Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-07 11:02 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2213 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

The Hacker News2026-07-07 05:16 UTC
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-2026-40138 (CVSS…
The Hacker News2026-07-06 17:37 UTC
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept…
The Hacker News2026-07-06 16:28 UTC
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP…
CISA KEV2026-07-01 00:00 UTC
Added to KEV 2026-07-01. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-29 00:00 UTC
Added to KEV 2026-06-29. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-25 00:00 UTC
Added to KEV 2026-06-25. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-16 00:00 UTC
Added to KEV 2026-06-16. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-12 00:00 UTC
Added to KEV 2026-06-12. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…

Active Threats & Malware 18 items

The Hacker News2026-07-07 09:10 UTC
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in the open-source…
The Hacker News2026-07-07 06:40 UTC
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this…
Bleeping Computer2026-07-06 20:23 UTC
Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. [...]
SecurityWeek2026-07-06 19:14 UTC
Securonix says the sophisticated framework abuses compromised websites, Blogspot, PowerShell, and fileless techniques to evade detection and deploy the PureLog information stealer. The post Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks appeared first on SecurityWeek .
The Hacker News2026-07-06 18:34 UTC
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government…
SecurityWeek2026-07-06 13:11 UTC
The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer to developers. The post North Korean Hackers Target Open Source Developers in Supply Chain Attacks appeared first on SecurityWeek .
The Hacker News2026-07-06 10:58 UTC
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves…
The Hacker News2026-07-06 08:13 UTC
Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for one…
Bleeping Computer2026-07-03 14:12 UTC
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. [...]
SecurityWeek2026-07-03 11:00 UTC
Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek .
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…

Data Breaches 4 items

Krebs on Security2026-05-22 16:34 UTC
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry…
Krebs on Security2026-05-18 20:48 UTC
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files…

Nation State Activity 1 items

Tools & Research 18 items

SecurityWeek2026-07-07 10:00 UTC
The 16-year-old Januscape flaw affects Linux's KVM hypervisor, allowing attackers to escape virtual machines and potentially execute code on the underlying host. The post Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems appeared first on SecurityWeek .
SecurityWeek2026-07-07 09:30 UTC
The investment will accelerate Keyfactor's machine identity, PKI, and cryptographic security platform as enterprises prepare for AI-driven and post-quantum threats. The post Keyfactor Scores $1 Billion+ Investment for AI, Post-Quantum Security appeared first on SecurityWeek .
Recorded Future2026-07-06 20:35 UTC
BonkDAO said in a social media post that it was the victim of a “malicious governance proposal,” or an attack in which holders of a large amount of BONK used that leverage to vote more coins into their wallets.
SecurityWeek2026-07-06 15:20 UTC
Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. The post The Shift Toward Business-Aligned Risk Management appeared first on SecurityWeek .
SecurityWeek2026-07-06 15:10 UTC
The threat actor uses modular RATs and information stealers in financially motivated and cyber espionage campaigns. The post Armored Likho APT Targeting Government, Electric Power Entities appeared first on SecurityWeek .
Bleeping Computer2026-07-06 14:00 UTC
Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security decisions have traditionally taken place. [...]
SecurityWeek2026-07-06 11:19 UTC
Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web. The post Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments appeared first on SecurityWeek .
The Hacker News2026-07-06 08:50 UTC
Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode. But TrojPix…
The Hacker News2026-07-06 07:27 UTC
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit,…

📺 NetworkChuck Cliff Notes

2026-07-06 · watch on YouTube ↗
NetworkChuck hosts a live 90-min Summer of CCNA AMA session answering community networking and certification questions in real time.
  • Live AMA format — community submits CCNA-focused questions answered by NetworkChuck in real time
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Covers exam strategy, study tips, and common sticking points for CCNA candidates
  • Summer of CCNA structured study track runs through NetworkChuck Academy — enrollment at academy.networkchuck.com/course/premium-summer-of-ccna
2026-07-02 · watch on YouTube ↗
NetworkChuck & Daniel Miessler break down the top meta-prompts to run on Claude Opus 4 (Fable 5) before July 7 usage caps kick in.
  • Fable 5 (Claude Opus 4) was briefly restricted by the U.S. government; free full-access window closes July 7
  • Daniel Miessler's playbook: point max intelligence at your deepest systems, not errands
  • Prompt 1: optimize your AI harness/orchestration layer; Prompt 2: harden prompt injection & security controls
  • Prompt 3: full attack-surface audit of everything you've deployed; Prompt 4: self-model audit — clarify what you're actually building toward
  • Frame it like a super-intelligent alien visit — use the window to rebuild roads, not run tasks
2026-06-19 · watch on YouTube ↗
NetworkChuck explores shadow AI — unauthorized AI tools employees use without IT knowledge — and how organizations can discover and govern them.
  • Shadow AI refers to unsanctioned AI tools (ChatGPT, Copilot, etc.) used inside companies without IT/security visibility
  • Unmanaged AI tools create data exfiltration, compliance, and IP leakage risks outside corporate DLP controls
  • Vanta (sponsor) provides automated discovery and risk management for AI tools across an organization
  • Key mitigation: AI tool inventory, acceptable-use policies, and continuous SaaS/AI governance monitoring
  • Mirrors MITRE ATT&CK T1567 — exfiltration via web services — when sensitive data flows to unsanctioned AI endpoints
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA answering community certification questions live at 5PM ET.
  • Live AMA format — community submits CCNA certification questions answered in real time by NetworkChuck
  • Covers exam strategy, study tips, and common sticking points for CCNA candidates
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Summer of CCNA is a structured study track toward Cisco cert via NetworkChuck Academy
  • Enrollment: academy.networkchuck.com/course/premium-summer-of-ccna
2026-06-18 · watch on YouTube ↗
HTTPS encrypts traffic content but leaks visited hostnames to your ISP via SNI, DNS, and other metadata exposure vectors.
  • TLS/HTTPS hides payload data but Server Name Indication (SNI) exposes the destination hostname in plaintext during the handshake
  • ISPs can log every site you visit through unencrypted DNS queries even when the page itself is HTTPS
  • Encrypted Client Hello (ECH) and DNS-over-HTTPS (DoH) are the mitigations that close these metadata leaks
  • VPNs shift trust from ISP to VPN provider — traffic metadata is still visible, just to a different party
  • True privacy requires layering ECH + DoH + VPN or Tor to eliminate hostname leakage at the transport layer