Information

Legacy Systems, Real-World Impacts: The Reality of OT Security

I’m here today to write about one particularly thorny area of operational technology (OT) and security that I run into somewhat routinely. Given my own particular interests as an incorrigible vulnerability-gazer, and my professional role as vice president of security research at runZero, I deal with OT security issues more often than the average bear. I’ve noticed that there’s definitely a vibe of, “IT be like this, but OT be like that” going on in…

Read More

Forgotten UEFI shims undermining Secure Boot

ESET researchers identified 11 old and forgotten UEFI shim bootloaders at versions 0.9 and below that can be used to bypass UEFI Secure Boot on any UEFI-based machine that trusts Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate authority (CA) certificate, regardless of the installed operating system (OS). Reported shims can be exploited to execute untrusted code during system boot, enabling attackers to deploy malicious UEFI bootkits (such as Bootkitty, HybridPetya, or BlackLotus) even…

Read More

Unpatched Cursor Vulnerability Exposes Users to Code Execution

An unpatched vulnerability in Cursor on Windows can be triggered for code execution when a developer opens a repository in the application, Mindgard reports. Cursor is one of the most popular AI-assisted development environments, with more than 7 million active users. The security defect, Mindgard says, is straightforward: when opening a repository, Cursor would automatically execute a malicious git.exe binary in the project’s root without warning the user or asking for approval. “The vulnerability is…

Read More

Microsoft Patches a Record 570 Security Flaws

Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence. Nearly 60 of the bugs quashed in July’s Patch Tuesday earned a “critical” severity rating, meaning miscreants or malware could use them to…

Read More

Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days

Microsoft on Tuesday announced patches for a record-breaking 622 vulnerabilities, including two bugs in Active Directory and SharePoint Server that have been exploited in the wild as zero-days. Tracked as CVE-2026-56155, the exploited AD flaw affects Federation Services (AD FS) and could allow attackers to elevate their privileges locally to administrator. Also leading to privilege escalation, the SharePoint Server flaw is tracked as CVE-2026-56164 and can be exploited over the network without authentication. Another security…

Read More

Lessons Learned from CISA’s Recent GitHub Leak

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a recent data leak in which a contractor published dozens of internal CISA credentials — including AWS Govcloud keys — in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps identified in the agency’s initial response provide important lessons that all security teams should absorb. On May 15, 2026, the security firm GitGuardian asked for…

Read More

Hacker Conversations: Jesse McGraw (GhostExodus), From Blackhat Hacker to Redemption

Jesse McGraw isn’t a hacker; at least, not by his own definition. He accepts he was a hacker, and a blackhat hacker, and that he still retains the mindset of a hacker. But he is no longer a hacker, he says. Early days He realized he was a hacker while in high school. “My one and only friend was a hacker, and I had never seen anything like what he did.” Before then, McGraw had…

Read More

Ghost Accounts Abuse GitHub API in Mass Recon Campaign

Threat actors are abusing the GitHub API to systematically enumerate organizations, repositories, and user accounts, Datadog reports. Spanning multiple overlapping campaigns, the activity has been ongoing for several months, relying on ghost accounts that were registered two to five years ago but left dormant. The activity, Datadog says, involves automated scanners, the abuse of leaked credentials, and coordinated networks of dormant accounts. While the observed GitHub API requests are targeting publicly available data, blending with…

Read More

In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Armenian man pleads guilty in the US to ransomware attacks Karen…

Read More

Third US Security Expert Sentenced to Prison for Helping Ransomware Gang

Another cybersecurity expert from the United States, accused of helping a cybercrime gang while working as a ransomware negotiator, has been sentenced to prison. Angelo Martino, 41, of Florida, was sentenced on Thursday to 70 months in prison after he pleaded guilty in April.  Martino is one of the three individuals charged by US authorities last year over their role in ransomware attacks. The three men worked at cybersecurity firms, and two of them served…

Read More