Cybersecurity Daily: News & Threats
(00:00:00) LegacyHive Zero-Day, SonicWall CVSS 10.0 & Sandworm's Clickfix Pivot (00:01:09) SonicWall CVSS Ten Zero-Days (00:02:06) Microsoft's 622-Patch Cycle (00:02:41) Romania Land Registry Breach (00:03:16) Sandworm Clickfix Ukraine Campaign (00:04:01) NuGet Abuse and Spirals Ransomware A Windows zero-day called LegacyHive dropped publicly hours after Microsoft's July 2026 Patch Tuesday cycle closed — not before, after. Researcher Chaotic Eclipse published a proof of concept targeting the Windows User Profile Service that works on every fully-patched Windows version. Three previous disclosures by the same researcher led to confirmed in-the-wild exploitation. The pattern is the story. Meanwhile, two CVSS 10.0 zero-days in SonicWall SMA 1000 appliances are already being actively chained in real intrusions. CVE-2026-15409 and CVE-2026-15410 let attackers extract credentials and MFA seeds from perimeter devices, then pivot into domain controllers. A security device becomes a persistent backdoor. Patch Tuesday itself brought 622 vulnerabilities this cycle — including a no-auth SharePoint RCE and an Active Directory Federation Services flaw both flagged by CISA for federal remediation by July 17–28. Then LegacyHive arrived the same day, unpatched. Elsewhere: Romania's national land registry ANCPI was hit on July 14 by threat actor ByteToBreach, stalling real estate transactions nationwide. Russia's Sandworm group is using Clickfix — fake CAPTCHA prompts running PowerShell — to deploy FreakyPoll and FluidLeech malware against Ukrainian targets. Eleven malicious NuGet packages were found dropping Starland RAT and WLDR implants disguised as game cheats. And a ransomware variant called Spirals is achieving full network encryption within 24 hours of initial access, outpacing most recovery assumptions. Three open questions heading into the next cycle: Will LegacyHive move from theoretical to confirmed exploitation? Will SonicWall intrusions spread to new sectors? Will Microsoft issue an out-of-band patch? This episode includes AI-generated content.
69 jaksot
Kommentit
0Ole ensimmäinen kommentoija
Rekisteröidy nyt ja liity Cybersecurity Daily: News & Threats-yhteisöön!