Dutch Politie and NCSC Dismantle Asocks Residential Proxy Botnet of 17 Million Devices

Dutch Politie and NCSC-NL took down 200 Netherlands-based servers running Asocks, a residential proxy service built from at least 17 million infected consumer devices. The takedown weakens the IP-reputation assumptions every defender relies on.

Common Types of Software Vulnerabilities

A clear guide to the common types of software vulnerabilities — from memory and injection flaws to broken authentication, access control, and misconfigurations.

Flowise RCE CVE-2026-40933 Has Public Exploit Code — One-Click Chatflow Import Owns Servers

Obsidian Security published proof-of-concept code on May 30, 2026 for CVE-2026-40933, a CVSS 10.0 remote code execution flaw in Flowise. A malicious chatflow import owns the server. Patch 3.1.0 contains the fix.

Russian Intelligence Is Running Cyber Spies and Fake Companies Against the Same Western Tech

Three senior European intelligence officials told The Associated Press that Russian services are building fake companies, recruiting middlemen, and deploying cyber spies to take Western technology — and treating the cyber and human lines as one operation.

Palo Alto GlobalProtect Auth Bypass CVE-2026-0257 Is Now Under Active Exploitation

Palo Alto Networks has confirmed that attackers are actively exploiting CVE-2026-0257, an authentication-bypass flaw in PAN-OS GlobalProtect that lets them set up VPN sessions on internet-facing firewalls with no credentials. Rapid7 has observed successful intrusions.

CIFSwitch Hands Out Root on Multiple Linux Distros via a Forged CIFS Auth Key

A new Linux kernel LPE called CIFSwitch lets unprivileged local users forge a cifs.spnego key description and hijack the kernel key-request mechanism, getting cifs.upcall to run attacker-controlled NSS code as root. PoC is public; CVE assignment is pending.

Microsoft Names 33 Malicious npm Packages in a Dependency-Confusion Recon Campaign

Microsoft Threat Intelligence disclosed 33 malicious npm packages published under three aliases attributed to a single operator. The packages abuse dependency confusion to fingerprint developer and build environments and ship a server-toggled reconnaissance payload.

What Is a Vulnerability in Cybersecurity?

A clear guide to security vulnerabilities — what they are, the common types, how they are discovered and tracked with CVE and CVSS, and how they are managed.

FortiClient EMS CVE-2026-35616 Is Now Pushing the EKZ Credential Stealer, Arctic Wolf Says

Arctic Wolf says threat actors are exploiting the patched FortiClient EMS flaw CVE-2026-35616 to deploy EKZ, a previously unreported credential stealer disguised as a Fortinet endpoint update and pushed across managed endpoints through the EMS management pathway itself.

Kimsuky Used a Fake Webex Page to Deliver an HTTPSpy Variant to the South Korean Military

ENKI says Kimsuky ran a March-April 2026 wave against South Korean military and corporate targets, delivering an HTTPSpy variant through a fake Webex meeting page wired to a real scheduled event and a new infection-verification technique it calls JSONPing.

Chaotic Eclipse Pledges July 14 'Bone-Shattering' Windows Exploit Drop as Microsoft Escalates

The researcher behind a six-week run of uncoordinated Microsoft zero-day disclosures pledged a July 14, 2026 'bone-shattering' Windows exploit drop. Microsoft signaled law-enforcement action and pulled the researcher's GitHub account. Both sides have hardened.

Microsoft Names Storm-2697 Behind The Gentlemen Ransomware: Go Encryptor, Ephemeral Keys

Microsoft Threat Intelligence has named the operators of The Gentlemen ransomware Storm-2697, and its new deep technical analysis dissects a Go encryptor that uses per-file ephemeral keys and an aggressive self-propagation module.