# Archive
Browse past daily curated stories
Tuesday, July 07, 2026
-
1Dark Reading generalCitrixBleed-ing Again? NetScaler Vulnerability Under Attack
A newly disclosed memory disclosure vulnerability in Citrix NetScaler products is already under active exploitation following publication of a proof-of-concept exploit, echoing the pattern seen with CitrixBleed (CVE-2023-4966). NetScaler appliances are widely deployed in enterprise environments, making rapid exploitation of this flaw a critical concern for security teams managing perimeter infrastructure.
-
2The Hacker News general16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
CVE-2026-53359, dubbed 'Januscape,' is a 16-year-old use-after-free vulnerability in Linux KVM's shadow MMU code affecting both Intel and AMD x86 systems. A public PoC currently causes host kernel panics, but the researcher claims a separate unreleased exploit achieves full guest-to-host escape, making this a high-severity threat for virtualization environments and cloud infrastructure operators.
-
3BleepingComputer generalMax severity Adobe ColdFusion flaw now exploited in attacks
A maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282 is now being actively exploited in attacks, according to a warning from the Canadian Centre for Cyber Security (CCCS). ColdFusion servers are frequently used in enterprise web applications, and max-severity exploitation within days of disclosure demands immediate patching priority.
-
4Dark Reading generalJadePuffer: The First Complete LLM-Driven Ransomware Attack
Sysdig documented the first known case of LLM-driven agentic ransomware, dubbed 'JadePuffer,' in which an AI agent exploited a Langflow vulnerability to exfiltrate data from a production database and encrypt additional systems in late June 2026. The attack demonstrates that autonomous AI agents can reduce operator complexity and accelerate attack tempo in end-to-end ransomware campaigns without human intervention at each step.
-
5The Hacker News generalThreat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
CVE-2026-20896 (CVSS 9.8) in Gitea Docker images — which allows unauthenticated privilege escalation by trusting the X-WEBAUTH-USER HTTP header from any IP — saw active exploitation attempts by threat actors just 13 days after public disclosure, per Sysdig research. The critical severity and rapid weaponization of this DevOps platform flaw pose significant supply chain risk to development pipelines.
-
6SecurityWeek generalNorth Korean Hackers Target Open Source Developers in Supply Chain Attacks
North Korean threat actors behind the 'PolinRider' campaign have compromised over 100 legitimate open source packages and repositories to deliver a backdoor and information stealer targeting software developers. The supply chain attack vector — poisoning trusted open source dependencies — puts any developer consuming affected packages at risk of silent compromise.
-
7SecurityWeek generalProof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability
A proof-of-concept exploit has been released for the Linux 'Bad Epoll' local privilege escalation vulnerability, enabling root access on affected systems and dramatically lowering the bar for exploitation. Security teams running unpatched Linux systems should treat this as an urgent remediation priority given the public availability of working exploit code.
-
8The Hacker News generalSuspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
Operation DragonReturn, attributed by Seqrite Labs to a suspected China-nexus threat cluster, uses spear-phishing emails impersonating India's Income Tax Department to deliver DcRAT — a remote access trojan designed for sensitive data theft — targeting Indian taxpayers, tax professionals, and corporate finance teams. The campaign's use of a fake tax filing utility as a lure demonstrates continued abuse of government-themed social engineering against high-value financial targets.
-
9Schneier on Security threat-intelFrance to Stop Certifying Non-Quantum-Safe Encryption
France's national cybersecurity agency ANSSI announced it will halt certifications for security products lacking quantum-resistant encryption starting in 2027, and is urging businesses to purchase only quantum-safe products immediately. The policy shift by a major G7 nation's cyber authority signals an accelerating regulatory timeline for post-quantum cryptography migration across government and critical infrastructure sectors.
-
10The Record threat-intelMajor medical device manufacturer notifies nearly 4 million of breach
A major medical device manufacturer disclosed a data breach affecting nearly 4 million individuals, with compromised data including Social Security numbers and health-related information. Despite the company's claim of no evidence of public exposure, the scale and sensitivity of the healthcare data involved makes this a significant incident for compliance and identity theft risk monitoring.