Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-14 11:02 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2190 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

Bleeping Computer2026-07-13 15:20 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to achieve remote code execution through arbitrary file uploads. [...]
CISA KEV2026-07-13 00:00 UTC
Added to KEV 2026-07-13. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
Dark Reading2026-07-09 20:21 UTC
The researcher known as "Nightmare-Eclipse" published a proof-of-concept (PoC) exploit for the Windows Defender vulnerability in early June after dropping several other Microsoft zero-days.
Krebs on Security2026-07-08 12:31 UTC
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-01 00:00 UTC
Added to KEV 2026-07-01. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-29 00:00 UTC
Added to KEV 2026-06-29. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-25 00:00 UTC
Added to KEV 2026-06-25. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…

Active Threats & Malware 16 items

SecurityWeek2026-07-14 09:04 UTC
A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer. The post Multiple Jscrambler Packages Impacted by Supply Chain Attack appeared first on SecurityWeek .
The Hacker News2026-07-14 08:02 UTC
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused of…
The Hacker News2026-07-14 07:08 UTC
A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the registry as free hosting…
Recorded Future2026-07-13 18:50 UTC
The U.S. Treasury Department announced sanctions against First VPN Service (1VPNS) and its Ukrainian administrator for aiding ransomware groups. Separately, a Belarusian man was sanctioned for malware "cryptors."
The Hacker News2026-07-13 17:36 UTC
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according…
The Hacker News2026-07-13 13:03 UTC
A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram…
Dark Reading2026-07-13 13:00 UTC
An open source, AI-driven system adopts victim personas to engage with phishing attackers, allowing organizations and law enforcement to gather relevant data on cybercriminal operations.
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…

Data Breaches 6 items

The Hacker News2026-07-14 06:19 UTC
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth connections that tie…
Krebs on Security2026-07-13 15:03 UTC
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps…
Bleeping Computer2026-07-13 14:01 UTC
Learn how attackers abuse Entra ID through a free hands-on Capture the Flag. Varonis created the Breach at the Beach CTF to teach defenders how to investigate Entra ID attack techniques using realistic scenarios. [...]
Krebs on Security2026-05-22 16:34 UTC
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry…

Nation State Activity 1 items

Tools & Research 18 items

The Hacker News2026-07-14 09:02 UTC
xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted…
Recorded Future2026-07-13 23:00 UTC
The retailer said the incident did not affect its online shopping platform itself but involved a separately stored customer database maintained by a third-party provider. According to notifications sent to Lidl's German, Belgian and Dutch customers on Friday, the attackers briefly accessed the file and exfiltrated…
Recorded Future2026-07-13 20:50 UTC
“While ultimately it is up to parents to decide when children get their first smartphones, what we already have is a consensus that there needs to be a start date for the age children can join social media,” says European Commission President Ursula van der Leyen.
The Hacker News2026-07-13 13:49 UTC
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact" about the user, hide the change, and quietly steer its answers in later sessions. When it works, the person reads an…
SecurityWeek2026-07-13 12:20 UTC
Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint. The post Cybersecurity M&A Roundup: 37 Deals Announced in June 2026 appeared first on SecurityWeek .
SecurityWeek2026-07-13 12:00 UTC
Unauthenticated attackers could obtain the broker's confidential OAuth client secret, allowing them to take control of the broker. The post RabbitMQ Vulnerability Threatens Enterprise Systems appeared first on SecurityWeek .
The Hacker News2026-07-13 11:54 UTC
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read. Each read gets pinned to the moment it happened: the time, your location, what you were doing, even how you were using…
Bleeping Computer2026-07-13 11:19 UTC
The European Union and the United Kingdom jointly sanctioned dozens of Russian individuals and entities and accused Russia of coordinating a network of hacking groups responsible for attacks across Europe. [...]

📺 NetworkChuck Cliff Notes

2026-07-09 · watch on YouTube ↗
NetworkChuck hosts a live 90-min Summer of CCNA AMA session on 07/09/2026 at 5PM ET, fielding community questions on CCNA prep.
  • Live Q&A format covering CCNA certification path questions from the community
  • Covers study strategies, exam objectives, and networking concept reinforcement
  • Part of the structured Summer of CCNA curriculum via NetworkChuck Academy
  • Encourages enrollment at academy.networkchuck.com/course/premium-summer-of-ccna
2026-07-02 · watch on YouTube ↗
NetworkChuck & Daniel Miessler break down which meta-prompts to run on Claude Opus 4 ("Fable 5") during its limited free-tier window before usage caps hit.
  • Fable 5 (Claude Opus 4) was briefly pulled by the U.S. government and relaunched with a short full-access window before a 50% usage cap kicks in after July 7
  • Daniel Miessler's prompt framework targets high-leverage systems: AI harness optimization, prompt injection hardening, and attack surface audits of everything you've deployed
  • Key prompt 3 maps directly to ASM — feed Fable your full stack and let it enumerate your exposed attack surface the way a red-teamer would
  • Prompt 4 is a self-model audit: force the AI to surface what you're actually building toward vs. what you think you're building toward — strategic clarity at max intelligence
  • Miessler's Fabric project underpins the harness prompts; his write-up at danielmiessler.com has the exact prompt templates to run
2026-06-19 · watch on YouTube ↗
NetworkChuck explores Shadow AI — unauthorized AI tools employees use without IT approval — and how organizations can discover and govern them.
  • Shadow AI refers to unsanctioned AI tools (ChatGPT, Copilot, etc.) used by employees outside IT visibility or policy
  • These tools create data leakage, compliance, and IP exposure risks as sensitive data enters third-party AI platforms
  • Vanta is highlighted as a solution to discover, inventory, and manage AI tools across the organization
  • Key risk: employees bypassing procurement/security review means no DLP, no audit trail, no vendor risk assessment
  • Mitigation involves continuous SaaS/AI discovery, acceptable-use policies, and integrating AI governance into your GRC program
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA on 06/18/2026, answering community questions on cert paths, study strategies, and exam prep.
  • Live Q&A format focused on CCNA certification questions submitted by the Summer of CCNA community
  • Covers certification path guidance — when to take CCNA, what to study next, and how to sequence Cisco certs
  • Exam prep strategies discussed: lab time, Packet Tracer use, and resource recommendations
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Promotes NetworkChuck Academy's Summer of CCNA program at academy.networkchuck.com
2026-06-18 · watch on YouTube ↗
HTTPS encrypts payload data but still leaks visited domains to your ISP via plaintext DNS, TLS SNI, and IP metadata.
  • Plaintext DNS exposes every domain lookup to your ISP before the connection is established
  • TLS SNI reveals the destination hostname in cleartext during the handshake — even over HTTPS
  • IP metadata and traffic patterns let ISPs infer browsing behavior without decrypting content
  • DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) encrypts name resolution to plug the DNS leak
  • Full privacy requires layering HTTPS + DoH/DoT + Encrypted Client Hello (ECH) — or routing through a VPN/Tor