# Today's Top Stories

July 02, 2026

  1. 1
    0
    BleepingComputer general Jul 01
    DHS confirms hackers breached HSIN info-sharing platform

    DHS confirmed a cyberattack compromised the Homeland Security Information Network (HSIN), a sensitive platform used by federal, state, local, and private-sector partners to share security-critical information. The breach of a government-operated threat intelligence sharing hub is highly significant, as it could expose sensitive operational data and undermine trust in cross-agency coordination infrastructure.

  2. 2
    0
    BleepingComputer general Jul 01
    FortiBleed credential-theft campaign linked to Lynx ransomware

    The FortiBleed credential theft campaign — which exposed credentials from approximately 75,000 Fortinet firewalls — has been linked to the INC and Lynx ransomware operations, indicating the stolen credentials are being actively weaponized for network intrusions. Security teams running Fortinet infrastructure should treat any FortiBleed-era credentials as fully compromised and rotate them immediately, as downstream ransomware attacks may continue for years.

  3. 3
    0
    The Hacker News general Jul 01
    Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic

    Adobe patched seven CVSS 10.0 (maximum severity) flaws across ColdFusion and Campaign Classic, with vulnerabilities enabling arbitrary code execution, privilege escalation, arbitrary file system reads, and security feature bypass. Administrators running ColdFusion or Campaign Classic should prioritize emergency patching given the maximum severity ratings and the history of ColdFusion vulnerabilities being rapidly weaponized.

  4. 4
    0
    The Hacker News general Jul 01
    Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

    Huntress documented a massive automated password spray attack against Microsoft Azure CLI, generating over 81 million login attempts between June 12–26, 2026, originating from IPv6 range 2a0a:d683::/32 controlled by LSHIY LLC (AS32167), and successfully compromising at least 78 Microsoft accounts. Organizations using Azure CLI should enforce MFA and monitor for anomalous authentication from this IP range immediately.

  5. 5
    0
    SecurityWeek general Jul 01
    Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

    Citrix released patches for six NetScaler ADC and Gateway vulnerabilities, including CVE-2026-8451 (CVSS 8.8), a CitrixBleed-style information disclosure flaw, and a new HTTP/2 Bomb denial-of-service vulnerability. Given that prior CitrixBleed variants were mass-exploited, administrators should apply these patches urgently before proof-of-concept code emerges.

  6. 6
    0
    The Hacker News general Jul 01
    Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts

    CVE-2026-8037 (CVSS 9.6), an OS command injection flaw in Progress Kemp LoadMaster enabling pre-authentication RCE, is now seeing active exploitation attempts according to eSentire's Threat Response Unit. Progress Kemp LoadMaster is widely deployed for application delivery, making this a high-priority patch for network and security teams.

  7. 7
    0
    The Hacker News general Jul 01
    19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges

    Peter Stokes, a 19-year-old dual U.S.-Estonian citizen alleged Scattered Spider member, was extradited from Finland and appeared in Chicago federal court on June 30, 2026, facing charges of conspiracy, computer intrusion, and fraud including a breach of a luxury-jewelry retailer in 2025. The extradition marks continued international law enforcement pressure on the Scattered Spider group following prior arrests of other alleged members.

  8. 8
    0
    The Hacker News general Jul 01
    Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

    Cato AI Labs discovered two critical flaws in the Cursor AI code editor, tracked as CVE-2026-50548 and CVE-2026-50549 (both rated 9.8 CVSS), collectively named DuneSlide, which allow a malicious prompt injection to break out of the editor's sandbox and execute arbitrary commands on a developer's machine with no user interaction. The vulnerabilities are particularly dangerous for developer workstations handling sensitive code and secrets.

  9. 9
    0
    BleepingComputer general Jul 01
    Over 900 Oracle E-Business instances exposed to ongoing attacks

    Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online and are under active attack exploiting a critical security flaw, continuing a pattern of widespread Oracle EBS exploitation. Security teams should immediately audit EBS exposure and apply available patches, as Oracle business application flaws have previously led to large-scale data theft and ransomware incidents.

  10. 10
    0
    BleepingComputer general Jul 01
    New ChocoPoC malware targets researchers via trojanized PoC exploits

    Multiple trojanized proof-of-concept exploit repositories on GitHub were found delivering ChocoPoC, a Python-based RAT capable of executing commands and stealing sensitive data, in a campaign believed to specifically target cybersecurity researchers. The supply chain attack vector via weaponized PoC code on GitHub is a recurring threat against the security research community, echoing prior North Korean DPRK-linked campaigns.