📰 DAILY THREAT BRIEFING
Sunday, July 5, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of July 5, 2026.

  1. JadePuffer ransomware used AI agent to automate entire attack
    — Bleeping Computer

    Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large l…
  2. U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
    — The Hacker News

    A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for…
  3. North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
    — The Hacker News

    The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser…
  4. Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
    — The Hacker News

    Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT …
  5. NetNut proxy network disrupted, 2 million infected devices cut off
    — Bleeping Computer

    A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android dev…
  6. ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit
    — Bleeping Computer

    A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, givi…
  7. Chinese LLMs Broaden the Gap Between Attackers & Defenders
    — Dark Reading

    Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?
  8. Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
    — Dark Reading

    Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian busines…
  9. How We Added WebAuthn to a Browser-Based RDP Client
    — Unit 42

    A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post …
  10. Apple Reverses Age-Old Patch Policy to Keep Up With AI
    — Dark Reading

    Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
  11. FBI Seizes NetNut Proxy Platform, Popa Botnet
    — Krebs on Security

    The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a…
  12. ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7584 in last 30 days).
Critical: 0 · High: 9 · Medium: 7 · Low: 4. View full dashboard →

  1. CVE-2026-14683
    — CVSS 3.3 (LOW)

    A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistog…
  2. CVE-2026-14660
    — CVSS 7.3 (HIGH)

    A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of the argument txtUser/txtPass results in sql injection. The…
  3. CVE-2026-14659
    — CVSS 6.3 (MEDIUM)

    A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The a…
  4. CVE-2026-14658
    — CVSS 6.3 (MEDIUM)

    A vulnerability was detected in code-projects Assessment Management 1.0. This vulnerability affects unknown code of the file /lecturer/marking-scheme.php. The manipulation of the argument smarksrange[] results in sql inj…
  5. CVE-2026-14657
    — CVSS 6.3 (MEDIUM)

    A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argu…
  6. CVE-2026-14656
    — CVSS 4.3 (MEDIUM)

    A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. I…
  7. CVE-2026-14655
    — CVSS 2.4 (LOW)

    A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to …
  8. CVE-2026-14654
    — CVSS 7.3 (HIGH)

    A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument user_id leads t…
  9. CVE-2026-14653
    — CVSS 7.3 (HIGH)

    A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument user_id causes …
  10. CVE-2026-14652
    — CVSS 7.3 (HIGH)

    A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username …
  11. CVE-2026-14651
    — CVSS 3.3 (LOW)

    A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grass_compiler::selector::extend/grass_compiler::evaluate::visitor. The manipulation leads to denial of service. The …
  12. CVE-2024-1248
    — CVSS 4.8 (MEDIUM)

    The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. Thi…
  13. CVE-2026-14650
    — CVSS 3.3 (LOW)

    A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grass_compiler::raw_to_parse_error of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of se…
  14. CVE-2026-14649
    — CVSS 7.3 (HIGH)

    A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandid…
  15. CVE-2026-14648
    — CVSS 7.3 (HIGH)

    A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such manipulation of the …
  16. CVE-2026-14647
    — CVSS 4.3 (MEDIUM)

    A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bo…
  17. CVE-2026-14642
    — CVSS 7.3 (HIGH)

    A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argument ID leads to sql …
  18. CVE-2026-14641
    — CVSS 7.3 (HIGH)

    A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulation of the argument ID…
  19. CVE-2026-14640
    — CVSS 7.3 (HIGH)

    A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in…
  20. CVE-2026-14639
    — CVSS 6.3 (MEDIUM)

    A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the argument c_name leads …

Source: NVD CVE API 2.0


Generated by CryptXNet.ai Threat Intelligence Platform · July 5, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com