Daily DefSec Brief

Jerry Bell

A daily podcast covering the important cyber security news that IT and security teams need to know.

Episodes

  1. 12h ago

    DefSec Brief week in review, July 11 2026

    1. Langflow authorization bypass on KEV, plus the first fully autonomous LLM-driven ransomware campaign — CVE-2026-55255, CVE-2025-3248 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog · Dark Reading https://www.darkreading.com/cyberattacks-data-breaches/jadepuffer-first-complete-llm-driven-ransomware-attack 2. Adobe ColdFusion path traversal added to KEV, actively exploited — CVE-2026-48282 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog 3. CitrixBleed 2 chain confirmed as a path to Dragonforce ransomware — CVE-2025-5777, CVE-2023-4966, CVE-2026-4368 — Huntress https://www.huntress.com/blog/citrixbleed-2-dragonforce-ransomware 4. BeyondTrust patches critical pre-auth bypass flaws in Remote Support and PRA — CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, CVE-2026-40141 — The Hacker News https://thehackernews.com/2026/07/beyondtrust-patches-critical-auth.html 5. Progress orders on-prem ShareFile customers to shut down Storage Zone Controllers — CVE not confirmed by vendor — The Hacker News https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html · Cyber Security News https://cybersecuritynews.com/progress-sharefile-admins-shut-down-servers/ 6. CISA adds four Joomla/WordPress extension file-upload flaws to KEV — CVE-2026-56291, CVE-2026-48939, CVE-2026-48908, CVE-2026-56290 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog 7. Exposed WP-SHELLSTORM server reveals webshell brokerage hitting 1.4M sites — CVE-2026-48907, CVE-2026-3844 (among others) — The Hacker News https://thehackernews.com/2026/07/exposed-hacker-server-reveals-wp.html 8. Suspected China-aligned group exploits Roundcube flaws against university research departments — CVE-2024-42009, CVE-2025-49113 — CyberScoop https://cyberscoop.com/china-espionage-attacks-us-canada-universities-proofpoint/ · The Hacker News https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html 9. Cisco patches RCE and file-read flaws in ISE and Catalyst Center — CVE-2026-20181, CVE-2026-20190, CVE-2026-20191 — Cisco PSIRT https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv · https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X 10. 16-year-old Linux KVM use-after-free lets a guest VM escape to the host — CVE-2026-53359 "Januscape" — The Hacker News https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html

    9 min
  2. 1d ago

    Daily DefSec Brief - Cyber Security News for July 10 2026

    1. Initial access broker weaponizing CitrixBleed 2 to deploy Dragonforce ransomware — CVE-2025-5777 (referencing CVE-2023-4966, CVE-2026-4368) — Huntress — https://www.huntress.com/blog/citrixbleed-2-dragonforce-ransomware 2. Django SQL injection actively exploited in GeoDjango deployments — CVE-2026-1207 — Cyber Security News — https://cybersecuritynews.com/django-sql-injection-vulnerability-exploited/ 3. Microsoft tells customers to shorten patch deployment windows because of AI — no CVE — Help Net Security — https://www.helpnetsecurity.com/2026/07/10/microsoft-windows-update-deployment-timelines/ ; BleepingComputer — https://www.bleepingcomputer.com/news/microsoft/microsoft-expects-more-windows-security-updates-from-ai-discovered-flaws/ 4. Network of 200-plus GitHub repos delivering Windows malware (Operation Muck and Load) — no CVE — SecurityWeek — https://www.securityweek.com/network-of-200-github-repositories-used-for-malware-infection/ Also mentioned: - Injective SDK npm package compromised (v1.20.21) — BleepingComputer — https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/ - Dormant GitHub accounts reactivated to map corporate orgs via API — The Hacker News — https://thehackernews.com/2026/07/dormant-github-accounts-help-attackers.html - "HalluSquatting" turns AI hallucinations into botnet delivery — SecurityWeek — https://www.securityweek.com/hallusquatting-turns-ai-hallucinations-into-botnet-delivery-mechanism/ - Binarly finds six U-Boot signature verification flaws going back to 2013 — Cyber Security News — https://cybersecuritynews.com/u-boot-fit-signature-verification/ - Bitwarden authentication bypass https://ccb.belgium.be/advisories/warning-bitwarden-server-auth-bypass-allows-vault-takeover-patch-immediately

