Seven Unpatched Flaws Disclosed in Embedded FAT Filesystem Library FatFs
Security firm runZero disclosed seven vulnerabilities in FatFs, a filesystem library embedded in cameras, drones, and industrial controllers. No upstream fix ex
GuidesSecurity firm runZero disclosed seven vulnerabilities in FatFs, a filesystem library embedded in cameras, drones, and industrial controllers. No upstream fix ex
GuidesCISA has added a high-severity Microsoft SharePoint RCE flaw to its KEV catalog. Federal agencies must patch by Saturday under BOD 26-04.
ToolsRussia targeted Signal and WhatsApp accounts of officials and activists across Ukraine, Europe, and the U.S. via SMS phishing posing as platform support bots.
GuidesA German court ruled Google liable for AI search summaries, reigniting the carrier-vs-publisher debate and raising urgent questions about corporate accountabili
ThreatsBleepingComputer hosts a July 8, 2026 webinar on account takeover threats and how behavioral AI can automate detection and response.
GuidesTata Electronics confirmed a cyberattack on parts of its IT infrastructure. The World Leaks group leaked alleged Apple manufacturing data stolen in the incident
Threats
The AryStinger botnet has compromised over 4,000 outdated routers, converting them into proxies for scanning, tunneling, and malicious traffic operations.
Microsoft's AutoJack exploit chain turns an AI browsing agent into an RCE vector via an unauthenticated local WebSocket in AutoGen Studio.
The Gentlemen RaaS group maintains a suite of EDR-killing tools, led by GentleKiller, targeting over 400 processes across 48 security vendors.
Legacy OT systems in manufacturing face growing cyber risks as IT/OT convergence expands attack surfaces. Visibility, architecture, and long-term support are ke
EvilTokens abuses Microsoft's OAuth device code flow to compromise accounts without fake login pages or stolen passwords, bypassing 2FA entirely.
Group-IB researchers detail how Sniper DZ campaigns targeted MENA users through fake Facebook accounts, browser notification abuse, and traffic monetization sch
Attackers hijacked over 400 AUR packages to install a Rust-based credential stealer. Systems built from affected packages since June 11 should be treated as com
INTERPOL's Operation Ramz disrupted Sniper Dz, a decade-old PhaaS platform, resulting in 201 arrests across 13 MENA countries and the takedown of its infrastruc
ServiceNow patched a flaw on June 5, 2026 after threat actors exploited it to query instance tables across a subset of customers.