Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-18 11:02 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2230 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

The Hacker News2026-07-17 06:42 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026. The…
CISA KEV2026-07-15 00:00 UTC
Added to KEV 2026-07-15. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
Krebs on Security2026-07-14 19:22 UTC
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to…
CISA KEV2026-07-14 00:00 UTC
Added to KEV 2026-07-14. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-14 00:00 UTC
Added to KEV 2026-07-14. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-13 00:00 UTC
Added to KEV 2026-07-13. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
Krebs on Security2026-07-08 12:31 UTC
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…

Active Threats & Malware 16 items

The Hacker News2026-07-17 18:54 UTC
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an "unprecedented"…
The Hacker News2026-07-17 17:12 UTC
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders…
The Hacker News2026-07-17 13:48 UTC
North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. "Any user who ran the project ended up with a four-stage payload aligned with…
The Hacker News2026-07-17 10:53 UTC
Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that border officers pulled him out of the departure hall at Yerevan's Zvartnots airport, held up a…
The Hacker News2026-07-17 08:56 UTC
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and pressed Enter. Microsoft…
The Hacker News2026-07-17 08:46 UTC
Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky, which uncovered the activity…
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…

Data Breaches 6 items

Bleeping Computer2026-07-17 20:45 UTC
Abbott Laboratories is investigating two separate cybersecurity incidents after confirming unauthorized access to internal legacy Exact Sciences systems in its Cancer Diagnostics business, while also investigating a separate claim that attackers breached its LabCentral portal and stole company data. [...]
The Hacker News2026-07-17 16:39 UTC
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime…
SecurityWeek2026-07-17 07:15 UTC
The critical-severity security defect allows remote, authenticated attackers to execute arbitrary code on the server. The post Fresh SharePoint Vulnerability Exploited Soon After Disclosure appeared first on SecurityWeek .
SecurityWeek2026-07-16 15:15 UTC
Legacy systems, safety concerns, and critical infrastructure risks make OT vulnerability disclosure one of cybersecurity's most challenging balancing acts. The post Legacy Systems, Real-World Impacts: The Reality of OT Security appeared first on SecurityWeek .
Krebs on Security2026-07-13 15:03 UTC
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps…

Tools & Research 18 items

The Hacker News2026-07-17 21:20 UTC
Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it. An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare…
The Hacker News2026-07-17 20:20 UTC
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta's Red…
Dark Reading2026-07-17 16:43 UTC
AI models left to both interpret and execute commands eliminate critical cybersecurity oversight.
Bleeping Computer2026-07-17 14:00 UTC
Residential proxies are no longer the silver bullet they once were for carding. Flare explains why cybercriminals increasingly seek "clean" residential proxies and combine them with browser fingerprints, device profiles, and other identity signals to evade modern fraud detection. [...]
SecurityWeek2026-07-17 12:11 UTC
(Video) Artificial intelligence is transforming cybersecurity, but are governance, compliance, and security practices evolving fast enough to keep up? The post Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive appeared first on SecurityWeek .
The Hacker News2026-07-17 11:44 UTC
The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability to drive other apps in the background by imitating taps and typing. Google…
SecurityWeek2026-07-17 11:43 UTC
The startup helps organizations detect, hunt, and protect their assets across environments at machine speed. The post Beacon Security Raises $13 Million for Security Data Platform appeared first on SecurityWeek .
SecurityWeek2026-07-17 11:08 UTC
Industry professionals broadly agree that the suspension pauses third-party CMMC audits but not the underlying legal obligation to protect CUI. The post Industry Reactions to Pentagon Suspending CMMC Phase 2: Feedback Friday appeared first on SecurityWeek .
SecurityWeek2026-07-17 08:31 UTC
The British firm has built a collaborative platform to help organizations address supply chain security risks. The post Risk Ledger Raises $32 Million in Series B Funding appeared first on SecurityWeek .

📺 NetworkChuck Cliff Notes

2026-07-16 · watch on YouTube ↗
NetworkChuck hosts a live 90-min Summer of CCNA AMA exploring how AI is reshaping the role of network engineers and what it means for CCNA candidates.
  • Discusses AI's growing impact on traditional networking roles and whether it threatens or augments the network engineer career path
  • Live Q&A format with Summer of CCNA community questions on cert relevance in an AI-driven industry
  • Addresses whether CCNA and Cisco certs still hold value as AI tools automate network configuration and troubleshooting
  • Covers how AI tools (ChatGPT, Copilot, etc.) are changing day-to-day network ops workflows
  • Full Summer of CCNA program available at academy.networkchuck.com
2026-07-09 · watch on YouTube ↗
NetworkChuck hosts a live 90-min Summer of CCNA AMA on 07/09/2026 at 5PM ET, fielding community questions on CCNA prep and certification paths.
  • Live Q&A format with community-submitted questions focused on CCNA exam prep and study strategies
  • Covers certification path guidance — sequencing Cisco certs and when to sit the CCNA exam
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Exam prep tactics discussed: lab time, Packet Tracer usage, and recommended study resources
  • Full Summer of CCNA program available at academy.networkchuck.com
2026-07-02 · watch on YouTube ↗
NetworkChuck and Daniel Miessler break down the exact meta-prompts to run on Claude Opus 4 (Fable 5) before the free full-access window closes July 7.
  • Fable 5 (Claude Opus 4) was briefly pulled by the U.S. government and relaunched with a limited free-tier window ending ~July 7 before a 50% usage cap kicks in.
  • Daniel Miessler's playbook: use max-intelligence models on deep systems, not errands — treat it like a super-intelligent alien architect.
  • Prompt 1: Optimize your AI harness/orchestration layer. Prompt 2: Audit prompt injection and security posture of your AI stack.
  • Prompt 3: Full attack surface audit of everything you've deployed. Prompt 4: Self-model audit — identify what you're actually building toward and which skills will 10x vs. become obsolete.
  • Reference: danielmiessler.com/blog/prompts-to-run-when-fable-comes-back for the full prompt list.
2026-06-19 · watch on YouTube ↗
Shadow AI — unsanctioned AI tools used inside companies — creates serious data-leak, compliance, and governance risks that most orgs are completely blind to.
  • Shadow AI refers to AI tools employees adopt without IT/security approval, creating unmonitored data flows to third-party LLMs
  • Key risks: sensitive data exfiltration, compliance violations (HIPAA/SOC2/GDPR), and zero governance over model outputs
  • Discovery is the first challenge — most orgs have no inventory of what AI tools are actually running inside the environment
  • Mitigation requires AI asset inventory, acceptable-use policy enforcement, and continuous monitoring of tool usage
  • Vanta sponsored — positioned as a solution to surface, inventory, and manage AI tool sprawl across the org
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min Summer of CCNA AMA on 06/18/2026 at 5PM ET, fielding community questions on CCNA certification prep and study strategies.
  • Live Q&A format with community-submitted questions focused on CCNA certification guidance
  • Covers exam prep strategies: lab time, Packet Tracer, and recommended study resources
  • Certification path guidance — sequencing Cisco certs and when to sit the CCNA exam
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Full Summer of CCNA program available at academy.networkchuck.com