Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-13 11:02 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2192 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

The Hacker News2026-07-13 05:36 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated 10.0 on the…
The Hacker News2026-07-10 14:19 UTC
Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief description of the high-severity vulnerabilities is as…
Dark Reading2026-07-09 20:21 UTC
The researcher known as "Nightmare-Eclipse" published a proof-of-concept (PoC) exploit for the Windows Defender vulnerability in early June after dropping several other Microsoft zero-days.
Krebs on Security2026-07-08 12:31 UTC
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-01 00:00 UTC
Added to KEV 2026-07-01. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-29 00:00 UTC
Added to KEV 2026-06-29. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-25 00:00 UTC
Added to KEV 2026-06-25. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…

Active Threats & Malware 18 items

The Hacker News2026-07-13 07:30 UTC
An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history. From that one lapse, French security firm Lexfo lifted the…
The Hacker News2026-07-11 17:59 UTC
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux. Socket flagged the release six…
SecurityWeek2026-07-11 17:30 UTC
Multiple campaigns are using ghost accounts to map GitHub organizations, including their repositories and members. The post Ghost Accounts Abuse GitHub API in Mass Recon Campaign appeared first on SecurityWeek .
Bleeping Computer2026-07-10 21:59 UTC
Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. [...]
The Hacker News2026-07-10 13:15 UTC
The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware via counterfeit…
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…
Krebs on Security2026-05-21 21:50 UTC
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity…

Data Breaches 6 items

SecurityWeek2026-07-13 08:10 UTC
The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider. The post Centers Laboratory Data Breach Affects 540,000 Individuals appeared first on SecurityWeek .
The Hacker News2026-07-11 17:49 UTC
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. "At Balochistan Police, the compromised assets included servers hosting…
The Hacker News2026-07-10 11:47 UTC
A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed…
Krebs on Security2026-05-22 16:34 UTC
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry…

Tools & Research 18 items

SecurityWeek2026-07-13 10:03 UTC
The flaw results in malicious code embedded in crafted emails being executed when the emails are opened. The post Zimbra Patches Critical Code Execution Vulnerability appeared first on SecurityWeek .
Bleeping Computer2026-07-13 09:32 UTC
Cybersecurity agencies from the United States and eight other countries have issued a joint warning that Russian state hackers are targeting vulnerable and poorly configured routers to infiltrate critical infrastructure networks. [...]
Bleeping Computer2026-07-11 09:03 UTC
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write every secret into the code as a list…
The Hacker News2026-07-11 06:45 UTC
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious…
The Hacker News2026-07-10 16:29 UTC
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry…
The Hacker News2026-07-10 15:57 UTC
Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device. The other two could let an attacker who slips a malicious…
Bleeping Computer2026-07-10 15:48 UTC
Hackers are actively exploiting a critical vulnerability in the official Docker image for the Gitea self-hosted Git service that allows attackers to impersonate any user, including administrators. [...]

📺 NetworkChuck Cliff Notes

2026-07-09 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for the Summer of CCNA program on 07/09/2026 at 5PM ET, fielding community questions on CCNA prep.
  • Live Q&A format covering CCNA exam topics and study strategies
  • Part of the structured Summer of CCNA series via NetworkChuck Academy
  • Community-driven session — questions sourced directly from viewers
  • Encourages enrollment at academy.networkchuck.com/course/premium-summer-of-ccna
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
2026-07-02 · watch on YouTube ↗
NetworkChuck and Daniel Miessler break down which meta-prompts to run on Claude Opus 4 ("Fable 5") during its limited free window to maximize ROI.
  • Focus on high-leverage prompts: optimize your AI harness/system prompt, audit deployed attack surface, and run a self-model audit on your goals
  • Daniel Miessler's framework: don't use max-intelligence models for errands — use them to rebuild foundational systems
  • Prompt 1 targets your AI orchestration layer (harness optimization); Prompt 2 hardens security and prompt injection handling
  • Prompt 3 = full attack surface audit of everything you've shipped; Prompt 4 = self-model audit to clarify what you're actually building toward
  • Key mindset: treat a top-tier model like a visiting super-intelligence — point it at your hardest, most durable problems before the window closes
2026-06-19 · watch on YouTube ↗
Shadow AI — unauthorized AI tools employees use without IT approval — creates serious data-leak, compliance, and visibility gaps that enterprise security teams are scrambling to close.
  • Shadow AI refers to unsanctioned AI tools (ChatGPT, Copilot, etc.) used by employees outside IT/security visibility
  • Core risk: sensitive corporate data fed into unapproved AI models with no DLP controls or audit trail
  • Speed of AI adoption is outpacing enterprise governance — most orgs have no inventory of what AI tools are in use
  • Mitigation stack: discover and inventory AI tool usage, enforce acceptable-use policies, integrate approved AI into existing compliance frameworks
  • Vanta highlighted as a platform to gain visibility into AI sprawl and automate compliance controls
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for the Summer of CCNA program, answering community certification questions on 06/18/2026 at 5PM ET.
  • Live Q&A format focused on CCNA certification questions from the community
  • Part of the structured Summer of CCNA series via NetworkChuck Academy
  • Covers certification path guidance, study strategies, and exam prep tips
  • Encourages enrollment at academy.networkchuck.com/course/premium-summer-of-ccna
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
2026-06-18 · watch on YouTube ↗
HTTPS encrypts payload data but leaks visited domains to ISPs via plaintext DNS queries, TLS SNI, and IP metadata — the padlock isn't full privacy.
  • Plaintext DNS exposes every domain lookup to your ISP before a connection is even established
  • TLS SNI reveals the destination hostname in cleartext during the handshake, even over HTTPS
  • IP metadata and traffic patterns allow ISPs to infer browsing behavior without decrypting content
  • Fixes: DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) encrypt name resolution; Encrypted Client Hello (ECH) hides SNI
  • Full browsing privacy requires layering HTTPS + DoH/DoT + ECH — or routing through a VPN/Tor