LIVE · cybersecurity feed

Latest News

view all →
androidandroid
zeroday.news · 1h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

aiai
zeroday.news · 2h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

CVE-2026-50746ubiquiti
zeroday.news · 2h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 2h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.

CVE-2026-55255langflow
zeroday.news · 2h ago·critical

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.

aiai
zeroday.news · 3h ago·high

3 Ways AI Powers Service Desk Attacks and How to Prevent Them

Artificial intelligence is increasingly being used by attackers to enhance service desk attacks, particularly during employee onboarding. AI tools can create more convincing impersonations, accelerate reconnaissance for personalized attacks, and scale malicious campaigns. To counter these threats, organizations need to implement stronger identity verification methods, such as secure password delivery, biometric liveness detection, and multi-factor authentication before sensitive actions are approved.

CVE-2026-12958ai
zeroday.news · 3h ago·high

Bug in top AI coding agents shows that Unix-era security headaches never really die

A vulnerability dubbed "GhostApproval" has been discovered in at least six popular AI coding assistants, allowing them to access files outside their designated workspaces and potentially execute remote code. The flaw exploits symbolic links, a long-standing security issue, to trick agents into writing malicious content, such as SSH keys, to sensitive system files. While some vendors have patched the issue and assigned CVEs, others have downplayed the risk or are yet to release fixes.

zeroday.news · 4h ago·medium

Introducing Meerkat: an experiment in global consensus

Cloudflare has developed Meerkat, an experimental distributed consensus service designed to manage control-plane state across its global data centers. Unlike traditional consensus algorithms like Raft, which can suffer from leader failures and timeouts, Meerkat utilizes the QuePaxa algorithm. This allows all replicas to perform writes simultaneously and ensures continuous availability even during network disruptions, making it suitable for Cloudflare's expansive and unpredictable network infrastructure.

cybersecuritycybersecurity
zeroday.news · 4h ago·medium

Security Teams Are Ready To Become More Preemptive. What’s Holding Them Back?

A recent survey of security professionals reveals a strong desire to shift towards more preemptive security strategies. However, organizations face significant hurdles, including limited resources, fragmented security tools, and the emerging risks associated with AI. While many teams are exploring AI's potential for efficiency, concerns about its security and transparency remain.

Top Stories

CVE tracker →

More Coverage

zeroday.news · 7h ago·high

CISA orders feds to prioritize patching Langflow auth bypass flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to prioritize patching a critical authentication bypass vulnerability within the Langflow AI agent framework. This directive comes as the flaw is reportedly being actively exploited.

zeroday.news · 7h ago

China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

A Chinese threat actor, UAT-7810, is reportedly enhancing its custom malware to broaden its Operational Relay Box (ORB) network. This expansion involves compromising internet-facing networking devices, according to Cisco Talos.

vulnerability managementvulnerability management
zeroday.news · 8h ago·high

Found fast, fixed slow: The gap the AI clearinghouse must close

A new AI cybersecurity clearinghouse, mandated by a recent executive order, faces the critical challenge of moving beyond rapid vulnerability discovery to effective remediation. While AI can quickly identify software flaws, the process of validating, prioritizing, and patching these issues remains a significant bottleneck, particularly for open-source software. The clearinghouse must focus on building infrastructure for triage, incentivizing maintainer and user collaboration, and leveraging Software Bills of Materials (SBOMs) to ensure vulnerabilities are actually fixed.

zeroday.news · 8h ago·critical

Ubiquiti warns of new max severity UniFi OS vulnerability

Ubiquiti has issued updates to address seven critical vulnerabilities within its UniFi OS. Among these patched flaws is a command injection vulnerability rated at maximum severity.

zeroday.news · 8h ago

My Stack Simulator, (Wed, Jul 8th)

An explanation of the program memory stack, detailing how local variables and return addresses are managed. It uses a stack-of-plates analogy to make the concept easy to follow.

zeroday.news · 9h ago

State IDs for AI Agents: Will Estonia Set a Precedent?

