#cyber-security โ Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cyber-security, aggregated by home.social.
-
Update on Attacks by Threat Group APT-C-60 in 2026
APT-C-60 continues targeting organizations in Japan with evolved tactics observed throughout 2026. The threat group employs spear-phishing emails containing Proton Drive links or direct attachments with RAR archives. Victims extract LNK files that execute JavaScript via mshta.exe, leading to multi-stage payload delivery. The attackers abuse legitimate services including GitHub, GitLab, jsDelivr, and Codeberg as infrastructure for hosting malicious components. Git.exe is leveraged to execute scripts that deploy downloaders and loaders, ultimately delivering SpyGlace malware versions 3.1.15 through 3.1.18. The attack chain involves multiple obfuscated JavaScript files and persistence mechanisms similar to previous campaigns. By utilizing developer-oriented services and CDNs commonly allowed in corporate environments, the threat actor attempts to evade detection and blend malicious traffic with legitimate communications.
Pulse ID: 6a54e01e0597d81e8ad9f7d0
Pulse Link: https://otx.alienvault.com/pulse/6a54e01e0597d81e8ad9f7d0
Pulse Author: AlienVault
Created: 2026-07-13 12:54:54Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CDN #CyberSecurity #DNS #Email #GitHub #ICS #InfoSec #Japan #Java #JavaScript #LNK #Malware #OTX #OpenThreatExchange #Phishing #RAT #SMS #SpearPhishing #bot #AlienVault
-
Update on Attacks by Threat Group APT-C-60 in 2026
APT-C-60 continues targeting organizations in Japan with evolved tactics observed throughout 2026. The threat group employs spear-phishing emails containing Proton Drive links or direct attachments with RAR archives. Victims extract LNK files that execute JavaScript via mshta.exe, leading to multi-stage payload delivery. The attackers abuse legitimate services including GitHub, GitLab, jsDelivr, and Codeberg as infrastructure for hosting malicious components. Git.exe is leveraged to execute scripts that deploy downloaders and loaders, ultimately delivering SpyGlace malware versions 3.1.15 through 3.1.18. The attack chain involves multiple obfuscated JavaScript files and persistence mechanisms similar to previous campaigns. By utilizing developer-oriented services and CDNs commonly allowed in corporate environments, the threat actor attempts to evade detection and blend malicious traffic with legitimate communications.
Pulse ID: 6a54e01e0597d81e8ad9f7d0
Pulse Link: https://otx.alienvault.com/pulse/6a54e01e0597d81e8ad9f7d0
Pulse Author: AlienVault
Created: 2026-07-13 12:54:54Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CDN #CyberSecurity #DNS #Email #GitHub #ICS #InfoSec #Japan #Java #JavaScript #LNK #Malware #OTX #OpenThreatExchange #Phishing #RAT #SMS #SpearPhishing #bot #AlienVault
-
Threat Actors Achieve Persistence After SQL Injection
Threat actors gaining initial access through SQL injection exploited a web application vulnerability in a technology sector organization. After compromising an MSSQL instance via inadequate input validation, the attackers deployed base64-encoded PowerShell scripts to conduct reconnaissance using tasklist commands and exfiltrated results to an external server. They established persistence by enabling Remote Desktop Services, creating an administratively privileged user account named adminweb2$, and disabling Windows Defender. The attackers installed BadIIS modules for SEO fraud, deployed XMRig cryptocurrency miner with hidden file attributes, and utilized service creation tools. Multiple PowerShell scripts and batch files were downloaded throughout the attack to facilitate various malicious operations and maintain access.
