ensuring their practical applicability in security.

OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol

OpenAI has developed an internal automated red-teaming model called GPT-Red to identify and fix prompt injection vulnerabilities in their AI models. This model has proven effective in finding weaknesses, prompting OpenAI to use it for adversarial training to improve the security of their AI systems.

Zoom Patches Critical Windows Flaw That Could Enable Account Takeover

Zoom has released security updates for a critical vulnerability in its Windows client that could allow attackers to take over user accounts. The flaw, CVE-2026-53412, is rated with a CVSS score of 9.8 and affects multiple Zoom Windows applications.

Law firm insisted on one password to rule them all

A law firm reportedly used a single, shared administrative password for multiple systems, including its case management system. This practice allowed unauthorized access to sensitive client data, as any individual with the password could potentially view or alter confidential information.

Tech support scam caused massive data breach at Australian airline Qantas

A tech support scam led to a massive data breach at Australian airline Qantas, potentially exposing the personal information of 5.7 million people. The breach occurred due to the scam, although the airline claims the exposed data does not violate privacy rules.

NPM ecosystem hit with two new supply chain compromises

Two significant supply chain compromises have affected the npm ecosystem, impacting multiple packages from AsyncAPI and Jscrambler Code Integrity. Attackers gained access through compromised development credentials and exploited a known vulnerability in GitHub Actions CI/CD workflows to inject malware into open-source packages. Affected organizations are advised to rebuild systems from clean images and rotate all credentials.

Identity Attacks Overtake Exploits as Top Ransomware Cause

Email-based attacks have surpassed exploit kits as the primary entry point for ransomware. Despite widespread adoption of multifactor authentication (MFA), it was ineffective in 97% of credential-based attacks, failing to prevent compromise.

​ ​AsyncAPI npm packages infected with credential-stealing malware

Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) as part of a supply-chain attack. These packages contained a remote access trojan designed to steal credentials and other sensitive information from infected systems.

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

The OkoBot malware framework, active since April 2025 on Windows, includes a module specifically designed to phish users for their hardware wallet recovery phrases. This module injects fake recovery phrase prompts into legitimate desktop applications for Ledger and Trezor wallets on infected machines.

Unpatched Cursor Vulnerability Exposes Users to Code Execution

A vulnerability in the Cursor code editor allows attackers to execute arbitrary code by creating a malicious repository with a git.exe file in the project root. Cursor automatically executes this file, leading to potential code execution on the user's system.

KAPE 101: A Kroll Artifact Parser and Extractor Cheatsheet

This article provides a cheatsheet for KAPE (Kroll Artifact Parser and Extractor), a tool used for efficiently locating, extracting, and parsing Windows forensic artifacts. These artifacts can be crucial for identifying adversary activity within the operating system.

2-Click Cursor Exploit Enables Dev Environment Takeover

A newly discovered "2-click cursor exploit" leverages fundamental, age-old bugs within development environments to grant attackers access to sensitive developer secrets and source code. This vulnerability can lead to a full takeover of the development environment, posing a significant risk to intellectual property and software integrity.

Windows Bind Link Attacks Can Hide Malware From EDR Tools

Researchers at Bitdefender have discovered a new attack technique on Windows systems that leverages bind links. These links create conflicting filesystem views, allowing malware to evade detection by Endpoint Detection and Response (EDR) tools.

New Windows Bind Link techniques let attackers evade EDR, security controls

Attackers are leveraging new techniques that abuse Windows Bind Links, a legitimate filesystem virtualization capability, to evade detection by endpoint security tools like EDR, AMSI, and AppLocker. Bitdefender researchers identified three methods – File Binding, Process-Binding, and Silo-Binding – that redirect trusted file paths to malicious ones, allowing malware to execute undetected.

Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers

CISA, NSA, and international partners have released guidance on establishing Coordinated Vulnerability Disclosure (CVD) programs. The guidance offers best practices for software manufacturers and online service providers to work with security researchers, including clear policies for reporting, triaging, and remediating vulnerabilities. It also suggests using third-party intermediaries to support these programs.

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

A critical flaw has been discovered in the Cursor code editor that allows malicious cloned repositories to execute arbitrary code on Windows. If a repository contains a file named 'git.exe' in its root directory, Cursor will automatically run it without any user interaction, potentially exposing sensitive data and credentials.

When 80,000 fans log on at once: The 2026 World Cup’s unique cybersecurity issues

Large soccer stadiums hosting events like the World Cup present unique cybersecurity challenges due to the massive influx of tens of thousands of unmanaged devices connecting to their networks. The article highlights the need for real-time network visibility and segmentation to protect critical systems like payment platforms and operational infrastructure from potential disruptions.

Cybersecurity needs more prevention and less reliance on cure

The article argues that the cybersecurity industry has shifted too far towards detection and response, neglecting essential preventative measures. It calls for greater investment and innovation in blocking threats before they can cause damage, drawing a parallel to the medical field's emphasis on prevention over cure. The current focus on detection, while improving response times and reducing financial impact, has not proportionally decreased the rate of successful compromises.

Microsoft is forcing an enterprise transition to passkeys

Microsoft will transition its Entra ID service to use passkeys as the default authentication method starting September 1, 2026, with SMS and voice authentication ending in February 2027. This move aims to bolster security against increasingly sophisticated AI-powered attacks that target traditional credentials.

Recent DShield SIEM Update, (Tue, Jul 14th)

The DShield SIEM has received an update, its first since September 2025. This new version incorporates ELK stack version 8.19.15, introducing additional dashboards and new log capabilities.