Ramandeep

‼️🚨 Critical remote code execution in libssh2, the SSH client library embedded in countless tools: CVE-2026-55200, rated CVSS 9.2 by VulnCheck. Every version up to and including 1.11.1 is affected. It's an out-of-bounds heap write in ssh2_transport_read(), which fails to bound-check the SSH packet_length field. A malicious or MITM'd SSH server can send oversized packets to corrupt memory and run code on the connecting client. No known exploitation yet and it's not in CISA's KEV. Fix: move to a build that includes commit 7acf3df (PR #2052), and inventory anything that links libssh2 for SSH, SCP, or SFTP.

UPDATE 🠖 Fortinet says FortiBleed may trace back to old credentials still working. Attackers are likely reusing creds from past incidents and brute-forcing weak FortiGate accounts without MFA. Reset admin/VPN passwords, kill active sessions, enable MFA, and check for lateral movement. Read: https://t.co/GFlhSAcR0f

🚨 Over the weekend we observed exploitation of CVE-2026-20230 - Cisco Unified CM (CUCM) WebDialer SSRF → root file-write (CVSS 8.6) No previously recorded exploitation, and not yet listed in CISA KEV. This is currently being exploited from a single source using an unvetted PoC, with genuinely-formatted file:// file-write payloads landing on our decoys. Track Cisco CUCM exploitation 👉 https://t.co/TTnxgi9Hv5

🚨NSA CONFIRMS ANTHROPIC’S MYTHOS AI BROKE INTO ALMOST ALL CLASSIFIED SYSTEMS IN HOURS!!! According to Senate Intelligence Committee Vice Chair Sen. Mark Warner, NSA and Cyber Command leadership revealed that the powerful AI model penetrated nearly every classified network during testing, not over weeks, but in just hours.

‼️🚨 BREAKING: NSA and Cyber Command chief, Gen. Joshua Rudd, said Mythos "broke into almost all of our classified systems, not in weeks, but in hours." A week after Washington forced Anthropic to disable its most powerful models, the likely reason is sharpening. According to reports Senator Mark Warner told a hearing that the NSA and Cyber Command chief said the firm's Mythos model penetrated almost all of the agency's classified systems within hours during authorized testing. That demonstration sits behind the June 12 Commerce Department directive, which barred every foreign national, including Anthropic's own non-citizen employees, from using Fable 5 and Mythos 5, leading the company to pull both for all customers. It is the first time the US has export-controlled an AI model itself rather than the chips behind it. Anthropic disputes the rationale, calling the cited trigger a narrow jailbreak that other models like GPT-5.5 also exhibit and the recall an overreaction.

🚨 Microsoft Defender zero-day RoguePlanet is now officially CVE-2026-50656. Microsoft is preparing a patch for the Malware Protection Engine flaw, which can enable privilege escalation. A public PoC describes a race condition that may grant SYSTEM-level privileges. Read: https://t.co/Yzzc4m5lNK

‼️FortiBleed Leak Linked to Massive Fortinet Credential Harvesting Campaign Security researcher Bob Diachenko discovered the FortiBleed leak, exposing Fortinet/FortiGate VPN credentials for 73,932 firewall URLs across 21,632 domains in 194 countries. A Russian-speaking threat actor allegedly conducted a large-scale credential harvesting campaign involving 1.16 billion attacks against 320,777 FortiGate devices and 2.1 billion attempts against 163,650 Microsoft SQL Server systems. Source: https://t.co/qXnFd7sx7y

Here goes nginx-quicburst (CVE-2026-42530), a new RCE in Nginx discovered by our security agent VEGA and demonstrated by Nebula Security. This is only the third NGINX vulnerability since 2014 to receive NGINX’s “major” severity rating. If you use Nginx 1.31 with QUIC enabled, we recommend upgrading to the latest version. This bug has been patched in the latest Nginx release. We will publish the technical writeup, including the ASLR bypass, on July 18 together with the previous nginx-poolslip writeup.

🚨 BrEaKiNg: Splunk, a security product, has zero authentication in its built-in database service and accepts any credentials, according to the security researchers who just dropped a full pre-auth RCE chain for Splunk Enterprise (CVE-2026-20253, CVSS 9.8). Splunk Enterprise on AWS is vulnerable out of the box.

‼️🚨 Unauthenticated attackers are gaining SYSTEM on domain controllers with crafted packets. The vulnerability being exploited is CVE-2026-41089, a CVSS 9.8 hole in Windows Netlogon, and exploitation in the wild has been confirmed. A patch has existed since May 12. Every DC still behind is not just vulnerable, but according to the Centre for Cybersecurity Belgium are also actively being pwnd.

🚨 TrapDoor supply chain attack hits npm, PyPI, and Crates-io. https://t.co/SYnR0fcJCr 34 malicious packages across 384 versions were used to steal crypto wallets, SSH keys, cloud credentials, and developer secrets from crypto, DeFi, Solana, and AI environments. The malware abused npm hooks, Python imports, and Rust build scripts for execution and persistence.

hackers are now hiding malicious code inside .cursorrules and CLAUDE.md files. invisible Unicode characters, your AI reads them, you don't. → 34 malicious packages across npm, PyPI and Crates .io → 384 versions designed to steal SSH keys, crypto wallets, and API tokens → attackers opened real PRs to LangChain, LlamaIndex, and MetaGPT to sneak these files in → your AI runs a fake "security scan" that silently exfiltrates everything Socket detected it in under 6 minutes. check your repos.