Estonia is exploring methods to facilitate the use of AI agents by its citizens for governmental services. This initiative brings forth important questions regarding digital identity and authentication for AI entities.

zeroday.news · 9h ago·critical

CISA orders feds to patch max severity ColdFusion flaw by Friday

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies address a maximum-severity Adobe ColdFusion vulnerability. This flaw is currently being actively exploited and requires patching by Friday.

zeroday.news · 10h ago·critical

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

Nebula Security has revealed GhostLock (CVE-2026-43499), a Linux kernel vulnerability present for 15 years. This flaw allows any logged-in user to achieve root privileges and container escape on unpatched systems, as it is included by default in most Linux distributions.

zeroday.news · 11h ago·high

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

CISA has incorporated four new vulnerabilities into its Known Exploited Vulnerabilities (KEV) catalog. These flaws, affecting products from Adobe, Joomla, and Langflow, are all currently under active exploitation.

zeroday.news · 15h ago

ISC Stormcast For Wednesday, July 8th, 2026 (Wed, Jul 8th)

This item refers to the daily podcast episode from the SANS Internet Storm Center. It covers cybersecurity topics for Wednesday, July 8th, 2026.

zeroday.news · 17h ago·high

The Threat Isn’t the Frontier Model

The article argues that the primary AI security threat is not advanced frontier models, but rather the increasing accessibility of powerful open-source AI models that can be run on modest hardware. Adversaries are expected to leverage these models for autonomous attacks as quantization reduces their resource requirements. CISOs are urged to proactively build and test defensive AI agents now to counter this emerging threat, focusing on areas like Continuous Threat Exposure Management (CTEM), Breach and Attack Simulation (BAS), and Security Operations.

banking trojanbanking trojan
zeroday.news · 17h ago·high

ClickFix to Cash-Out: Anatomy of a Mexican Banking-Fraud Toolkit

A sophisticated banking fraud operation, dubbed REF6045, utilizes a PowerShell toolkit named SCMBANKER, delivered via fake CAPTCHA pages. Unlike automated attacks, this operation is manually controlled, allowing operators to monitor victim banking sessions, deploy fake warnings, and manipulate browser activity. The toolkit also facilitates the installation of commercial remote access tools for full system takeover. Researchers discovered the operation through exposed directories and archives, revealing the use of AI-generated scripts and operator misconfigurations.

zeroday.news · 18h ago

Accenture confirms breach after hacker offers stolen data for sale

Accenture has verified a data breach following claims by a threat actor who offered stolen information for sale. The compromised data reportedly includes 35 GB of source code and other sensitive material.

vidar stealervidar stealer
zeroday.news · 19h ago·high

Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation

Researchers have uncovered a sophisticated campaign distributing the Vidar stealer and XMRig cryptocurrency miner, primarily targeting users seeking cracked software. Attackers use malvertising to lure victims into downloading password-protected archives containing malicious loaders. These loaders are signed with a fake certificate and employ techniques like file-size inflation and AMSI bypass to evade detection before dropping the final payloads.

zeroday.news · 19h ago

Big Brand Jobs Scam Targets Marketing Pros' Google Accounts

A sophisticated phishing campaign is targeting marketing professionals by using fake job offers from major brands. This scheme employs nested redirects to bypass detection and aims to steal Google account credentials.

zeroday.news · 20h ago·high

Dialogflow CX 'Rogue Agent' Flaw Enabled AI Chatbot Data Theft

Varonis identified a vulnerability in Google Dialogflow CX, dubbed the Rogue Agent flaw, which allowed for the theft of AI chatbot data. Google has since implemented a fix for this issue.

zeroday.news · 22h ago·high

Chinese hackers develop LONGLEASH malware to expand ORB network

Chinese state-sponsored hackers, identified as UAT-7810, have developed new malware named LONGLEASH. It is being used to expand their ORB network by compromising internet-facing devices, specifically targeting unpatched Ruckus routers.

