The CyberSignal

Latest
Trending
Cyber Attacks
Data Breaches
Threat Intelligence
Critical Infrastructure
Policy & Government
Cybersecurity 101
Vulnerabilities
About Us
Weekly Briefing

Trending

Trending cybersecurity news and analysis covering emerging cyber threats, major breaches, critical vulnerabilities, and the latest developments impacting security teams worldwide.

Line-art enterprise desk phone on royal-blue background with one red dot on the handset earpiece, marking the disclosed vulnerability.

Vulnerabilities

HP Poly VVX and Trio VoIP Phones: CVE-2026-0826 Unauthenticated RCE Patched on Disclosure Day

Rapid7's Stephen Fewer disclosed CVE-2026-0826 on June 1 — an unauthenticated stack-based overflow in HP Poly VVX and Trio enterprise VoIP phones with a CVSSv4 of 9.2 — alongside HP firmware fixes released the same morning after a five-month coordinated disclosure cycle.

Line-art row of near-identical small package boxes on a shelf, each with a tiny lookalike label; a small key icon hangs from one box, and a red dot sits on the key.

Supply Chain Attack

Microsoft Names 'Mini Shai-Hulud' Wave of 14 npm Typosquats Stealing Cloud and CI/CD Secrets

Microsoft Threat Intelligence has named a new npm supply-chain wave the Mini Shai-Hulud campaign. A single maintainer alias, vpmdhaj, published 14 typosquatted packages in four hours that harvest AWS, HashiCorp Vault, npm, and GitHub Actions secrets from CI/CD runners.

Line-art grid of small home-router, smart-camera, and smartphone icons connected by thin lines to a central hub; one icon by the hub carries a red dot.

Cyber Attacks

Dutch Politie and NCSC Dismantle Asocks Residential Proxy Botnet of 17 Million Devices

Dutch Politie and NCSC-NL took down 200 Netherlands-based servers running Asocks, a residential proxy service built from at least 17 million infected consumer devices. The takedown weakens the IP-reputation assumptions every defender relies on.

Line-art flowchart of three connected nodes with an inbox-and-arrow icon importing a file; the imported file carries a flat red dot.

Vulnerabilities

Flowise RCE CVE-2026-40933 Has Public Exploit Code — One-Click Chatflow Import Owns Servers

Obsidian Security published proof-of-concept code on May 30, 2026 for CVE-2026-40933, a CVSS 10.0 remote code execution flaw in Flowise. A malicious chatflow import owns the server. Patch 3.1.0 contains the fix.

Line-art globe with two arrows arcing from one side to the other — one straight, one routed through a small mediator node carrying a red dot.

Nation-State Cyber Threats

Russian Intelligence Is Running Cyber Spies and Fake Companies Against the Same Western Tech

Three senior European intelligence officials told The Associated Press that Russian services are building fake companies, recruiting middlemen, and deploying cyber spies to take Western technology — and treating the cyber and human lines as one operation.

Line-art fortress wall with a single open gate, an abandoned key icon at the gate's threshold; one flat red dot sits on the key.

Vulnerabilities

Palo Alto GlobalProtect Auth Bypass CVE-2026-0257 Is Now Under Active Exploitation

Palo Alto Networks has confirmed that attackers are actively exploiting CVE-2026-0257, an authentication-bypass flaw in PAN-OS GlobalProtect that lets them set up VPN sessions on internet-facing firewalls with no credentials. Rapid7 has observed successful intrusions.

Line-art row of identical server towers; one tower has a small open door at the base of its panel, and a single flat red dot sits on the door.

Vulnerabilities

CIFSwitch Hands Out Root on Multiple Linux Distros via a Forged CIFS Auth Key

A new Linux kernel LPE called CIFSwitch lets unprivileged local users forge a cifs.spnego key description and hijack the kernel key-request mechanism, getting cifs.upcall to run attacker-controlled NSS code as root. PoC is public; CVE assignment is pending.

Line-art split path: a package-box source with two arrows, one to a private-internal circle, one to a public-registry shelf; red dot on the public branch.

Supply Chain Attack

Microsoft Names 33 Malicious npm Packages in a Dependency-Confusion Recon Campaign

Microsoft Threat Intelligence disclosed 33 malicious npm packages published under three aliases attributed to a single operator. The packages abuse dependency confusion to fingerprint developer and build environments and ship a server-toggled reconnaissance payload.

Line-art central server rack with connector lines fanning down to a row of small endpoint laptop icons; one flat red dot sits on the server.

Vulnerabilities

FortiClient EMS CVE-2026-35616 Is Now Pushing the EKZ Credential Stealer, Arctic Wolf Says

Arctic Wolf says threat actors are exploiting the patched FortiClient EMS flaw CVE-2026-35616 to deploy EKZ, a previously unreported credential stealer disguised as a Fortinet endpoint update and pushed across managed endpoints through the EMS management pathway itself.

Line-art video-meeting window with four small participant tiles and a thin tunnel connecting it to a separate node; one participant tile carries a red dot.

Nation-State Cyber Threats

Kimsuky Used a Fake Webex Page to Deliver an HTTPSpy Variant to the South Korean Military

ENKI says Kimsuky ran a March-April 2026 wave against South Korean military and corporate targets, delivering an HTTPSpy variant through a fake Webex meeting page wired to a real scheduled event and a new infection-verification technique it calls JSONPing.

Line-art wall calendar page with a small marker on a specific date beside a small generic alert icon; red dot on the calendar marker.

Vulnerabilities

Chaotic Eclipse Pledges July 14 'Bone-Shattering' Windows Exploit Drop as Microsoft Escalates

The researcher behind a six-week run of uncoordinated Microsoft zero-day disclosures pledged a July 14, 2026 'bone-shattering' Windows exploit drop. Microsoft signaled law-enforcement action and pulled the researcher's GitHub account. Both sides have hardened.

Line-art tree of small file icons fanning out from a central master file holding a small key; a red dot marks the master key at the centre.

Ransomware

Microsoft Names Storm-2697 Behind The Gentlemen Ransomware: Go Encryptor, Ephemeral Keys

Microsoft Threat Intelligence has named the operators of The Gentlemen ransomware Storm-2697, and its new deep technical analysis dissects a Go encryptor that uses per-file ephemeral keys and an aggressive self-propagation module.

See all

The CyberSignal

The CyberSignal delivers breaking cybersecurity news, data breach reports, vulnerability alerts, and threat intelligence for CISOs, IT leaders, and security professionals.

The CyberSignal

Daily Briefing
Weekly Briefing
Corrections
Privacy Policy

Powered by Ghost