# Archive
Browse past daily curated stories
Thursday, July 02, 2026
-
1BleepingComputer generalDHS confirms hackers breached HSIN info-sharing platform
DHS confirmed a cyberattack compromised the Homeland Security Information Network (HSIN), a sensitive platform used by federal, state, local, and private-sector partners to share security-critical information. The breach of a government-operated threat intelligence sharing hub is highly significant, as it could expose sensitive operational data and undermine trust in cross-agency coordination infrastructure.
-
2BleepingComputer generalFortiBleed credential-theft campaign linked to Lynx ransomware
The FortiBleed credential theft campaign — which exposed credentials from approximately 75,000 Fortinet firewalls — has been linked to the INC and Lynx ransomware operations, indicating the stolen credentials are being actively weaponized for network intrusions. Security teams running Fortinet infrastructure should treat any FortiBleed-era credentials as fully compromised and rotate them immediately, as downstream ransomware attacks may continue for years.
-
3The Hacker News generalAdobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic
Adobe patched seven CVSS 10.0 (maximum severity) flaws across ColdFusion and Campaign Classic, with vulnerabilities enabling arbitrary code execution, privilege escalation, arbitrary file system reads, and security feature bypass. Administrators running ColdFusion or Campaign Classic should prioritize emergency patching given the maximum severity ratings and the history of ColdFusion vulnerabilities being rapidly weaponized.
-
4The Hacker News generalAzure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
Huntress documented a massive automated password spray attack against Microsoft Azure CLI, generating over 81 million login attempts between June 12–26, 2026, originating from IPv6 range 2a0a:d683::/32 controlled by LSHIY LLC (AS32167), and successfully compromising at least 78 Microsoft accounts. Organizations using Azure CLI should enforce MFA and monitor for anomalous authentication from this IP range immediately.
-
5SecurityWeek generalCitrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack
Citrix released patches for six NetScaler ADC and Gateway vulnerabilities, including CVE-2026-8451 (CVSS 8.8), a CitrixBleed-style information disclosure flaw, and a new HTTP/2 Bomb denial-of-service vulnerability. Given that prior CitrixBleed variants were mass-exploited, administrators should apply these patches urgently before proof-of-concept code emerges.
-
6The Hacker News generalProgress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
CVE-2026-8037 (CVSS 9.6), an OS command injection flaw in Progress Kemp LoadMaster enabling pre-authentication RCE, is now seeing active exploitation attempts according to eSentire's Threat Response Unit. Progress Kemp LoadMaster is widely deployed for application delivery, making this a high-priority patch for network and security teams.
-
7The Hacker News general19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
Peter Stokes, a 19-year-old dual U.S.-Estonian citizen alleged Scattered Spider member, was extradited from Finland and appeared in Chicago federal court on June 30, 2026, facing charges of conspiracy, computer intrusion, and fraud including a breach of a luxury-jewelry retailer in 2025. The extradition marks continued international law enforcement pressure on the Scattered Spider group following prior arrests of other alleged members.
-
8The Hacker News generalCritical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
Cato AI Labs discovered two critical flaws in the Cursor AI code editor, tracked as CVE-2026-50548 and CVE-2026-50549 (both rated 9.8 CVSS), collectively named DuneSlide, which allow a malicious prompt injection to break out of the editor's sandbox and execute arbitrary commands on a developer's machine with no user interaction. The vulnerabilities are particularly dangerous for developer workstations handling sensitive code and secrets.
-
9BleepingComputer generalOver 900 Oracle E-Business instances exposed to ongoing attacks
Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online and are under active attack exploiting a critical security flaw, continuing a pattern of widespread Oracle EBS exploitation. Security teams should immediately audit EBS exposure and apply available patches, as Oracle business application flaws have previously led to large-scale data theft and ransomware incidents.
-
10BleepingComputer generalNew ChocoPoC malware targets researchers via trojanized PoC exploits
Multiple trojanized proof-of-concept exploit repositories on GitHub were found delivering ChocoPoC, a Python-based RAT capable of executing commands and stealing sensitive data, in a campaign believed to specifically target cybersecurity researchers. The supply chain attack vector via weaponized PoC code on GitHub is a recurring threat against the security research community, echoing prior North Korean DPRK-linked campaigns.