federal governmentfederal government
zeroday.news · 22h ago·high

OMB M-26-14: Why federal agencies must fix asset visibility first

The U.S. Office of Management and Budget (OMB) has issued Memorandum M-26-14, a new directive for federal agencies focused on improving logging and network visibility. This memo replaces previous mandates with a five-level maturity model for logging, where progress is directly tied to an agency's ability to discover and inventory its IT, OT, and IoT assets. Achieving higher maturity levels requires progressively higher percentages of asset capture, making comprehensive asset visibility the foundational step for compliance.

zeroday.news · 22h ago

More Odd DNS Records: NIMLOC, (Tue, Jul 7th)

The SANS Internet Storm Center has published an entry discussing the uncommon NIMLOC DNS record type, which has been observed appearing in network logs.

aiai
zeroday.news · 23h ago·medium

SharpHound Recon Attack – How AI enhanced the threat hunt

Researchers integrated an AI-driven security agent with full packet capture technology at Cisco Live AMER 2026 to automate threat hunting and analysis. The system successfully identified a potential SharpHound reconnaissance attack, analyzed network traffic, and accurately determined it to be a benign near-miss, saving significant analyst time and demonstrating the AI's potential to boost SOC efficiency.

zeroday.news · 23h ago·high

County Government Reportedly Paid $1 Million to Cyber Extortion Group

A small county government in Ohio reportedly paid a cyber extortion group one million dollars. The payment was made to prevent the public release of data stolen during a cyberattack.

zeroday.news · 23h ago·high

Hidden backdoor in Tenda router firmware grants admin access

A hidden backdoor has been discovered in multiple versions of Tenda router firmware. The hardcoded authentication backdoor allows unauthorized administrative access to the router web management panel.

zeroday.news · 23h ago·critical

Critical Gitea Flaw Under Active Exploitation, Researchers Warn

A critical vulnerability in Gitea, tracked as CVE-2026-20896, is being actively exploited. The flaw lets attackers bypass authentication with a single HTTP header to access repositories and secrets.

zeroday.news · 23h ago·high

RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service

A new Malware-as-a-Service offering called RedWing packages Android bank fraud tools and is rented via Telegram. It provides ready-made malware capable of taking over phones and stealing banking credentials and one-time passcodes.

zeroday.news · 1d ago·high

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A now-patched flaw in Google Dialogflow CX could have allowed chatbot hijacking. An attacker with edit rights on a single Code Block agent could compromise other agents in the same Google Cloud project and read live conversations.

zeroday.news · 1d ago

Supreme Court allows Texas app law requiring age verification to take effect

The Supreme Court has permitted a Texas law requiring app age verification to take effect. Advocacy and technology trade groups had sought an emergency stay of the Texas App Store Accountability Act.

zeroday.news · 1d ago

Britain plans to build autonomous AI 'Cyber Shield' to defend nation

Britain is developing an autonomous AI-powered Cyber Shield to strengthen national defense against cyber threats. The National Cyber Security Centre says such a system is needed as attackers could operate at machine speed and scale.

zeroday.news · 1d ago·high

'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows

A vulnerability dubbed GitLost leaks private data from GitHub Agentic Workflows. An unauthenticated attacker can craft a public GitHub Issue to silently exfiltrate data from private repositories.

zeroday.news · 1d ago

Spain arrests suspected member of pro-Russian hacktivist groups

Spanish authorities have arrested an individual suspected of active membership in pro-Russian hacktivist groups, reportedly including CyberArmy of Russia Reborn and Z-Pentest.

zeroday.news · 1d ago

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did no

zeroday.news · 1d ago·high

Major Japanese telco says cyberattack exposed 12 million emails

A major Japanese telecommunications company reported a cyberattack that exposed 12 million email accounts. The breach hit an email system managing accounts, webmail, and storage across five internet service providers.

