HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of July 2, 2026.
-
FortiBleed credential-theft campaign linked to Lynx ransomware
— Bleeping Computer
The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet c… -
Kubota says hackers had month-long access to network systems
— Bleeping Computer
Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. [… -
Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS
— Dark Reading
Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitabilit… -
New ChocoPoC malware targets researchers via trojanized PoC exploits
— Bleeping Computer
Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC… -
And the Winner in Dominant Malware Delivery? ClickFix
— Dark Reading
Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it's now the rule. -
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
— The Hacker News
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenti… -
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
— The Hacker News
A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, c… -
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
— The Hacker News
Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activi… -
'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat
— Dark Reading
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect … -
Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)
— SANS ISC
This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extensio… -
ISC Stormcast For Wednesday, July 1st, 2026 https://isc.sans.edu/podcastdetail/9990, (Wed, Jul 1st)
— SANS ISC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. -
Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector
— Unit 42
Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post…
🪲 NVD — Last 20 Scored Vulnerabilities
Latest scored CVEs from the National Vulnerability Database (7995 in last 30 days).
Critical: 11 · High: 7 · Medium: 0 · Low: 0. View full dashboard →
-
CVE-2026-14429
— CVSS 8.3 (HIGH)
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag⦠-
CVE-2026-14428
— CVSS 8.3 (HIGH)
Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craft⦠-
CVE-2026-14427
— CVSS 8.3 (HIGH)
Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security ⦠-
CVE-2026-14425
— CVSS 9.6 (CRITICAL)
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) -
CVE-2026-14424
— CVSS 9.6 (CRITICAL)
Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) -
CVE-2026-14423
— CVSS 9.6 (CRITICAL)
Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) -
CVE-2026-14420
— CVSS 9.6 (CRITICAL)
Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) -
CVE-2026-14419
— CVSS 9.6 (CRITICAL)
Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) -
CVE-2026-14417
— CVSS 9.6 (CRITICAL)
Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) -
CVE-2026-14416
— CVSS 9.6 (CRITICAL)
Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) -
CVE-2026-14413
— CVSS 8.3 (HIGH)
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security se⦠-
CVE-2026-14412
— CVSS 8.3 (HIGH)
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa⦠-
CVE-2026-14411
— CVSS 9.6 (CRITICAL)
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) -
CVE-2026-14405
— CVSS 9.6 (CRITICAL)
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) -
CVE-2026-14401
— CVSS 8.3 (HIGH)
Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf⦠-
CVE-2026-14400
— CVSS 8.3 (HIGH)
Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security ⦠-
CVE-2026-14398
— CVSS 9.6 (CRITICAL)
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) -
CVE-2026-14397
— CVSS 9.6 (CRITICAL)
Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Source: NVD CVE API 2.0
Generated by CryptXNet.ai Threat Intelligence Platform · July 2, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com
Leave a Comment