Pulse ID: 6a551f28c1e094d7650c8ecd
Pulse Link: https://otx.alienvault.com/pulse/6a551f28c1e094d7650c8ecd
Pulse Author: AlienVault
Created: 2026-07-13 17:23:51Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #MSSQL #OTX #OpenThreatExchange #PowerShell #RAT #SQL #Vulnerability #Windows #bot #cryptocurrency #AlienVault
-
Threat Actors Achieve Persistence After SQL Injection
Threat actors gaining initial access through SQL injection exploited a web application vulnerability in a technology sector organization. After compromising an MSSQL instance via inadequate input validation, the attackers deployed base64-encoded PowerShell scripts to conduct reconnaissance using tasklist commands and exfiltrated results to an external server. They established persistence by enabling Remote Desktop Services, creating an administratively privileged user account named adminweb2$, and disabling Windows Defender. The attackers installed BadIIS modules for SEO fraud, deployed XMRig cryptocurrency miner with hidden file attributes, and utilized service creation tools. Multiple PowerShell scripts and batch files were downloaded throughout the attack to facilitate various malicious operations and maintain access.
Pulse ID: 6a551f28c1e094d7650c8ecd
Pulse Link: https://otx.alienvault.com/pulse/6a551f28c1e094d7650c8ecd
Pulse Author: AlienVault
Created: 2026-07-13 17:23:51Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #MSSQL #OTX #OpenThreatExchange #PowerShell #RAT #SQL #Vulnerability #Windows #bot #cryptocurrency #AlienVault
-
๐ CVE-2026-26396 - High (7.5)
OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter โfilenameโ is user-controllable and is concatenated into the file path to be r...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-26396/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
๐ CVE-2026-55773 - High (8.8)
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Cedar-expres...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-55773/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
๐ CVE-2026-55771 - High (8.8)
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals() has inverted null/self branches which could lead to incorrect eq...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-55771/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
๐จ EUVD-2026-43524
๐ Score: 8.8/10 (CVSS v3.1)
๐ฆ Product: cedar-java
๐ข Vendor: cedar-policy
๐ Updated: 2026-07-13๐ CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals() has inverted null/self branches which could lead to incorrect equal...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43524
-
๐จ EUVD-2026-43524
๐ Score: 8.8/10 (CVSS v3.1)
๐ฆ Product: cedar-java
๐ข Vendor: cedar-policy
๐ Updated: 2026-07-13๐ CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals() has inverted null/self branches which could lead to incorrect equal...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43524
-
๐งช NEW BETA RELEASES ๐งช
๐ฑ iOS 26.6 beta 5 (23G5065a)
๐ฑ iPadOS 26.6 beta 5 (23G5065a)
๐ฑ iPadOS 27.0 beta 3 v.2 (24A5380l)
๐ป macOS 26.6 beta 5 (25G5065a)
๐ป macOS 27.0 beta 3 v.2 (26A5378n)
๐บ tvOS 26.6 beta 5 (23L5766a)
๐ฅฝ visionOS 26.6 beta 5 (23O5765a)
โ watchOS 26.6 beta 5 (23U5062b) -
๐งช NEW BETA RELEASES ๐งช
๐ฑ iOS 26.6 beta 5 (23G5065a)
๐ฑ iPadOS 26.6 beta 5 (23G5065a)
๐ฑ iPadOS 27.0 beta 3 v.2 (24A5380l)
๐ป macOS 26.6 beta 5 (25G5065a)
๐ป macOS 27.0 beta 3 v.2 (26A5378n)
๐บ tvOS 26.6 beta 5 (23L5766a)
๐ฅฝ visionOS 26.6 beta 5 (23O5765a)
โ watchOS 26.6 beta 5 (23U5062b) -
"Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting" by Cybersecurity and Infrastructure Security Agency (#CISA)๐บ๐ธ and 18 other gov't security organizations๐ฆ๐บ๐จ๐ฆ๐ณ๐ฟ๐ฌ๐ง๐จ๐ฟ๐ฉ๐ฐ๐ช๐ช๐ซ๐ฎ๐ซ๐ท๐ฎ๐น๐ต๐ฑ๐ธ๐ช - Recommended router configuration steps to mitigate recurring Russian network attacks on western #infrastructure. https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-194a #malware #cyberwar #cybersecurity #Internet #networking #tech
-
"Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting" by Cybersecurity and Infrastructure Security Agency (#CISA)๐บ๐ธ and 18 other gov't security organizations๐ฆ๐บ๐จ๐ฆ๐ณ๐ฟ๐ฌ๐ง๐จ๐ฟ๐ฉ๐ฐ๐ช๐ช๐ซ๐ฎ๐ซ๐ท๐ฎ๐น๐ต๐ฑ๐ธ๐ช - Recommended router configuration steps to mitigate recurring Russian network attacks on western #infrastructure. https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-194a #malware #cyberwar #cybersecurity #Internet #networking #tech
-
State of (in)security - Week 28, 2026
Week 28 of 2026 saw 17 security advisories and 26 incidents (down from 28 the prior week), with roughly 2.7 million individuals impacted. The largest breach is Moody Bible Institute's exposure of 2.3 million records via a PeopleSoft zero-day. Ransomware/malware and unauthorized access were the leading causes (7 incidents each), healthcare was the hardest-hit industry, and several actively exploited flaws were reported in products including Adobe ColdFusion, Gitea, Joomla extensions, and Langflow.
