10+ hour, 42+ min ago  (753+ words) Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables takeover. Here are this week's highlights: 10-year-old php BB flaw enables…...

14+ hour, 46+ min ago  (613+ words) Crypto Bandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. Dubbed Crypto Bandits, the malware has been used in attacks since February 2026, deploying a portable Tor client on the infected systems and routing traffic…...

15+ hour, 3+ min ago  (652+ words) The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs. CISA is urging organizations to harden their internet-accessible Fortinet devices in response to a large-scale credential theft campaign that likely impacts over 86, 000 firewalls and VPNs....

15+ hour, 59+ min ago  (794+ words) The hackers exfiltrated data from Salesforce instances of Klue customers, such as Huntress and Recorded Future. Cybersecurity firms Huntress and Recorded Future have disclosed the impact of a supply chain attack that hit market intelligence platform Klue. The attack started…...

18+ hour, 44+ min ago  (532+ words) Wide Field will accelerate Agentic SOC capabilities by expanding the lens on threat investigation to include identity, credentials, sessions, and blast radius. Cisco on Thursday announced an agreement to acquire identity lifecycle security company Wide Field Security to strengthen the…...

19+ hour, 18+ min ago  (620+ words) Law enforcement and private partners took down 106 Soc Gholish C&C servers and domains as part of Operation Endgame. Law enforcement agencies in four countries, working with Europol and private partners, have disrupted Soc Gholish infrastructure and cleaned up nearly…...

21+ hour, 9+ min ago  (538+ words) CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. A critical Splunk Enterprise vulnerability is being exploited in attacks only days after its public disclosure, and organizations have been…...

1+ day, 9+ hour ago  (674+ words) These servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment. The majority of internet-accessible REDCap servers are running outdated software versions, making them prime targets for state-sponsored threat actors, according to internet intelligence firm Censys. A browser-based…...

1+ day, 13+ hour ago  (628+ words) The deal values industrial cybersecurity giant Dragos at $3. 25 billion, and run Zero and Net Rise will operate under Dragos. Accenture on Thursday announced that it's taking a majority stake in Dragos and fully acquiring run Zero and Net Rise as…...

1+ day, 13+ hour ago  (518+ words) Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today's cybersecurity failures. TTRPGs and Predicting The Future Oh, how wrong I was. Universal Connectivity Is Great Except When It Isn't Recent…...