12 Jul, 2026

Payouts King ransomware uses QEMU VMs to bypass endpoint security

The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. QEMU is an open-source CPU emulator and system virtualization tool that allows users to run operating systems on a host computer as virtual machines (VMs). Since security solutions on […]

4 mins read

Grinex exchange blames “Western intelligence” for $13.7M crypto hack

Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies. The funds were stolen from cryptocurrency wallets belonging to Russian users, as the platform enables crypto-ruble exchange operations between Russian businesses and individuals. Launched early last year, Grinex has Russian links and is believed to be […]

2 mins read

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that a high-severity Apache ActiveMQ vulnerability patched earlier this month is now actively exploited in attacks. Apache ActiveMQ is the most popular open-source Java-based message broker for asynchronous communication between applications. Tracked as CVE-2026-34197, the security flaw has gone undetected for 13 years and was discovered by Horizon3 […]

2 mins read

Man gets 30 months for selling thousands of hacked DraftKings accounts

23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. According to court documents, the accounts were hijacked by Nathan Austad (aka Snoopy) with the help of Joseph Garrison (a third accomplice charged in May 2023) in a massive November 2022 credential-stuffing attack that compromised nearly 68,000 DraftKings accounts. U.S. prosecutors […]

2 mins read

Recently leaked Windows zero-days now exploited in attacks

Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. Since the start of the month, a security researcher known as “Chaotic Eclipse” or “Nightmare-Eclipse” has published proof-of-concept exploit code for all three security issues in protest to how Microsoft’s Security Response Center (MSRC) handled […]

2 mins read

Operation PowerOFF identifies 75k DDoS users, takes down 53 domains

More than 75,000 individuals using distributed denial-of-service (DDoS) platforms for disruptive attacks have been warned through emails and letters during the latest phase of the Operation PowerOFF international law enforcement action. The ongoing operation is supported by Europol and involves authorities in 21 countries. Coordinated efforts led to the arrest of four people, taking offline […]

1 min read

ZionSiphon malware designed to sabotage water treatment systems

A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. The threat can adjust hydraulic pressures and raise chlorine levels to dangerous levels, researchers found during their analysis. Based on its IP targeting and political messages embedded in its strings, ZionSiphon appears to focus […]

2 mins read

New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges

A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. This exploit is for a local privilege escalation (LPE) flaw that grants SYSTEM privileges in Windows 10, Windows 11, and Windows Server on […]

3 mins read

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. Attacks leveraging the remote code execution flaw (CVE-2026-39987) started last week for credential theft, less than 10 hours after technical details were disclosed publicly, according to data from cloud-security company Sysdig. Sysdig researchers continued […]

3 mins read

Google expands Gemini AI use to fight malicious ads on its platform

Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. In a new post, the company reports having blocked or removed 8.3 billion ads and suspended 24.9 million advertiser accounts in 2025, […]

2 mins read