Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-19 11:02 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2204 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

The Hacker News2026-07-17 06:42 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026. The…
CISA KEV2026-07-15 00:00 UTC
Added to KEV 2026-07-15. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
Krebs on Security2026-07-14 19:22 UTC
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to…
CISA KEV2026-07-14 00:00 UTC
Added to KEV 2026-07-14. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-14 00:00 UTC
Added to KEV 2026-07-14. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-13 00:00 UTC
Added to KEV 2026-07-13. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
Krebs on Security2026-07-08 12:31 UTC
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under…

Active Threats & Malware 15 items

The Hacker News2026-07-17 18:54 UTC
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an "unprecedented"…
The Hacker News2026-07-17 17:12 UTC
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders…
The Hacker News2026-07-17 13:48 UTC
North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. "Any user who ran the project ended up with a four-stage payload aligned with…
The Hacker News2026-07-17 10:53 UTC
Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that border officers pulled him out of the departure hall at Yerevan's Zvartnots airport, held up a…
The Hacker News2026-07-17 08:56 UTC
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and pressed Enter. Microsoft…
The Hacker News2026-07-17 08:46 UTC
Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky, which uncovered the activity…
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…

Data Breaches 6 items

Bleeping Computer2026-07-17 20:45 UTC
Abbott Laboratories is investigating two separate cybersecurity incidents after confirming unauthorized access to internal legacy Exact Sciences systems in its Cancer Diagnostics business, while also investigating a separate claim that attackers breached its LabCentral portal and stole company data. [...]
The Hacker News2026-07-17 16:39 UTC
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime…
SecurityWeek2026-07-17 07:15 UTC
The critical-severity security defect allows remote, authenticated attackers to execute arbitrary code on the server. The post Fresh SharePoint Vulnerability Exploited Soon After Disclosure appeared first on SecurityWeek .
SecurityWeek2026-07-16 15:15 UTC
Legacy systems, safety concerns, and critical infrastructure risks make OT vulnerability disclosure one of cybersecurity's most challenging balancing acts. The post Legacy Systems, Real-World Impacts: The Reality of OT Security appeared first on SecurityWeek .
Krebs on Security2026-07-13 15:03 UTC
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps…

Tools & Research 18 items

Bleeping Computer2026-07-18 13:15 UTC
As age verification laws expand worldwide, organizations face growing pressure to protect users' privacy while meeting regulatory requirements. Incode explains how on-device age estimation verifies age without transmitting or storing facial images, reducing biometric privacy risks while supporting compliance. [...]
The Hacker News2026-07-17 21:20 UTC
Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it. An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare…
The Hacker News2026-07-17 20:20 UTC
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta's Red…
Dark Reading2026-07-17 16:43 UTC
AI models left to both interpret and execute commands eliminate critical cybersecurity oversight.
Bleeping Computer2026-07-17 14:00 UTC
Residential proxies are no longer the silver bullet they once were for carding. Flare explains why cybercriminals increasingly seek "clean" residential proxies and combine them with browser fingerprints, device profiles, and other identity signals to evade modern fraud detection. [...]
SecurityWeek2026-07-17 12:11 UTC
(Video) Artificial intelligence is transforming cybersecurity, but are governance, compliance, and security practices evolving fast enough to keep up? The post Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive appeared first on SecurityWeek .
The Hacker News2026-07-17 11:44 UTC
The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability to drive other apps in the background by imitating taps and typing. Google…
SecurityWeek2026-07-17 11:43 UTC
The startup helps organizations detect, hunt, and protect their assets across environments at machine speed. The post Beacon Security Raises $13 Million for Security Data Platform appeared first on SecurityWeek .
SecurityWeek2026-07-17 11:08 UTC
Industry professionals broadly agree that the suspension pauses third-party CMMC audits but not the underlying legal obligation to protect CUI. The post Industry Reactions to Pentagon Suspending CMMC Phase 2: Feedback Friday appeared first on SecurityWeek .
SecurityWeek2026-07-17 08:31 UTC
The British firm has built a collaborative platform to help organizations address supply chain security risks. The post Risk Ledger Raises $32 Million in Series B Funding appeared first on SecurityWeek .

📺 NetworkChuck Cliff Notes

2026-07-16 · watch on YouTube ↗
NetworkChuck hosts a live 90-min Summer of CCNA AMA exploring how AI is reshaping the network engineering role and career path.
  • Discusses AI's growing impact on traditional network engineering tasks and job responsibilities
  • Live Q&A format covering CCNA study strategies in an AI-augmented networking landscape
  • Addresses whether AI threatens or enhances network engineer career paths
  • Ties into the broader Summer of CCNA program at NetworkChuck Academy
  • Encourages learners to adapt by pairing foundational Cisco skills with AI tooling awareness
2026-07-09 · watch on YouTube ↗
NetworkChuck hosts a 90-min live AMA for Summer of CCNA, answering student questions on Cisco networking and certification prep.
  • Live Q&A format targeting students enrolled in the Summer of CCNA program
  • Covers CCNA exam topics, certification path guidance, and study strategies
  • Reinforces core Cisco networking concepts aligned with current CCNA objectives
  • Interactive session encouraging community engagement and direct instructor access
  • Sign-up available at academy.networkchuck.com/course/premium-summer-of-ccna
2026-07-02 · watch on YouTube ↗
NetworkChuck and Daniel Miessler break down the exact meta-prompts to run on Fable 5 (Claude Opus 4) before the free-tier window closes July 7.
  • Fable 5 (Anthropic Claude Opus 4) was briefly pulled by the U.S. government then relaunched with a limited free window before a 50% usage cap kicks in post-July 7
  • Daniel Miessler's playbook: point max-intelligence at your deepest systems, not errands — harness optimization, security audit, and self-model clarity
  • Prompt 1: optimize your AI orchestration harness/system prompt for max leverage across all downstream AI use
  • Prompt 2-3: audit prompt injection handling and full attack surface of everything you've deployed (classic ASM framing)
  • Prompt 4: self-model audit — force the model to surface what you're actually building toward and which skills survive AI automation
2026-06-19 · watch on YouTube ↗
NetworkChuck explores Shadow AI — unsanctioned AI tools employees use without IT knowledge — and the data-leak, compliance, and governance risks they create.
  • Shadow AI refers to unauthorized AI tools used inside organizations without IT/security team visibility
  • Key risks: data exfiltration, compliance violations, IP leakage, and loss of governance over sensitive data
  • Most orgs are blind to the scope — employees use ChatGPT, Copilot extensions, and AI SaaS without approval
  • Discovery and inventory of AI tool usage across the org is the critical first mitigation step
  • Vanta sponsored — positioned as a solution to find, track, and manage AI tool sprawl across the enterprise
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a 90-min live AMA answering viewer questions on Cisco certifications and the Summer of CCNA program.
  • Live Q&A format covering cert path decisions — CCNA sequencing, study strategies, and exam readiness
  • Addresses common certification questions from learners at various stages of their Cisco journey
  • Reinforces core networking concepts aligned with current CCNA exam objectives
  • Promotes NetworkChuck Academy's Summer of CCNA structured training program