Posts

The Hacker News - Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier. "The from The Hacker News https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html

Schneier - Friday Squid Blogging: “Squidbleed” Vulnerability

In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. from Schneier on Security https://www.schneier.com/blog/archives/2026/07/friday-squid-blogging-squidbleed-vulnerability.html

KnowBe4 - Your KnowBe4 Fresh Content Updates from June 2026

Image
Fran Roberts - Studios General Manager, KnowBe4 I am thrilled to be writing my first message to you as KnowBe4's new Studios General Manager. I joined KnowBe4 because I believe that one of the most impactful areas for next-level storytelling is in security awareness — content that genuinely changes behavior and protects people. from KnowBe4 Blog https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-june-2026

The Hacker News - New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware via counterfeit installers using SEO poisoning techniques, it belies their true organizational from The Hacker News https://thehackernews.com/2026/07/new-modbeacon-rat-uses-grpc-streaming.html

KnowBe4 - Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs

Image
An initial access broker associated with the Payouts King ransomware group is using Microsoft Teams phishing to deploy a malicious Microsoft Edge web browser extension, according to researchers at Zscaler. Once the hackers have a foothold within an organization, they sell the access to the ransomware gang to conduct follow-on attacks. from KnowBe4 Blog https://blog.knowbe4.com/teams-phishing-ransomware-initial-access-broker

The Hacker News - Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The from The Hacker News https://thehackernews.com/2026/07/hackers-use-fake-microsoft-entra.html

Schneier - AI Surveillance and Social Progress

In the near future, AI -powered surveillance systems will be able to track everything we do in public, and much of what we do in private. And if we do something wrong—shoplift, litter, jaywalk, you name it—the system will notice, retain it, tie it to your official government record, communicate that fact to you, and provide real-time alerts to any relevant authorities… and maybe also to the general public. Think of these systems as automated speed cameras, but on steroids. Only they’ll enforce not just speed limits, but any other rule you can imagine. And you won’t receive a ticket weeks later by mail; you’ll be informed about and fined for your violation immediately. These systems will combine powerful AI, public and private surveillance via real-time facial recognition technology and digital tracking, mass databases and highly personalized enforcement. If deployed at scale, they will have profound chilling effects not just on personal freedoms, bu...