zeroday.news · 1d ago·high

Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

Noma Security demonstrated that a public GitHub Issue can trick GitHub Agentic Workflows into leaking private repository data. A seemingly innocuous issue on a public repo can be crafted to exfiltrate private contents.

zeroday.news · 1d ago·medium

The GitHub Actions Attack Pattern Your CI Security Scanners Miss

ActiveState detailed a GitHub Actions attack pattern that often bypasses traditional CI security scanners. The analysis explains how these attack chains evade detection and how to better govern CI/CD pipelines.

zeroday.news · 1d ago

Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

A court filing revealed that a persistent Windows device ID helped the FBI trace an alleged Scattered Spider hacker. The identifier linked the suspect to a break-in at a luxury jewelry retailer.

zeroday.news · 1d ago·critical

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

A now-patched critical session isolation flaw was found in the enterprise generative-AI platform Writer. It could have let agent previews leak session tokens, enabling cross-tenant compromise.

zeroday.news · 1d ago

CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws

CISA is reportedly using Anthropic Mythos AI to scan government software for vulnerabilities. The audits are said to be led by the agency Attack Surface Evaluation team to strengthen federal security reviews.

zeroday.news · 1d ago

UK cyber pledge draws only a handful of top firms despite ministerial appeal

A UK government cyber pledge attracted only a handful of major companies despite a ministerial appeal. Notable signatories include Aviva, the London Stock Exchange Group, and Marks & Spencer.

zeroday.news · 1d ago

Two arrested over credit card phishing – as the Netherlands is named Europe’s worst for payment fraud

Two individuals were arrested over a phishing operation that harvested credit card details. The arrests come as the Netherlands is named the worst country in Europe for payment fraud.

zeroday.news · 1d ago·critical

Critical Adobe ColdFusion Vulnerability Exploited in Attacks

A critical Adobe ColdFusion vulnerability, CVE-2026-48282 with a maximum CVSS score of 10, is being actively exploited in attacks. The flaw poses a severe risk to affected systems.

zeroday.news · 1d ago·high

Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks

An Iran-linked threat actor is using an adaptable modular command-and-control framework in cyberattacks. It compromised IT service providers to reach high-value targets primarily in Israel.

zeroday.news · 1d ago

Webinar tomorrow: Why modern email attacks require a new approach to defense

A webinar examines why modern email attacks require new defenses. It highlights behavioral AI for detecting phishing, business email compromise, and account takeover while reducing alert fatigue.

zeroday.news · 1d ago·critical

New Januscape Linux flaw allows VM escape on Intel, AMD devices

A newly identified Linux kernel vulnerability, dubbed Januscape, allows virtual machine escape on Intel and AMD systems. The 16-year-old flaw lets attackers break out of a VM and run code on the host.

aiai
zeroday.news · 1d ago·high

Cyber Shield: The path to an agentic AI future for cyber defence

The UK's GCHQ has unveiled 'Cyber Shield,' a blueprint for a national cyber defence capability integrating agentic AI. This initiative aims to counter escalating cyber threats by enabling machine-speed identification, reduction, and resolution of national cyber risks. Cyber Shield will foster collaboration across sectors to develop and deploy AI-powered defensive agents, enhancing the UK's resilience against both current and future sophisticated attacks.

zeroday.news · 1d ago

CISO Conversations: Tarah Wheeler, Cybersecurity Leader, Thought Leader and Original Thinker

A profile interview features Tarah Wheeler, Chief Information Security Officer of TPO Group, discussing her career and perspectives on cybersecurity leadership.

zeroday.news · 1d ago·medium

What Changes When Your Software Supply Chain Includes AI Writing Your Code?

The use of AI in software development introduces new challenges to supply chain security. Organizations must now consider the security implications of AI-generated code, in addition to traditional component analysis. This requires a reevaluation of existing security practices to adapt to AI's role in code creation.