Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-09 11:17 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2183 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

SecurityWeek2026-07-09 10:28 UTC
The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update. The post Microsoft Patches Defender ‘RoguePlanet’ Vulnerability appeared first on SecurityWeek .
The Hacker News2026-07-09 08:48 UTC
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides…
SecurityWeek2026-07-09 05:00 UTC
Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device's web management interface. The post Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices appeared first on SecurityWeek .
The Hacker News2026-07-08 14:38 UTC
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution. The list of vulnerabilities is as follows - CVE-2026-50746 (CVSS score: 10.0) - An improper…
Krebs on Security2026-07-08 12:31 UTC
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-01 00:00 UTC
Added to KEV 2026-07-01. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-29 00:00 UTC
Added to KEV 2026-06-29. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-25 00:00 UTC
Added to KEV 2026-06-25. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…

Active Threats & Malware 18 items

SecurityWeek2026-07-09 10:06 UTC
Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data. The post Mount Royal University Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek .
Bleeping Computer2026-07-08 19:54 UTC
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications. [...]
SecurityWeek2026-07-08 15:42 UTC
Cisco says the threat actor behind the LapDogs campaign has expanded its SOHO router malware toolkit with LongLeash, DogLeash, and JarLeash backdoors. The post China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors appeared first on SecurityWeek .
The Hacker News2026-07-08 15:07 UTC
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register…
SecurityWeek2026-07-08 13:16 UTC
Join the webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem. The post Webinar Today: Why Email Security Keeps Failing appeared first on SecurityWeek .
The Hacker News2026-07-08 13:00 UTC
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk is clear: traditional URL checks may…
The Hacker News2026-07-08 12:52 UTC
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive…
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…

Data Breaches 10 items

The Hacker News2026-07-09 04:01 UTC
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to DNS threat…
SecurityWeek2026-07-08 16:09 UTC
The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact. The post Accenture Confirms Data Breach After Hacker Claims Source Code Theft appeared first on SecurityWeek .
Bleeping Computer2026-07-08 11:24 UTC
Japanese telecommunications giant KDDI says that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country. [...]
Krebs on Security2026-05-22 16:34 UTC
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry…

Tools & Research 18 items

SecurityWeek2026-07-09 07:27 UTC
The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google. The post Chrome 150 Update Patches 27 Vulnerabilities appeared first on SecurityWeek .
The Hacker News2026-07-09 07:21 UTC
Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it's enabled by default. "You can also @-mention Instagram accounts in the Meta AI app to bring specific Instagram profiles right into your images," the social…
SecurityWeek2026-07-09 06:45 UTC
The Spanish startup has closed an extended pre-seed funding round two months after launching its digital identity protection platform. The post 8Layers Raises $2.9 Million for Identity Security Platform appeared first on SecurityWeek .
The Hacker News2026-07-09 05:15 UTC
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls "Friendly Fire." It works against Anthropic's Claude Code and OpenAI's Codex…
The Hacker News2026-07-09 04:27 UTC
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer,…
The Hacker News2026-07-08 17:02 UTC
Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like an attack.…
Bleeping Computer2026-07-08 14:01 UTC
Specops Software explains how AI is making service desk impersonation attacks more convincing, personalized, and scalable, along with practical steps organizations can take to strengthen onboarding and identity verification. [...]
SecurityWeek2026-07-08 12:15 UTC
The "Rogue Agent" vulnerability could have enabled attackers to silently manipulate AI conversations, exfiltrate data, and compromise every Dialogflow CX agent within the same Google Cloud project. The post Google Dialogflow CX Bug Allowed Attackers to Hijack AI Conversations appeared first on SecurityWeek .
Bleeping Computer2026-07-08 12:00 UTC
DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback. [...]
The Hacker News2026-07-08 11:51 UTC
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps "Verified." Everything…
The Hacker News2026-07-08 11:30 UTC
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood. That era is ending. Not because attackers gave up, but because…

📺 NetworkChuck Cliff Notes

2026-07-06 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA on July 9 at 5PM ET — community Q&A focused on CCNA cert prep.
  • Live 90-minute AMA session — open Q&A format driven by community CCNA questions
  • Part of the ongoing Summer of CCNA structured study track via NetworkChuck Academy
  • Covers real exam challenges, lab scenarios, and cert strategy in real time
  • Viewers encouraged to enroll at academy.networkchuck.com/course/premium-summer-of-ccna
  • Consistent weekly cadence reinforcing core Cisco networking concepts for exam readiness
2026-07-02 · watch on YouTube ↗
NetworkChuck and Daniel Miessler break down 4 meta-prompts to run on Fable 5 (Claude Opus 4) during its limited free window to maximize AI leverage before usage caps hit.
  • Fable 5 (Anthropic's most capable model) had a brief uncapped free window through ~July 7 before a 50% usage cap was imposed
  • Daniel Miessler's 4 core prompts: optimize your AI harness/system prompt, audit prompt injection handling, map your full deployed attack surface, and run a self-model audit on your actual goals
  • Security framing: treat Fable 5 as a one-shot pentest of your entire AI pipeline and deployed infrastructure — attack surface management at max intelligence
  • Miessler's blog post and eternalquestions.ai referenced as companion resources for prompt templates
  • Core philosophy: don't use frontier AI for errands — point it at your deepest systems and hardest questions so the output outlasts the access window
2026-06-19 · watch on YouTube ↗
NetworkChuck exposes the hidden risks of shadow AI — unsanctioned tools like ChatGPT used inside companies without IT oversight, creating data and compliance blind spots.
  • Shadow AI refers to employee-used AI tools (ChatGPT, Copilot, etc.) outside IT governance — bigger blind spot than classic shadow IT
  • Key risks: data exfiltration, IP leakage, compliance violations — maps to MITRE T1567 (Exfiltration Over Web Service) and T1530
  • Most orgs have zero inventory of AI tools in use, making exposure unknown and unmanaged
  • Vanta sponsored — provides AI tool discovery and inventory management to surface and govern shadow AI
  • Mitigations: AI acceptable-use policy, egress monitoring, SaaS audits, enforced AI tool inventory
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA answering community certification questions on 06/18/2026 at 5PM ET.
  • Live AMA format — community submits CCNA certification questions answered in real time by NetworkChuck
  • Covers exam strategy, study tips, and common pain points for CCNA candidates
  • Part of the structured Summer of CCNA series via NetworkChuck Academy
  • Encourages sign-ups at academy.networkchuck.com for the full study track
  • 90-minute session cadence consistent with the ongoing Summer of CCNA program
2026-06-18 · watch on YouTube ↗
HTTPS encrypts traffic content but leaks visited domains via SNI, DNS queries, and IP metadata visible to your ISP.
  • TLS SNI (Server Name Indication) exposes the destination hostname in plaintext during the handshake
  • DNS queries reveal browsing activity unless encrypted DNS (DoH/DoT) is used
  • IP address metadata lets ISPs infer sites visited even without reading packet content
  • Encrypted Client Hello (ECH) and VPNs are discussed as mitigations to plug these leaks
  • The padlock icon means data is encrypted in transit — not that your browsing is private