# Archive

Browse past daily curated stories

Jul 04 Jul 03 Jul 02 Jul 01 Jun 30 Jun 27 Jun 26 Jun 25 Jun 24 Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29

Saturday, July 04, 2026

  1. 1
    0
    SecurityWeek general
    Medtronic Data Breach Impacts 3.8 Million People

    Medical device giant Medtronic disclosed a data breach affecting 3.8 million individuals after the ShinyHunters extortion group accessed corporate IT systems in April 2026. The breach was confirmed by Medtronic in late April, with personal and medical information compromised. The scale of exposed medical data makes this critical for healthcare security practitioners and breach response teams.

  2. 2
    0
    SecurityWeek general
    Alleged Scattered Spider Hacker Extradited to US

    Peter Stokes, a 19-year-old dual US-Estonian citizen, has been extradited to the United States on charges of being a member of Scattered Spider, the hacking collective linked to over 100 network intrusions and more than $100 million in ransom payments. The extradition marks continued law enforcement pressure on a group that has targeted major enterprises including MGM and Caesars. Security teams should note Scattered Spider's continued operational activity despite ongoing arrests.

  3. 3
    0
    SecurityWeek general
    Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices

    Google's Threat Intelligence Group (GTIG), working with the FBI, Lumen, and other partners, significantly disrupted NetNut (also tracked as Popa), a residential proxy network comprising approximately 2 million compromised Android devices including smart TVs and streaming boxes. The operation reduced the network's usable device pool by millions, cutting off infrastructure used by cybercriminals and nation-state actors to anonymize malicious traffic. This takedown is notable for the joint public-private partnership model and the scale of compromised consumer devices involved.

  4. 4
    0
    SecurityWeek general
    FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

    Researchers have linked the FortiBleed campaign — which harvested credentials from hundreds of thousands of FortiGate firewalls via an exploited vulnerability — to active ransomware attacks conducted by the INC and Lynx ransomware operations. Attackers are also reportedly layering in exploitation of a Nextcloud zero-day bug. Organizations running FortiGate devices that haven't rotated credentials following FortiBleed exposure are at immediate risk of ransomware intrusion.

  5. 5
    0
    SecurityWeek general
    CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability

    CISA has added CVE-2026-45659, a high-severity Microsoft SharePoint remote code execution vulnerability patched in May 2026, to its Known Exploited Vulnerabilities catalog after confirming active in-the-wild exploitation. Federal agencies face mandatory remediation deadlines under BOD 22-01, and the flaw is being targeted with public PoC code. SharePoint administrators should prioritize patching immediately given the confirmed active exploitation.

  6. 6
    0
    SecurityWeek general
    New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

    A new CitrixBleed-class vulnerability in NetScaler appliances is being actively exploited within hours of public PoC disclosure, with attackers using the exploit code to retrieve arbitrary memory content from HTTP responses — a technique that can expose session tokens and credentials. The rapid weaponization mirrors the original CitrixBleed (CVE-2023-4966) exploitation pattern from 2023. NetScaler administrators should treat this as a patch-now priority given the immediate exploitation timeline.

  7. 7
    0
    The Hacker News general
    European Parliament Member Investigating Spyware Was Hacked With Pegasus

    Citizen Lab's forensic analysis of MEP Stelios Kouloglou's mobile device confirmed multiple infections with NSO Group's Pegasus spyware while he was serving on the European Parliament's PEGA Committee — the body specifically tasked with investigating illegal use of commercial surveillance tools. The targeting of a spyware investigator with the very tool under investigation underscores the political dimensions of Pegasus deployments. This finding adds direct evidentiary weight to ongoing EU regulatory scrutiny of NSO Group.

  8. 8
    0
    SecurityWeek general
    Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

    Cisco has confirmed in-the-wild exploitation of a vulnerability in Cisco Unified Communications Manager (Unified CM), with the first exploitation attempts observed the week following public disclosure of an available PoC exploit. Security teams running Unified CM deployments should apply available patches immediately, as the combination of a public exploit and confirmed active exploitation significantly compresses the defensive window.

  9. 9
    0
    The Hacker News general
    ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

    Kaspersky researchers have attributed a new malware strain called Umbrij to the Chinese APT group ToddyCat, designed to abuse OAuth flows and the Google API to silently access victims' Gmail corporate email. The malware targets organizations using Google Workspace for corporate email, exfiltrating correspondence without triggering standard login alerts. Security teams should audit OAuth application grants and Google API access tokens for anomalous third-party authorizations.

  10. 10
    0
    The Hacker News general
    New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

    A Linux kernel privilege escalation vulnerability dubbed Bad Epoll (CVE-2026-46242) allows unprivileged local users to gain root on Linux desktops, servers, and Android devices, with a patch now available. Notably, the bug resides in the same kernel code region where Anthropic's Mythos AI model recently identified a separate vulnerability — raising questions about AI-assisted vulnerability discovery coverage gaps. Android device patching timelines mean many mobile devices will remain exposed for weeks or months despite the upstream fix.