Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-15 11:02 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2195 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

The Hacker News2026-07-15 05:30 UTC
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 (CVSS score: 10.0) - A Server-side request forgery…
The Hacker News2026-07-14 20:25 UTC
Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft's own CVEs by its Security Update Guide count, more than triple June's previous high of around 200. Those two live bugs are the ones to grab first.…
Krebs on Security2026-07-14 19:22 UTC
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to…
The Hacker News2026-07-14 18:17 UTC
SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage…
SecurityWeek2026-07-14 13:55 UTC
The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal. The post 7 Severe Vulnerabilities Patched in VMware Avi Load Balancer appeared first on SecurityWeek .
CISA KEV2026-07-14 00:00 UTC
Added to KEV 2026-07-14. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-14 00:00 UTC
Added to KEV 2026-07-14. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-13 00:00 UTC
Added to KEV 2026-07-13. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…

Active Threats & Malware 10 items

The Hacker News2026-07-15 09:16 UTC
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below - @asyncapi/generator-helpers@1.1.1 @asyncapi/generator-components@0.7.1…
Bleeping Computer2026-07-15 07:45 UTC
U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of providing bulletproof hosting (BPH) services to ransomware gangs that caused over $62 million in damages to victims worldwide. [...]
The Hacker News2026-07-14 16:52 UTC
Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. "LabubaRAT creates a reusable foothold for hands-on activity," Blackpoint Cyber researchers Sam Decker and Nevan Beal said…
Dark Reading2026-07-13 13:00 UTC
An open source, AI-driven system adopts victim personas to engage with phishing attackers, allowing organizations and law enforcement to gather relevant data on cybercriminal operations.
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…

Data Breaches 7 items

Bleeping Computer2026-07-15 09:44 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting three vulnerabilities to hack Internet-exposed on-premises SharePoint Server instances. [...]
SecurityWeek2026-07-14 18:18 UTC
The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. The post Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims appeared first on SecurityWeek .
The Hacker News2026-07-14 13:48 UTC
Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo's security team, which…
The Hacker News2026-07-14 11:55 UTC
Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separate addresses together and let outsiders…
Krebs on Security2026-07-13 15:03 UTC
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps…

Tools & Research 18 items

Dark Reading2026-07-14 17:44 UTC
Risk tolerance, exposure visibility, board oversight — handling third-party risk is complicated but achievable with disciplined, precise governance.
The Hacker News2026-07-14 17:27 UTC
Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai; the difference is scope. Anthropic…
SecurityWeek2026-07-14 17:06 UTC
The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges. The post Adobe Patches Critical ColdFusion Vulnerabilities appeared first on SecurityWeek .
Bleeping Computer2026-07-14 14:00 UTC
Many vulnerabilities cannot be safely validated with live exploits, either because no exploit exists or the affected systems are too critical to test. Picus explains how TTP chaining helps organizations determine exploitability by validating the attack techniques an exploit depends on, without launching the exploit…
SecurityWeek2026-07-14 13:00 UTC
A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. The post Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar appeared first on SecurityWeek .
The Hacker News2026-07-14 12:46 UTC
Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vulnerable applications can execute untrusted code during…

📺 NetworkChuck Cliff Notes

2026-07-09 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA on 07/09/2026, answering community questions on cert paths, study strategies, and exam prep.
  • Live Q&A format focused on CCNA certification questions submitted by the Summer of CCNA community
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Exam prep strategies discussed: lab time, Packet Tracer use, and resource recommendations
  • Covers certification path guidance — when to take CCNA, what to study next, and how to sequence Cisco certs
  • Promotes NetworkChuck Academy's Summer of CCNA program at academy.networkchuck.com
2026-07-02 · watch on YouTube ↗
NetworkChuck & Daniel Miessler break down which meta-prompts to run on Fable 5 during its brief free window to maximize AI harness, security audits, and self-model clarity.
  • Fable 5 (Anthropic) was pulled by the U.S. government 3 days post-launch; free full-access window closes ~July 7 before a 50% usage cap kicks in
  • Daniel Miessler's prompt playbook: optimize your AI harness/governance layer, audit prompt injection handling, map your full deployed attack surface
  • Attack surface meta-prompt treats Fable 5 as a red-teamer reviewing everything you've shipped — output is a prioritized vuln landscape
  • Self-model audit prompt forces clarity on what you're actually building toward and which of your skills AI will 10x vs. obsolete
  • Key framing: don't send superintelligence on errands — point it at your deepest systems so the output outlasts the access window
2026-06-19 · watch on YouTube ↗
Shadow AI — unauthorized AI tools employees use without IT knowledge — poses serious security and compliance risks to organizations.
  • Shadow AI refers to unsanctioned AI tools (ChatGPT, Copilot, etc.) employees adopt without IT/security approval
  • Data exfiltration risk: sensitive corporate data fed into external AI models outside DLP controls
  • Vanta highlighted as a solution for discovering and managing AI tool sprawl across an org
  • Governance gap: most companies lack AI acceptable-use policies, leaving massive blind spots
  • Mitigation requires AI asset inventory, policy enforcement, and continuous monitoring of sanctioned vs. unsanctioned tools
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA on 06/18/2026, answering community questions on cert paths, study strategies, and exam prep.
  • Live Q&A format focused on CCNA certification questions submitted by the Summer of CCNA community
  • Covers certification path guidance — when to take CCNA, what to study next, and how to sequence Cisco certs
  • Exam prep strategies discussed: lab time, Packet Tracer use, and resource recommendations
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Promotes NetworkChuck Academy's Summer of CCNA program at academy.networkchuck.com
2026-06-18 · watch on YouTube ↗
HTTPS encrypts your traffic but leaks visited domains to your ISP via plaintext DNS, TLS SNI, and IP metadata.
  • TLS/HTTPS encrypts payload but not DNS queries — ISPs see every domain you resolve in plaintext
  • TLS SNI exposes the destination hostname in cleartext during the handshake, even on HTTPS sites
  • IP metadata and traffic patterns let ISPs infer browsing behavior without decrypting content
  • DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) encrypts name resolution to close the DNS leak
  • Full privacy requires layering HTTPS + DoH/DoT + Encrypted Client Hello (ECH) or a VPN/Tor