**Make sure to update your Joomla and plugins. They are under heavy attack!**
#cybersecurity #infosec #knowledge #weeklyreport
https://beyondmachines.net/event_details/state-of-in-security-week-28-2026-p-s-9-s-y/gD2P6Ple2L -
State of (in)security - Week 28, 2026
Week 28 of 2026 saw 17 security advisories and 26 incidents (down from 28 the prior week), with roughly 2.7 million individuals impacted. The largest breach is Moody Bible Institute's exposure of 2.3 million records via a PeopleSoft zero-day. Ransomware/malware and unauthorized access were the leading causes (7 incidents each), healthcare was the hardest-hit industry, and several actively exploited flaws were reported in products including Adobe ColdFusion, Gitea, Joomla extensions, and Langflow.
**Make sure to update your Joomla and plugins. They are under heavy attack!**
#cybersecurity #infosec #knowledge #weeklyreport
https://beyondmachines.net/event_details/state-of-in-security-week-28-2026-p-s-9-s-y/gD2P6Ple2L -
๐ CVE-2026-49970 - High (8.8)
Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestin...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-49970/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
๐ CVE-2026-49972 - High (8.8)
Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.php.jpg....
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-49972/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
๐ CVE-2026-55772 - High (8.8)
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Record-to-En...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-55772/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
๐จ EUVD-2026-43515
๐ Score: 5.1/10 (CVSS v3.1)
๐ฆ Product: phoenix_live_view, phoenix_live_view
๐ข Vendor: phoenixframework
๐ Updated: 2026-07-13๐ Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session.
The Phoenix.LiveView.Utils.valid_destinat...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43515
