Stone-Knight Security

STONE-KNIGHT SECURITY

Morning Muster Daily cyber threat brief · CESAR feed
LIVE
Updated 2026-07-11 11:02 UTC
Articles: 96 · Sources: 8
Auto-refresh: 15m

🌍 Global Ransomware Heatmap 2262 victims · last 90d · top: US

Critical CVEs & Vulnerabilities 18 items

The Hacker News2026-07-10 14:19 UTC
Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief description of the high-severity vulnerabilities is as…
Dark Reading2026-07-09 20:21 UTC
The researcher known as "Nightmare-Eclipse" published a proof-of-concept (PoC) exploit for the Windows Defender vulnerability in early June after dropping several other Microsoft zero-days.
SecurityWeek2026-07-09 13:49 UTC
Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software. The post Palo Alto Networks Patches 13 Vulnerabilities appeared first on SecurityWeek .
Krebs on Security2026-07-08 12:31 UTC
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-07 00:00 UTC
Added to KEV 2026-07-07. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-07-01 00:00 UTC
Added to KEV 2026-07-01. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-29 00:00 UTC
Added to KEV 2026-06-29. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-25 00:00 UTC
Added to KEV 2026-06-25. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…
CISA KEV2026-06-23 00:00 UTC
Added to KEV 2026-06-23. Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or…

Active Threats & Malware 17 items

Bleeping Computer2026-07-10 21:59 UTC
Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. [...]
The Hacker News2026-07-10 13:15 UTC
The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware via counterfeit…
SecurityWeek2026-07-10 09:12 UTC
The backdoor’s destructive capabilities include a standalone wiper, ransomware encryption, and a multi-pass wiping command. The post GigaWiper Combines Multiple Malware for System-Level Sabotage appeared first on SecurityWeek .
SecurityWeek2026-07-10 08:00 UTC
A Go module is used to load PowerShell code that fetches a resolver from public dead drops to execute Windows malware. The post Network of 200 GitHub Repositories Used for Malware Infection appeared first on SecurityWeek .
Bleeping Computer2026-07-09 20:10 UTC
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases. [...]
Krebs on Security2026-07-02 19:27 UTC
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity…
Krebs on Security2026-06-18 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to…
Krebs on Security2026-06-10 14:03 UTC
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life…
Krebs on Security2026-05-21 21:50 UTC
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity…

Data Breaches 6 items

The Hacker News2026-07-10 11:47 UTC
A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed…
The Hacker News2026-07-10 11:30 UTC
A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites. Far fewer were actually broken into, but the exposed files showed researchers how a mass…
The Hacker News2026-07-10 10:30 UTC
A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a…
Krebs on Security2026-05-22 16:34 UTC
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry…

Tools & Research 18 items

Bleeping Computer2026-07-11 09:03 UTC
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write every secret into the code as a list…
The Hacker News2026-07-11 06:45 UTC
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious…
The Hacker News2026-07-10 16:29 UTC
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry…
The Hacker News2026-07-10 15:57 UTC
Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device. The other two could let an attacker who slips a malicious…
Bleeping Computer2026-07-10 15:48 UTC
Hackers are actively exploiting a critical vulnerability in the official Docker image for the Gitea self-hosted Git service that allows attackers to impersonate any user, including administrators. [...]
The Hacker News2026-07-10 14:51 UTC
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and can move the coins…
Bleeping Computer2026-07-10 14:00 UTC
AI agents are accelerating the growth of non-human identities, making it harder for organizations to understand what exists, who owns it, and what it can access. Netwrix explains why stronger visibility and identity governance are essential as AI expands the enterprise attack surface. [...]
Dark Reading2026-07-10 13:50 UTC
Age restrictions on accounts may be more of a stopgap because industry compliance is already falling short. Tech giants are struggling to follow the laws without affecting users.

📺 NetworkChuck Cliff Notes

2026-07-09 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA, answering community certification questions on 07/09/2026 at 5PM ET.
  • Live AMA format — community submits CCNA certification questions answered in real time by NetworkChuck
  • 90-minute session consistent with the ongoing Summer of CCNA program cadence
  • Covers exam strategy, study tips, and common pain points for CCNA candidates
  • Part of the structured Summer of CCNA series via NetworkChuck Academy
  • New participants encouraged to enroll at academy.networkchuck.com/course/premium-summer-of-ccna
2026-07-02 · watch on YouTube ↗
NetworkChuck and Daniel Miessler break down the top meta-prompts to run on Claude Opus 4 (Fable 5) before the free full-access window closes July 7th.
  • Fable 5 (Claude Opus 4) was briefly pulled by the U.S. government and relaunched with a limited free-tier window closing ~July 7 before a 50% usage cap kicks in
  • Daniel Miessler's prompt playbook focuses on high-leverage targets: optimize your AI harness/orchestration layer, audit prompt injection defenses, and map your full deployed attack surface
  • Key framing: treat the model like a super-intelligent alien — don't run errands, rebuild your infrastructure (roads, not groceries)
  • Prompt 4 is the self-model audit — force the AI to surface what you're actually optimizing toward, exposing blind spots in your goals and build direction
  • Miessler's Fabric framework and eternalquestions.ai are highlighted as examples of using max-intelligence models on problems too complex for human reasoning alone
2026-06-19 · watch on YouTube ↗
NetworkChuck exposes shadow AI — unauthorized AI tools employees use without IT knowledge — and how to discover and govern them before they become a data leak.
  • Shadow AI refers to unapproved AI tools (ChatGPT, Copilot, etc.) used inside orgs without IT/security visibility
  • These tools create data exfiltration risk — sensitive data entered into external LLMs bypasses DLP controls
  • Discovery requires visibility into SaaS sprawl: browser extensions, OAuth grants, and network traffic analysis
  • Vanta is highlighted as a tool to surface and manage unauthorized AI tool usage across the org
  • Mitigation: AI-use policy, approved-tool lists, SSO enforcement, and continuous SaaS discovery scanning
2026-06-18 · watch on YouTube ↗
NetworkChuck hosts a live 90-min AMA for Summer of CCNA answering community certification questions on 06/18/2026 at 5PM ET.
  • AMA format: community submits CCNA certification questions answered live by NetworkChuck
  • Covers exam strategy, study tips, and common pain points for CCNA candidates
  • Reinforces core Cisco networking concepts aligned with current CCNA exam objectives
  • Part of the structured Summer of CCNA series via NetworkChuck Academy
  • Full study track available at academy.networkchuck.com/course/premium-summer-of-ccna
2026-06-18 · watch on YouTube ↗
HTTPS encrypts your traffic content but leaks visited domains to your ISP via plaintext DNS queries, TLS SNI, and IP address metadata.
  • TLS SNI exposes the destination hostname in plaintext during the TLS handshake — visible to ISPs and network observers
  • Unencrypted DNS queries reveal every domain you look up before the connection is even established
  • IP address metadata lets ISPs infer sites visited even when packet payloads are encrypted
  • Encrypted Client Hello (ECH) and DNS-over-HTTPS/TLS (DoH/DoT) are the protocol-level fixes to plug these leaks
  • The padlock means data is encrypted in transit — not that your browsing activity is private