12 Jul, 2026

CISA orders feds to patch Windows flaw exploited as zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. Tracked as CVE-2026-32202, this security flaw was reported by cybersecurity firm Akamai, which described it as a zero-click NTLM hash leak vulnerability left behind after Microsoft incompletely patched a remote code execution flaw […]

2 mins read

Microsoft says backend change broke Teams Free chat and calls

Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. Teams Free (also known as Teams for personal use) is a subscription-free version designed for individuals, families, and small community groups, which provides video conferencing, instant messaging, and collaborative file-sharing tools on mobile and desktop […]

2 mins read

Broken VECT 2.0 ransomware acts as a data wiper for large files

Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. VECT has been advertised on one of the latest BreachForums iterations, inviting registered users to become affiliates, and distributing access keys via private messages  to those […]

3 mins read

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. The flaw is an SQL injection issue that occurs during LiteLLM’s proxy API key verification step. An attacker can exploit it without authentication by sending a specially crafted Authorization header to any LLM […]

2 mins read

Video service Vimeo confirms Anodot breach exposed user data

Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. The video platform says that the threat actor accessed email addresses for some of its customers, but most of the exposed information included technical data, video […]

2 mins read

US reportedly charges Scattered Spider hacker arrested in Finland

A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. According to temporarily unsealed court records obtained by the Chicago Tribune, the suspect (who used the online alias “Bouquet”) helped extort millions of dollars […]

2 mins read

Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. Although the investigation is ongoing, Checkmarx believes that the access vector was the Trivy supply-chain attack attributed to the hacker group known as TeamPCP. which provided access to credentials from downstream users. Using stolen credentials obtained from the Trivy […]

2 mins read

Microsoft to deprecate legacy TLS in Exchange Online starting July

Microsoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026. The Transport Layer Security (TLS) cryptographic protocol protects users’ information from eavesdropping, tampering, and message forgery when accessing email over the Internet via client/server applications. However, the original TLS 1.0 specification and its […]

3 mins read

Microsoft: New Remote Desktop warnings may display incorrectly

Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. This known issue impacts all supported Windows versions, including Windows 11 (KB5083768 & KB5083769), Windows 10 (KB5082200), and Windows Server (KB5082063). As Microsoft explains in updates to the original advisories, “the security warning that appears […]

2 mins read