HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of July 11, 2026.
-
No Manners Here: The Ruthless Rise of The Gentlemen Ransomware
— Unit 42
Unit 42 explores The Gentlemen ransomware operations, revealing the affiliate model driving its rapid growth. Learn more here. The post No M… -
New U-Boot flaws could enable stealthy firmware attacks
— Bleeping Computer
Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during de… -
Jen Ellis: Connecting Cyber Community With Political Machinery
— Dark Reading
Security Pro File: On the heels of her recent honors as a Member of the Order of the British Empire (MBE), we take a look back at the events… -
Ryuk ransomware member pleads guilty in the US, faces 15 years in prison
— Bleeping Computer
A 34-year-old Armenian man has pleaded guilty to hacking U.S. companies and deploying the infamous Ryuk ransomware to encrypt their systems.… -
Cybercriminals Flock to Healthcare Businesses as Attacks Surge
— Dark Reading
While cyberattacks against hospitals and clinics grew modestly in the first half of 2026, attacks on service providers and other healthcare … -
Police suspects Dutch hackers were involved in Odido breach
— Bleeping Computer
The Dutch National Police (Politie) says it has found "strong indications" that Dutch hackers have been involved in a February breach at the… -
URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat
— The Hacker News
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Ha… -
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
— The Hacker News
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the … -
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
— The Hacker News
Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as h… -
My Stack Simulator, (Wed, Jul 8th)
— SANS ISC
The stack is a memory region where a program stores temporary data - like local variables and retur… -
Fresh ATM Crypto Software Bugs: Jackpot or Bust?
— Dark Reading
Organizations, and possibly ATMs, are at risk of compromise, thanks to holes in a Microsoft BitLocker security wrapper. -
"Comment stuffing" in an HTML phishing attachment as a mechanism for evading AI-based detection?, (Fri, Jul 10th)
— SANS ISC
Anyone who deals with phishing messages caught by basic security filters knows that most phishing samples tend to blend into one another, si…
🪲 NVD — Last 20 Scored Vulnerabilities
Latest scored CVEs from the National Vulnerability Database (7462 in last 30 days).
Critical: 2 · High: 6 · Medium: 2 · Low: 0. View full dashboard →
-
CVE-2026-55175
— CVSS 7.5 (HIGH)
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag proce⦠-
CVE-2026-44383
— CVSS 7.5 (HIGH)
Multiple connections to the backend using the same charging station ID
are allowed, which could allow an attacker to deploy multiple instances
of malicious OCPP clients to overwhelm the backend. -
CVE-2026-42952
— CVSS 7.5 (HIGH)
Previously, there was no throttling on repeated authentication attempts
to the charging station backend, which could allow an attacker to
execute a denial-of-service attack. -
CVE-2026-20744
— CVSS 9.8 (CRITICAL)
The charging station websocket endpoint accepts connections without
proper authentication, which could lead to privilege escalation. -
CVE-2026-14480
— CVSS 9.9 (CRITICAL)
OpenPLC Runtime v3 contains an authenticated arbitrary file write
vulnerability in the legacy web UI program‑upload workflow. The
application stores an attacker‑supplied filename (prog_file) directly
into the Prog⦠-
CVE-2026-55187
— CVSS 5.8 (MEDIUM)
Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard⦠-
CVE-2026-52761
— CVSS 5.8 (MEDIUM)
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8_to_unicode.⦠-
CVE-2026-52747
— CVSS 8.6 (HIGH)
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line⦠-
CVE-2026-49213
— CVSS 8.1 (HIGH)
TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks loc⦠-
CVE-2026-44795
— CVSS 8.8 (HIGH)
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or Clâ¦
Source: NVD CVE API 2.0
Generated by CryptXNet.ai Threat Intelligence Platform · July 11, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com
Leave a Comment