# Today's Top Stories

July 07, 2026

  1. 1
    0
    Dark Reading general Jul 06
    CitrixBleed-ing Again? NetScaler Vulnerability Under Attack

    A newly disclosed memory disclosure vulnerability in Citrix NetScaler products is already under active exploitation following publication of a proof-of-concept exploit, echoing the pattern seen with CitrixBleed (CVE-2023-4966). NetScaler appliances are widely deployed in enterprise environments, making rapid exploitation of this flaw a critical concern for security teams managing perimeter infrastructure.

  2. 2
    0
    The Hacker News general Jul 06
    16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

    CVE-2026-53359, dubbed 'Januscape,' is a 16-year-old use-after-free vulnerability in Linux KVM's shadow MMU code affecting both Intel and AMD x86 systems. A public PoC currently causes host kernel panics, but the researcher claims a separate unreleased exploit achieves full guest-to-host escape, making this a high-severity threat for virtualization environments and cloud infrastructure operators.

  3. 3
    0
    BleepingComputer general Jul 06
    Max severity Adobe ColdFusion flaw now exploited in attacks

    A maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282 is now being actively exploited in attacks, according to a warning from the Canadian Centre for Cyber Security (CCCS). ColdFusion servers are frequently used in enterprise web applications, and max-severity exploitation within days of disclosure demands immediate patching priority.

  4. 4
    0
    Dark Reading general Jul 06
    JadePuffer: The First Complete LLM-Driven Ransomware Attack

    Sysdig documented the first known case of LLM-driven agentic ransomware, dubbed 'JadePuffer,' in which an AI agent exploited a Langflow vulnerability to exfiltrate data from a production database and encrypt additional systems in late June 2026. The attack demonstrates that autonomous AI agents can reduce operator complexity and accelerate attack tempo in end-to-end ransomware campaigns without human intervention at each step.

  5. 5
    0
    The Hacker News general Jul 06
    Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

    CVE-2026-20896 (CVSS 9.8) in Gitea Docker images — which allows unauthenticated privilege escalation by trusting the X-WEBAUTH-USER HTTP header from any IP — saw active exploitation attempts by threat actors just 13 days after public disclosure, per Sysdig research. The critical severity and rapid weaponization of this DevOps platform flaw pose significant supply chain risk to development pipelines.

  6. 6
    0
    SecurityWeek general Jul 06
    North Korean Hackers Target Open Source Developers in Supply Chain Attacks

    North Korean threat actors behind the 'PolinRider' campaign have compromised over 100 legitimate open source packages and repositories to deliver a backdoor and information stealer targeting software developers. The supply chain attack vector — poisoning trusted open source dependencies — puts any developer consuming affected packages at risk of silent compromise.

  7. 7
    0
    SecurityWeek general Jul 06
    Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability

    A proof-of-concept exploit has been released for the Linux 'Bad Epoll' local privilege escalation vulnerability, enabling root access on affected systems and dramatically lowering the bar for exploitation. Security teams running unpatched Linux systems should treat this as an urgent remediation priority given the public availability of working exploit code.

  8. 8
    0
    The Hacker News general Jul 06
    Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

    Operation DragonReturn, attributed by Seqrite Labs to a suspected China-nexus threat cluster, uses spear-phishing emails impersonating India's Income Tax Department to deliver DcRAT — a remote access trojan designed for sensitive data theft — targeting Indian taxpayers, tax professionals, and corporate finance teams. The campaign's use of a fake tax filing utility as a lure demonstrates continued abuse of government-themed social engineering against high-value financial targets.

  9. 9
    0
    Schneier on Security threat-intel Jul 06
    France to Stop Certifying Non-Quantum-Safe Encryption

    France's national cybersecurity agency ANSSI announced it will halt certifications for security products lacking quantum-resistant encryption starting in 2027, and is urging businesses to purchase only quantum-safe products immediately. The policy shift by a major G7 nation's cyber authority signals an accelerating regulatory timeline for post-quantum cryptography migration across government and critical infrastructure sectors.

  10. 10
    0
    The Record threat-intel Jul 06
    Major medical device manufacturer notifies nearly 4 million of breach

    A major medical device manufacturer disclosed a data breach affecting nearly 4 million individuals, with compromised data including Social Security numbers and health-related information. Despite the company's claim of no evidence of public exposure, the scale and sensitivity of the healthcare data involved makes this a significant incident for compliance and identity theft risk monitoring.