📰 DAILY THREAT BRIEFING
Monday, July 6, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of July 6, 2026.

  1. Flipper Zero firmware development continues with community help
    — Bleeping Computer

    Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on com…
  2. JadePuffer ransomware used AI agent to automate entire attack
    — Bleeping Computer

    Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large l…
  3. U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
    — The Hacker News

    A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for…
  4. North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
    — The Hacker News

    The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser…
  5. Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
    — The Hacker News

    Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT …
  6. NetNut proxy network disrupted, 2 million infected devices cut off
    — Bleeping Computer

    A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android dev…
  7. Chinese LLMs Broaden the Gap Between Attackers & Defenders
    — Dark Reading

    Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?
  8. Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
    — Dark Reading

    Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian busines…
  9. How We Added WebAuthn to a Browser-Based RDP Client
    — Unit 42

    A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post …
  10. Apple Reverses Age-Old Patch Policy to Keep Up With AI
    — Dark Reading

    Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
  11. FBI Seizes NetNut Proxy Platform, Popa Botnet
    — Krebs on Security

    The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a…
  12. ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7424 in last 30 days).
Critical: 0 · High: 7 · Medium: 12 · Low: 1. View full dashboard →

  1. CVE-2026-14783
    — CVSS 4.3 (MEDIUM)

    A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path tr…
  2. CVE-2026-14778
    — CVSS 7.3 (HIGH)

    A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of the component Enrollment Management. The manip…
  3. CVE-2026-14777
    — CVSS 6.3 (MEDIUM)

    A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead …
  4. CVE-2026-14776
    — CVSS 6.3 (MEDIUM)

    A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /upload_files.php of the component Filename Ex…
  5. CVE-2026-14775
    — CVSS 6.3 (MEDIUM)

    A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unr…
  6. CVE-2026-14774
    — CVSS 6.3 (MEDIUM)

    A vulnerability was determined in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection. The att…
  7. CVE-2026-14773
    — CVSS 6.3 (MEDIUM)

    A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be …
  8. CVE-2026-10657
    — CVSS 3.7 (LOW)

    Zephyr's DNS resolver detects mDNS (.local) queries in dns_resolve_name_internal() (subsys/net/lib/dns/resolve.c) with memcmp(strrchr(query, '.'), ".local", 7), which always reads a fixed 7 bytes from the suffix pointer.…
  9. CVE-2026-10656
    — CVSS 4.6 (MEDIUM)

    The MAX32xxx USB device controller driver (drivers/usb/udc/udc_max32.c, compatible adi_max32_usbhs) dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udc_event_x…
  10. CVE-2026-59520
    — CVSS 4.3 (MEDIUM)

    Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery.

    This issue affects CrawlWP SEO: from n/a through 3.0.16.

  11. CVE-2026-59519
    — CVSS 5.3 (MEDIUM)

    Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data.

    This issue affects FormLayer: from n/a through 1.0.6.

  12. CVE-2026-59511
    — CVSS 5.3 (MEDIUM)

    Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data.

    This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9…

  13. CVE-2026-14772
    — CVSS 7.3 (HIGH)

    A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /edit_course1.php. The manipulation of the argument ID leads to sql in…
  14. CVE-2026-14771
    — CVSS 7.3 (HIGH)

    A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /edit_exam1.php. Executing a manipulation of the argument ID can lead to sql in…
  15. CVE-2026-14770
    — CVSS 7.3 (HIGH)

    A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_room.php. Performing a manipulation of the argument ID results in sql injection. It …
  16. CVE-2026-14769
    — CVSS 7.3 (HIGH)

    A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The…
  17. CVE-2026-14768
    — CVSS 7.3 (HIGH)

    A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is pos…
  18. CVE-2026-14767
    — CVSS 6.3 (MEDIUM)

    A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of th…
  19. CVE-2026-14766
    — CVSS 6.3 (MEDIUM)

    A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter H…
  20. CVE-2026-14764
    — CVSS 7.3 (HIGH)

    A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/add_event.php of the component Event Management Page. Such manipulation of the argume…

Source: NVD CVE API 2.0


Generated by CryptXNet.ai Threat Intelligence Platform · July 6, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com