-
๐จ EUVD-2026-43515
๐ Score: 5.1/10 (CVSS v3.1)
๐ฆ Product: phoenix_live_view, phoenix_live_view
๐ข Vendor: phoenixframework
๐ Updated: 2026-07-13๐ Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session.
The Phoenix.LiveView.Utils.valid_destinat...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43515
-
๐จ EUVD-2026-43517
๐ Score: 8.7/10 (CVSS v3.1)
๐ฆ Product: laravel-mediable
๐ข Vendor: plank
๐ Updated: 2026-07-13๐ Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestinatio...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43517
-
๐จ EUVD-2026-43517
๐ Score: 8.7/10 (CVSS v3.1)
๐ฆ Product: laravel-mediable
๐ข Vendor: plank
๐ Updated: 2026-07-13๐ Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestinatio...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43517
-
๐จ EUVD-2026-43516
๐ Score: 5.3/10 (CVSS v3.1)
๐ฆ Product: laravel-mediable
๐ข Vendor: plank
๐ Updated: 2026-07-13๐ Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::from...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43516
-
๐จ EUVD-2026-43518
๐ Score: 5.3/10 (CVSS v3.1)
๐ฆ Product: laravel-mediable
๐ข Vendor: plank
๐ Updated: 2026-07-13๐ Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, sc...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43518
-
๐จ EUVD-2026-43516
๐ Score: 5.3/10 (CVSS v3.1)
๐ฆ Product: laravel-mediable
๐ข Vendor: plank
๐ Updated: 2026-07-13๐ Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::from...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43516
-
๐จ EUVD-2026-43518
๐ Score: 5.3/10 (CVSS v3.1)
๐ฆ Product: laravel-mediable
๐ข Vendor: plank
๐ Updated: 2026-07-13๐ Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, sc...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43518
-
๐จ EUVD-2026-43519
๐ Score: 7.7/10 (CVSS v3.1)
๐ฆ Product: laravel-mediable
๐ข Vendor: plank
๐ Updated: 2026-07-13๐ Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.php.jpg. The...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43519
-
๐จ EUVD-2026-43519
๐ Score: 7.7/10 (CVSS v3.1)
๐ฆ Product: laravel-mediable
๐ข Vendor: plank
๐ Updated: 2026-07-13๐ Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.php.jpg. The...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43519
-
๐จ EUVD-2026-43520
๐ Score: 9.5/10 (CVSS v3.1)
๐ฆ Product: ServiceNow AI Platform, ServiceNow AI Platform, ServiceNow AI Platform (+4 more)
๐ข Vendor: Servicenow
๐ Updated: 2026-07-13๐ ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain ...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43520
-
๐จ EUVD-2026-43520
๐ Score: 9.5/10 (CVSS v3.1)
๐ฆ Product: ServiceNow AI Platform, ServiceNow AI Platform, ServiceNow AI Platform (+4 more)
๐ข Vendor: Servicenow
๐ Updated: 2026-07-13๐ ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain ...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43520
-
๐จ EUVD-2026-43521
๐ Score: n/a
๐ Updated: 2026-07-13๐ Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43521
-
๐จ EUVD-2026-43521
๐ Score: n/a
๐ Updated: 2026-07-13๐ Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43521
-
๐จ EUVD-2026-43522
๐ Score: 8.8/10 (CVSS v3.1)
๐ฆ Product: cedar-java, cedar-java, cedar-java
๐ข Vendor: cedar-policy
๐ Updated: 2026-07-13๐ CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling cou...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43522
-
๐จ EUVD-2026-43522
๐ Score: 8.8/10 (CVSS v3.1)
๐ฆ Product: cedar-java, cedar-java, cedar-java
๐ข Vendor: cedar-policy
๐ Updated: 2026-07-13๐ CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling cou...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43522
-
This is a pretty bad one!
New CrashStealer malware poses as Apple crash reporting tool https://www.bleepingcomputer.com/news/security/new-crashstealer-malware-poses-as-apple-crash-reporting-tool/
-
๐๐ฏ Oh, the riveting saga of a #TFTP honey potโspoiler alert: it was forbidden! ๐๐ซ Apparently, attempting to #access this tantalizing "research" is like asking a bouncer to let you into a library rave. Nice try, but you shall not pass! ๐๐
https://bruceediger.com/posts/tftp-honeypot-results/ #HoneyPot #Forbidden #LibraryRave #CyberSecurity #Research #Humor #HackerNews #ngated -
Die Ransomware-Gruppe D1R hat Bosch auf ihrer Darknet-Seite gelistet, mit einer Frist von 11 Tagen und der Drohung, gestohlene Konstruktionsdaten zu verรถffentlichen. Der Einbruch erfolgte nicht bei Bosch direkt, sondern รผber den Softwareanbieter Synopsys. Gestohlene Daten umfassen offenbar VHDL-Hardware-Designs und Unterlagen zum CAN-Bus-Protokoll โ Technologie, die in Fahrzeugen, Zรผgen und Flugzeugen weltweit im Einsatz ist.
#ITSicherheit #Cybersecurity #Ransomware #SupplyChain #Bosch