Similar Posts
AI Agents Are Turning Zero Days Into a Race Humans Can’t Win Alone – Unite.AI
For years, zero day vulnerabilities have been dangerous, but they used to be scarce and difficult to exploit at scale. Finding one required patience, specialized skill and a deep understanding of software behavior. As Nicole Perlroth and other journalists reported, there was a trade in zero days, and nation states treated them as extremely valuable…
CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance
On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and four allied cyber authorities published a guide telling software vendors how to build a coordinated vulnerability disclosure (CVD) program. Six days earlier, CISA published a blog post explaining how a security researcher had tried and failed, repeatedly, to report a serious problem to CISA…
AWS retools Security Hub for AI and multicloud threats
AWS added AI workload protection and Microsoft Azure security monitoring to Security Hub, its centralized security platform for collecting and prioritizing security findings across cloud environments. Support for additional cloud platforms will follow. “Collecting findings was never the hard part. The hard part is understanding them, connecting them, and acting before an attacker does, and…
English ruling gives rare guidance on GDPR processing fairness
Updated as of: 15 July 2026 A novel lawsuit has seen the Court of Appeal calibrate how to assess whether personal data processing was fair following litigation by businessman Dale Vince…
Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug
Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug Pierluigi Paganini July 16, 2026 Zoom warns of a critical Windows flaw, tracked as CVE-2026-53412, that could let attackers take over accounts without authentication. Zoom has fixed a critical Windows vulnerability, tracked as CVE-2026-53412 (CVSS score of 9.8) that could allow unauthenticated attackers to hijack user accounts….
Active Exploitation Alert: North Korean APT37 Uses Fake Microsoft Account Alerts and LNK Files to Deploy NarwhalRAT Malware on Windows Systems
Executive Summary A highly sophisticated spear-phishing campaign attributed to the North Korean state-sponsored threat group ScarCruft (APT37) is actively targeting users—primarily in South Korea, by impersonating Microsoft security alerts. The campaign leverages fake Microsoft Account notifications to deliver a new, Python-based remote access trojan known as NarwhalRAT. This malware is distributed via malicious .lnk files embedded in ZIP archives,…