HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of July 4, 2026.
-
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
— The Hacker News
Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT … -
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
— The Hacker News
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a ma… -
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
— The Hacker News
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means o… -
NetNut proxy network disrupted, 2 million infected devices cut off
— Bleeping Computer
A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android dev… -
ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit
— Bleeping Computer
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, givi… -
Chinese LLMs Broaden the Gap Between Attackers & Defenders
— Dark Reading
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried? -
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
— Bleeping Computer
Anthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company ex… -
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
— Dark Reading
Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian busines… -
How We Added WebAuthn to a Browser-Based RDP Client
— Unit 42
A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post … -
Apple Reverses Age-Old Patch Policy to Keep Up With AI
— Dark Reading
Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit. -
FBI Seizes NetNut Proxy Platform, Popa Botnet
— Krebs on Security
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a… -
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
— SANS ISC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
🪲 NVD — Last 20 Scored Vulnerabilities
Latest scored CVEs from the National Vulnerability Database (8068 in last 30 days).
Critical: 1 · High: 11 · Medium: 7 · Low: 1. View full dashboard →
-
CVE-2026-58523
— CVSS 6.5 (MEDIUM)
Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. -
CVE-2026-14617
— CVSS 3.1 (LOW)
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Strea⦠-
CVE-2026-58597
— CVSS 4.3 (MEDIUM)
Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. -
CVE-2026-58524
— CVSS 5.4 (MEDIUM)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. -
CVE-2026-58522
— CVSS 6.8 (MEDIUM)
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. -
CVE-2026-58426
— CVSS 9.6 (CRITICAL)
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write -
CVE-2026-58424
— CVSS 8.9 (HIGH)
Permanent Fork PR Workflow Approval Gate Bypass -
CVE-2026-58423
— CVSS 7.7 (HIGH)
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories -
CVE-2026-58418
— CVSS 6.5 (MEDIUM)
SSRF via HTTP Redirect in Repository Migration -
CVE-2026-58300
— CVSS 6.2 (MEDIUM)
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. -
CVE-2026-58299
— CVSS 7.5 (HIGH)
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network. -
CVE-2026-58298
— CVSS 7.2 (HIGH)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. -
CVE-2026-58297
— CVSS 7.1 (HIGH)
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network. -
CVE-2026-58296
— CVSS 7.1 (HIGH)
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network. -
CVE-2026-58295
— CVSS 8.3 (HIGH)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. -
CVE-2026-58294
— CVSS 7.5 (HIGH)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. -
CVE-2026-58293
— CVSS 8.1 (HIGH)
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. -
CVE-2026-58292
— CVSS 7.5 (HIGH)
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. -
CVE-2026-58291
— CVSS 6.1 (MEDIUM)
Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. -
CVE-2026-58290
— CVSS 7.5 (HIGH)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Source: NVD CVE API 2.0
Generated by CryptXNet.ai Threat Intelligence Platform · July 4, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com
Leave a Comment