Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-17 11:02 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2217 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

The Hacker News2026-07-17 06:42 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026. The…
CISA KEV2026-07-15 00:00 UTC
Added to KEV 2026-07-15. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
Krebs on Security2026-07-14 19:22 UTC
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to…
CISA KEV2026-07-14 00:00 UTC
Added to KEV 2026-07-14. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-14 00:00 UTC
Added to KEV 2026-07-14. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-13 00:00 UTC
Added to KEV 2026-07-13. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
Krebs on Security2026-07-08 12:31 UTC
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…

Active Threats & Malware 16 items

The Hacker News2026-07-17 08:56 UTC
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and pressed Enter. Microsoft…
The Hacker News2026-07-17 08:46 UTC
Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky, which uncovered the activity…
The Hacker News2026-07-16 12:50 UTC
Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026. "The malware is full-featured, lightweight, and modular," Elastic Security Labs researcher Cyril François said in a technical report. "While…
The Hacker News2026-07-16 12:33 UTC
ClickLock Stealer, a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits. At…
The Hacker News2026-07-16 11:58 UTC
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions. The investigation revealed previously undocumented backdoor behavior,…
The Hacker News2026-07-16 11:17 UTC
An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin ("srt64.sys"), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned…
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…

Data Breaches 4 items

SecurityWeek2026-07-17 07:15 UTC
The critical-severity security defect allows remote, authenticated attackers to execute arbitrary code on the server. The post Fresh SharePoint Vulnerability Exploited Soon After Disclosure appeared first on SecurityWeek .
SecurityWeek2026-07-16 15:15 UTC
Legacy systems, safety concerns, and critical infrastructure risks make OT vulnerability disclosure one of cybersecurity's most challenging balancing acts. The post Legacy Systems, Real-World Impacts: The Reality of OT Security appeared first on SecurityWeek .
Krebs on Security2026-07-13 15:03 UTC
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps…

Nation State Activity 1 items

Tools & Research 18 items

SecurityWeek2026-07-17 08:31 UTC
The British firm has built a collaborative platform to help organizations address supply chain security risks. The post Risk Ledger Raises $32 Million in Series B Funding appeared first on SecurityWeek .
Bleeping Computer2026-07-16 19:26 UTC
A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude's access to connected services such as Gmail, Google Docs, Google Calendar, and Salesforce. [...]
The Hacker News2026-07-16 17:09 UTC
Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London. The attack left 148 TfL systems inoperable and forced all 27,000 of the transport authority's employees into an office to get their…
Bleeping Computer2026-07-16 14:00 UTC
Traditional security workflows were built for environments that changed at human speed. Token Security explains why AI agents require a new approach: building on a live identity foundation while giving security teams the flexibility to create workflows tailored to their own environments. [...]
The Hacker News2026-07-16 13:33 UTC
n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A carrying a sub that belongs to someone under…
SecurityWeek2026-07-16 13:21 UTC
Thalha Jubair and Owen Flowers were prosecuted over a 2024 cyberattack targeting Transport for London (TfL). The post Two Scattered Spider Hackers Sentenced to Jail in UK appeared first on SecurityWeek .
SecurityWeek2026-07-16 13:00 UTC
AI infrastructure introduces new security risks that traditional data center designs were never built to handle. The post AI Data Centers Are Being Built Faster Than They Can Be Secured appeared first on SecurityWeek .

📺 NetworkChuck Cliff Notes

2026-07-16 · watch on YouTube ↗
NetworkChuck hosts a live 90-min Summer of CCNA AMA exploring how AI is reshaping the network engineering role and career path.
  • Live Q&A format addressing how AI tools are changing day-to-day network engineer responsibilities
  • Discussion on whether AI threatens or augments traditional networking skills like CCNA fundamentals
  • Guidance on adapting CCNA study strategy in an AI-assisted networking landscape
  • Reinforces value of foundational Cisco knowledge even as automation and AI tooling expand
  • Promotes NetworkChuck Academy Summer of CCNA program at academy.networkchuck.com
2026-07-09 · watch on YouTube ↗
NetworkChuck hosts a live 90-min Summer of CCNA AMA on 07/09/2026 at 5PM ET, fielding community questions on CCNA prep and certification paths.
  • Live Q&A format with CCNA certification questions submitted by the Summer of CCNA community
  • Covers certification path guidance — sequencing Cisco certs, when to sit the CCNA exam
  • Exam prep strategies discussed: lab time, Packet Tracer, and study resource recommendations
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Full Summer of CCNA program available at academy.networkchuck.com
2026-07-02 · watch on YouTube ↗
NetworkChuck and Daniel Miessler break down which meta-prompts to run on Anthropic's Fable 5 model before its free-access window closes July 7.
  • Fable 5 (Anthropic's most capable model) was briefly pulled offline by the U.S. government and relaunched with a limited free-tier window ending ~July 7
  • Daniel Miessler's 4 meta-prompts: optimize your AI harness, harden prompt injection handling, audit your full attack surface, and run a self-model audit on your goals
  • Attack surface management prompt targets everything you've shipped — treats Fable like an adversarial red-teamer reviewing your deployed code and infra
  • Core philosophy: don't use peak intelligence for errands — point it at foundational systems so the output outlasts the access window
  • Reference: full prompt list at danielmiessler.com/blog/prompts-to-run-when-fable-comes-back
2026-06-19 · watch on YouTube ↗
Shadow AI — employees using unauthorized AI tools without IT knowledge — creates serious data-leak, compliance, and governance risks inside enterprises.
  • Shadow AI refers to unsanctioned AI tools adopted by employees outside IT visibility or approval
  • Key risks: sensitive data exfiltration to third-party LLMs, compliance violations, and zero governance over model outputs
  • Discovery is the first challenge — most orgs have no inventory of what AI tools are actually in use
  • Vanta highlighted as a solution to surface, inventory, and manage AI tool sprawl across the org
  • Mitigation requires AI asset inventory, acceptable-use policy enforcement, and continuous monitoring of tool usage
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA on 06/18/2026 at 5PM ET, answering community certification questions.
  • Live Q&A format focused on CCNA certification questions submitted by the Summer of CCNA community
  • Covers certification path guidance — when to take CCNA, what to study next, and how to sequence Cisco certs
  • Exam prep strategies discussed: lab time, Packet Tracer use, and recommended study resources
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Promotes NetworkChuck Academy Summer of CCNA program at academy.networkchuck.com