August Patch Tuesday includes blasts from the (recent) past
Microsoft haul this month covers 109 CVEs… more or less
Similar Posts
MO: City of St. Joseph hit by cyberattack, data potentially acquired in breach
Bys sCameron Montemayor reports: Multiple sources and documents obtained via public records requests indicate the city suffered a significant cyberattack in early June, an incident that crippled network services for an extended period of time and potentially exposed the personal data of thousands of residents, city officials confirmed Monday. The City of St. Joseph has been……
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Bys sThreat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities – CVE-2024-58136 (CVSS score: 9.0) – An improper protection of alternate path flaw…
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
Bys sA threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of…
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Bys sMultiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025,…
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
Bys sCybersecurity researchers are calling attention to a new campaign that’s leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. “These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing
How to Streamline Zero Trust Using the Shared Signals Framework
Bys sZero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down. The