Collaborate Disseminate
Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs):
Continue reading From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
A Chinese Zhuque-2E rocket’s upper stage broke apart shortly after last week’s June 9 launch, likely creating 100 to 150 pieces of debris in a busy region of low-Earth orbit crossed by the ISS and lower-altitude Starlink satellites. Most fragments shou… Continue reading A Chinese Rocket Breaks Apart Dangerously Close To the Starlink Constellation
Developers coordinate code across README files, issue threads, and pull request discussions. Much of that exchange happens in English, and a large share happens in other languages. GitHub has released a dataset built to help researchers and developers … Continue reading GitHub releases an open dataset for multilingual developer content
Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write.
The post Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks appeared first on SecurityWeek.
Continue reading Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks
Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0.
“A vulnerab… Continue reading Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walk… Continue reading Reachability makes AI threat modeling worth the trust
With its music focus, no-AI content policy, and larger artist royalties, the hi-res streaming service is scooping up all sorts of switchers. Continue reading Qobuz Is the Anti-Spotify Music Streamer You’ve Been Waiting For
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the … Continue reading CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain attacks targeting our critical infrastructure, that seriousness is welcome. But … Continue reading EU Cybersecurity Act 2.0: When good regulation goes bad
When [Denki Otaku] bought a ¥1,200 (roughly €6.5) XLR ground loop isolator off Japanese Amazon, he initially didn’t suspect that anything was off. Since they’re fairly simple devices, with basically …read more Continue reading Learning About Ground Loop Isolators thanks to a Scam Product