Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-01 11:02 UTC
Articles: 76 · Sources: 7
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2176 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

The Hacker News2026-06-30 15:47 UTC
Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat…
SecurityWeek2026-06-30 13:56 UTC
The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released. The post BlueHammer Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek .
Dark Reading2026-06-29 21:29 UTC
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.
CISA KEV2026-06-29 00:00 UTC
Added to KEV 2026-06-29. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-25 00:00 UTC
Added to KEV 2026-06-25. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-16 00:00 UTC
Added to KEV 2026-06-16. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-12 00:00 UTC
Added to KEV 2026-06-12. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-11 00:00 UTC
Added to KEV 2026-06-11. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
Krebs on Security2026-06-09 22:07 UTC
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at…

Active Threats & Malware 13 items

SecurityWeek2026-07-01 07:46 UTC
Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY. The post Massive Password Spray Campaign Targeting Azure CLI appeared first on SecurityWeek .
The Hacker News2026-07-01 07:20 UTC
Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way. Palo Alto Networks' Unit 42 calls the trick phantom squatting, and its new research…
The Hacker News2026-07-01 05:32 UTC
ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same malware in a different disguise. The same research also…
The Hacker News2026-06-30 17:45 UTC
A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked it since February 2026, and say the real story is not how…
The Hacker News2026-06-30 15:40 UTC
Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. "The campaign is delivered…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…
Krebs on Security2026-05-21 21:50 UTC
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity…

Data Breaches 8 items

Bleeping Computer2026-06-30 21:50 UTC
A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...]
The Hacker News2026-06-30 17:46 UTC
New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm…
The Hacker News2026-06-30 13:49 UTC
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no…
SecurityWeek2026-06-30 12:52 UTC
Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25. The post Aflac Japan Data Breach Impacts 4.38 Million appeared first on SecurityWeek .
Krebs on Security2026-05-22 16:34 UTC
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry…
Krebs on Security2026-05-18 20:48 UTC
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files…

Tools & Research 18 items

SecurityWeek2026-07-01 10:00 UTC
From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. The post Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors appeared first on SecurityWeek .
SecurityWeek2026-07-01 09:30 UTC
The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users. The post Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari appeared first on SecurityWeek .
The Hacker News2026-07-01 06:46 UTC
Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users on Wednesday, July 1, across Claude.ai, the Claude…
SecurityWeek2026-07-01 06:14 UTC
Fifteen of the newly patched flaws have been rated ‘critical’ and 67 have been rated ‘high severity’. The post Google Patches 382 Chrome Vulnerabilities appeared first on SecurityWeek .
The Hacker News2026-07-01 05:46 UTC
Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet…
The Hacker News2026-07-01 03:54 UTC
Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below -…
Bleeping Computer2026-06-30 21:20 UTC
Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today's encryption standards sooner than previously expected. [...]
Dark Reading2026-06-30 19:11 UTC
As AI reshapes cybersecurity workflows, John Paul Cunningham, CISO at SIlverfort, says the technology is creating opportunities rather than eliminating jobs — and there are more ways than ever to break into the essential field.
Recorded Future2026-06-30 16:23 UTC
The Kids Internet and Digital Safety (KIDS) Act passed with bipartisan support by a 267-117 margin, winning the two-thirds majority needed to greenlight the legislation under a process that speeds up a bill’s path to a vote but requires more than a simple majority.
The Hacker News2026-06-30 14:26 UTC
The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and…

📺 NetworkChuck Cliff Notes

2026-06-19 · watch on YouTube ↗
Shadow AI exposes companies to hidden risk as employees use unauthorized AI tools — Vanta helps security teams discover and govern them.
  • Shadow AI refers to unsanctioned AI tools employees use without IT/security team knowledge or approval
  • Hidden AI usage creates data leakage, compliance, and supply chain risk vectors outside corporate controls
  • Discovery and inventory of AI tool sprawl is the critical first step before governance can be applied
  • Vanta provides automated visibility into AI tools in use across an org, mapping them to compliance frameworks
  • Mitigation requires policy enforcement, acceptable-use definitions, and continuous monitoring — not just blocking
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA answering certification questions as part of his Summer of CCNA series on June 18, 2026.
  • Live AMA format focused on CCNA certification questions from the community
  • Part of the structured Summer of CCNA program via NetworkChuck Academy
  • Covers networking fundamentals and exam prep strategies
  • Q&A driven session targeting learners actively studying for Cisco CCNA
  • Academy enrollment link provided for full course access
2026-06-18 · watch on YouTube ↗
HTTPS encrypts traffic content but leaks visited hostnames via SNI in TLS handshakes and plaintext DNS, visible to your ISP.
  • SNI (Server Name Indication) exposes the destination hostname in TLS handshakes even over HTTPS
  • DNS queries are often unencrypted, revealing every domain you look up to your ISP
  • Encrypted Client Hello (ECH) and DNS-over-HTTPS/TLS (DoH/DoT) can mitigate these leaks
  • VPNs shift trust from ISP to VPN provider but don't eliminate metadata exposure
  • The padlock icon means content is encrypted — not that your browsing habits are private
2026-06-18 · watch on YouTube ↗
Cisco Cloud Control unifies network management into a single pane of glass with AI agents that autonomously handle networking tasks.
  • Cisco Cloud Control centralizes management across on-prem, cloud, and hybrid environments
  • AI agents move beyond copilot suggestions — they actively execute network tasks autonomously
  • Single dashboard replaces fragmented tools across switches, routers, and cloud fabric
  • Positions Cisco's intent-based networking vision as AI-native from the ground up
  • Sponsored deep-dive — practical look at where enterprise network automation is heading
2026-06-16 · watch on YouTube ↗
Live 90-min AMA session for Summer of CCNA covering viewer certification questions, study strategies, and CCNA exam guidance.
  • Live Q&A format addressing real viewer questions about CCNA and broader networking certifications
  • Part of NetworkChuck's structured Summer of CCNA program via NetworkChuck Academy
  • Covers study strategies, exam tips, and certification path decisions
  • Targeted at learners actively pursuing Cisco CCNA or adjacent networking certs
  • Academy enrollment link provided for structured access to full course content