Browsing Category
Security
98 posts
Cybersecurity news, software supply chain risk, privacy threats, and practical security guidance.
iDirect Satellite Terminal Flaws Put Link Management on the Patch List
CISA says ST Engineering iDirect iQ-Series satellite terminals running software 4.5.2.1 or earlier expose sensitive device identifiers and can be forced into reboots through weak API controls. Operators should treat the July 2 advisory as both a patch event and a management-plane exposure audit.
JadePuffer Shows Agentic Ransomware Has Moved From Theory to Logs
Sysdig says JadePuffer is the first documented ransomware operation driven end to end by an AI agent. The intrusion used a known Langflow flaw, harvested cloud and API secrets, pivoted into Nacos, and left defenders with a new problem: autonomous attack behavior that is fast, adaptive, and strangely detectable.
Anthropic Fable 5 Returns as AI Export Controls Become a Release Test
Anthropic has restored global access to Claude Fable 5 after U.S. export controls forced an 18-day shutdown. The rollback shows how frontier AI releases are moving toward security classifiers, government review, and trusted-access programs rather than ordinary software launches.
Adobe ColdFusion Exploitation Turns Patch Into Incident Triage
CVE-2026-48282 is now being exploited against Adobe ColdFusion, turning Adobe's June 30 patch from routine maintenance into incident triage. Admins should update ColdFusion 2025 and 2023, review logs from the disclosure window, and verify exposed paths are closed.
India Summons Meta After Instagram CSAM Ads Expose an Ad-Review Failure
India is summoning Meta after a BBC investigation found paid Instagram ads in India directing users toward child sexual abuse material on Telegram. The case points to a specific platform-safety failure: promoted content that should have been screened before it ever reached users.
Fake Perplexity Chrome Extension Turned Search Into a Tracking Channel
Microsoft says a malicious Chromium extension spoofed Perplexity AI, routed address-bar searches through a lookalike domain, and captured search suggestions before sending users to legitimate results. The case is a useful warning for anyone installing AI-branded browser tools.
NetNut Takedown Shows Smart TVs Can Become Attack Proxies
Google and the FBI say they disrupted NetNut, a residential proxy network tied to at least 2 million compromised consumer devices, including smart TVs and streaming boxes. The case shows why cheap Android-based TV hardware, unofficial apps, and bandwidth-sharing SDKs have become a real home-network and enterprise-detection risk.
Pegasus Hack of EU Spyware Investigator Exposes a Parliamentary Security Gap
Citizen Lab says former European Parliament member Stelios Kouloglou was infected with NSO Group’s Pegasus spyware while serving on the committee investigating spyware abuse in Europe. The case shows why parliaments, regulators, journalists, and other high-risk users need routine phone screening and clearer response paths for spyware warnings.
Alibaba’s Claude Code Ban Turns AI Coding Tools Into a Vendor-Risk Test
Alibaba will reportedly bar employees from using Anthropic’s Claude Code in workplace environments starting July 10 after concerns over hidden anti-abuse fingerprinting inside the coding tool. The dispute shows why companies adopting AI coding agents now need to audit vendor controls, client behavior, regional restrictions, and data handling with the same seriousness they apply to any privileged developer software.
Cisco’s Twice-Monthly Patch Cadence Starts With Catalyst Center and ClamAV Fixes
Cisco’s first July security-advisory drop under its new twice-monthly cadence includes a Catalyst Center arbitrary-file-read flaw and seven ClamAV vulnerabilities affecting Cisco Secure Endpoint. The change gives network and security teams more predictability, but it also means Cisco infrastructure patch planning needs to become a standing operating rhythm, not a quarterly scramble.