    5 min
  3. 2d ago

    Daily Defsec Brief - Cyber Security News for July 9 2026

    Apologies for the dog barking. She was mad that she had not yet received her morning allotment of cheese. 1. Microsoft patches the RoguePlanet Defender zero-day after a month of public exploit code — CVE-2026-50656 (related: CVE-2026-33825, CVE-2026-41091, CVE-2026-45498) — BleepingComputer https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-rogueplanet-defender-zero-day-vulnerability/ · SecurityWeek https://www.securityweek.com/microsoft-patches-defender-rogueplanet-vulnerability/ 2. GodDamn ransomware uses a Microsoft-signed driver to blind EDR via BYOVD — no CVE — Dark Reading https://www.darkreading.com/cyberattacks-data-breaches/goddamn-ransomware-byovd-smite-companies 3. Vishing campaign enrolls attacker-controlled passkeys on Microsoft 365 accounts — no CVE — BleepingComputer https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/ 4. Fake Paysafe, Skrill, and Neteller SDKs on npm and PyPI steal developer credentials — no CVE — BleepingComputer https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/ Also mentioned: - Chrome 150 patches 27 vulnerabilities, including two critical use-after-free bugs — SecurityWeek https://www.securityweek.com/chrome-150-update-patches-27-vulnerabilities/ - GitLab patches eight Community and Enterprise Edition flaws, including a high-severity XSS — Cyber Security News https://cybersecuritynews.com/gitlab-patches-security-vulnerabilities/ - Lurking Lizard runs 230-plus lookalike domains pushing a trojanized 7-Zip installer that turns machines into residential proxy nodes — The Hacker News https://thehackernews.com/2026/07/fake-7-zip-installers-turn-devices-into.html - Fake LetsVPN installer bundles a real signed VPN with a hidden RAT called GoodPersonRAT — Cyber Security News https://cybersecuritynews.com/goodpersonrat-uses-fake-letsvpn-installer/

    5 min
  4. 3d ago

    Daily DefSec Brief - Cyber Security News for July 8 2026

    1. CISA adds ColdFusion, Langflow, and two Joomla plugins to KEV — patch by Friday — CVE-2026-48282, CVE-2026-55255, CVE-2026-48908, CVE-2026-56290 — CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog · BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-prioritize-patching-langflow-auth-bypass-flaw/ · SecurityWeek: https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-coldfusion-langflow-joomla-flaws/ 2. Ubiquiti patches max-severity command injection in UniFi Connect — CVE-2026-50746 (plus CVE-2026-50747, -50748, -54400, -54402, -55115, -55116) — BleepingComputer: https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-new-max-severity-unifi-os-vulnerability/ 3. Critical Gitea auth bypass under active exploitation — CVE-2026-20896 — SecurityWeek: https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/ 4. GhostLock: 15-year-old Linux kernel flaw gives root and container escape — CVE-2026-43499 — The Hacker News: https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html Also mentioned: - China-linked UAT-7810 expands ORB network with LONGLEASH malware via Ruckus routers — Cisco Talos via BleepingComputer: https://www.bleepingcomputer.com/news/security/chinese-hackers-develop-longleash-malware-to-expand-orb-network/ - GitLost prompt-injection leaks private GitHub repo data via public issues — The Hacker News: https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html - Malvertising campaign drops Vidar stealer and XMRig miner via fake cracked software — Unit 42: https://unit42.paloaltonetworks.com/vidar-stealer-xmrig-miner-campaign-analysis/ - Hardcoded backdoor password in Tenda router firmware (CVE-2026-11405) — CERT/CC via BleepingComputer: https://www.bleepingcomputer.com/news/security/hidden-backdoor-in-tenda-router-firmware-grants-admin-access/

    5 min

About

A daily podcast covering the important cyber security news that IT and security teams need to know.