Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-10 11:02 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2174 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

Dark Reading2026-07-09 20:21 UTC
The researcher known as "Nightmare-Eclipse" published a proof-of-concept (PoC) exploit for the Windows Defender vulnerability in early June after dropping several other Microsoft zero-days.
SecurityWeek2026-07-09 13:49 UTC
Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software. The post Palo Alto Networks Patches 13 Vulnerabilities appeared first on SecurityWeek .
SecurityWeek2026-07-09 12:18 UTC
Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs. The post 12 Million Impacted by Data Breach at Japanese Telco KDDI appeared first on SecurityWeek .
SecurityWeek2026-07-09 10:28 UTC
The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update. The post Microsoft Patches Defender ‘RoguePlanet’ Vulnerability appeared first on SecurityWeek .
The Hacker News2026-07-09 08:48 UTC
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides…
Krebs on Security2026-07-08 12:31 UTC
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-01 00:00 UTC
Added to KEV 2026-07-01. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-29 00:00 UTC
Added to KEV 2026-06-29. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-25 00:00 UTC
Added to KEV 2026-06-25. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…

Active Threats & Malware 18 items

SecurityWeek2026-07-10 09:12 UTC
The backdoor’s destructive capabilities include a standalone wiper, ransomware encryption, and a multi-pass wiping command. The post GigaWiper Combines Multiple Malware for System-Level Sabotage appeared first on SecurityWeek .
The Hacker News2026-07-10 08:10 UTC
A 41-year-old former ransomware negotiator has been sentenced to nearly six years (i.e., 70 months) in prison in the U.S. for their role in conspiring with the now-defunct BlackCat ransomware operators to extort multiple victims and working with two other cybersecurity professionals to target additional victims in…
SecurityWeek2026-07-10 08:00 UTC
A Go module is used to load PowerShell code that fetches a resolver from public dead drops to execute Windows malware. The post Network of 200 GitHub Repositories Used for Malware Infection appeared first on SecurityWeek .
Bleeping Computer2026-07-09 20:10 UTC
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases. [...]
The Hacker News2026-07-09 18:08 UTC
Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from. Each is a different way to break a machine: wipe the whole disk, overwrite the Windows…
Bleeping Computer2026-07-09 17:08 UTC
A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. [...]
The Hacker News2026-07-09 10:43 UTC
Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first publicly spotted in the…
SecurityWeek2026-07-09 10:06 UTC
Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data. The post Mount Royal University Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek .
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…

Data Breaches 5 items

Krebs on Security2026-05-22 16:34 UTC
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry…

Tools & Research 18 items

The Hacker News2026-07-09 18:38 UTC
Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub 'ghost'…
The Hacker News2026-07-09 16:49 UTC
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically…
The Hacker News2026-07-09 15:09 UTC
Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it. This week is full of that kind of damage. Not loud. Not clever. Just small gaps doing big jobs. The worst part is how normal it all looks until the bill…
Bleeping Computer2026-07-09 14:02 UTC
Security operations don't slow down when IT teams take vacation, but staffing levels often do. Kaseya explains how AI-driven automation can help organizations maintain consistent security operations and reduce reliance on manual processes year-round. [...]
Recorded Future2026-07-09 13:20 UTC
NSA last week changed the moniker of its Office of Computer Network Operations (CNO) back to Tailored Access Operations (TAO), a name that is sure to elicit nostalgia among the broader digital community for a group with roots in the early 1990s.
The Hacker News2026-07-09 12:26 UTC
AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write tailored bait, pick targets, test what lands, and jump to the next host before your team clears the first alert. That is the gap, and it is not your fault. The tools and runbooks…
The Hacker News2026-07-09 11:00 UTC
Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it — built quietly months earlier, heads down, taking findings and shipping fixes, because customers kept asking…

📺 NetworkChuck Cliff Notes

2026-07-09 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA answering community questions on certification, networking concepts, and study strategy on 07/09/2026.
  • Live Q&A format — community submits CCNA certification questions answered in real time by NetworkChuck
  • Covers exam strategy, study tips, and common pain points for CCNA candidates
  • Part of the structured Summer of CCNA series running through NetworkChuck Academy
  • 90-minute session cadence consistent with ongoing weekly program format
  • New participants can enroll at academy.networkchuck.com/course/premium-summer-of-ccna
2026-07-02 · watch on YouTube ↗
NetworkChuck & Daniel Miessler break down the top meta-prompts to run on Anthropic's Fable 5 before the free full-access window closes July 7.
  • Fable 5 (Anthropic's most capable model) was briefly pulled by the U.S. government and relaunched with a limited free-tier window ending ~July 7 before a 50% usage cap kicks in
  • Daniel Miessler's core prompt framework: optimize your AI harness/system prompt, harden prompt injection handling, and audit your full deployed attack surface
  • Prompt 4 is the self-model audit — force the model to tell you what you're actually building toward and which of your current skills AI will 10x vs. obsolete
  • Framing: don't use maximum intelligence for errands — point it at your deepest systems, security posture, and hardest strategic questions so the payoff outlasts the access window
  • Full prompt list at danielmiessler.com/blog/prompts-to-run-when-fable-comes-back — walk-and-talk method recommended for writing your own variants
2026-06-19 · watch on YouTube ↗
Shadow AI exposes enterprises to unsanctioned risk as employees quietly adopt tools like ChatGPT and Copilot outside IT governance.
  • Shadow AI = unsanctioned AI tools (ChatGPT, Copilot, etc.) used by employees without IT knowledge or approval
  • Key risks: data exfiltration, compliance violations, and unvetted third-party data processing
  • Organizations lack visibility into which AI tools are in use, creating blind spots in their attack surface
  • Vanta provides AI tool discovery and inventory to surface shadow AI and bring it under governance
  • Mitigation starts with visibility — you can't control what you can't see; policy and tooling must evolve together
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA answering community certification questions on 06/18/2026 at 5PM ET.
  • Live AMA format — community submits CCNA cert questions, NetworkChuck answers in real time
  • 90-minute session consistent with the ongoing Summer of CCNA structured study cadence
  • Covers exam strategy, study tips, and common pain points for CCNA candidates
  • Part of the premium Summer of CCNA track via NetworkChuck Academy
  • Enroll at academy.networkchuck.com/course/premium-summer-of-ccna to join the full program
2026-06-18 · watch on YouTube ↗
HTTPS encrypts traffic content but leaks visited domains to your ISP via TLS SNI, unencrypted DNS, and IP address metadata.
  • TLS SNI exposes the destination hostname in plaintext during every HTTPS handshake — visible to ISPs and network observers
  • Unencrypted DNS queries reveal browsing activity before a connection is even established
  • IP address metadata allows ISPs to infer sites visited even without inspecting packet payloads
  • Encrypted Client Hello (ECH) closes the SNI leak; DNS-over-HTTPS/TLS (DoH/DoT) hides DNS queries
  • VPNs shift trust to the VPN provider but do prevent ISP-level visibility into SNI and DNS