Cybersecurity Newsfeed - 07/05/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 07/05/26
🛡️ Vulnerabilities
Gemini CLI Critical RCE (CVSS 10): A critical remote code execution vulnerability was discovered in the Gemini CLI tool due to improper input validation during interaction with external GitHub repositories. Google has released an emergency patch; users should update immediately. More info
Palo Alto Networks PAN-OS Zero-Day: PAN-OS firewall software is facing an actively exploited zero-day vulnerability allowing unauthenticated attackers to execute arbitrary code with root privileges. Mitigations and workarounds should be applied immediately. More info
CISA KEV Catalog Update: CISA has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. Federal agencies and private organizations are urged to prioritize patching this flaw to reduce national cyber risk. More info
Critical vm2 Sandbox Escape: A flaw in the vm2 library’s handling of asynchronous functions allows attackers to bypass security restrictions and execute arbitrary code on the host machine. More info
Cisco DoS Vulnerability: Several Cisco network security appliances are affected by a flaw that can be triggered by crafted packets, causing a non-responsive state that requires a physical manual reboot to restore services. More info
Android Remote Code Execution (RCE): Google released a critical patch for a vulnerability that could allow arbitrary code execution within a privileged process via specially crafted messages or files, requiring little to no user interaction. More info
🎯 Adversaries
Iranian APTs Masquerading as Ransomware: State-sponsored groups from Iran are increasingly adopting “ransomware masquerading” to hide espionage and data exfiltration motives behind the appearance of financial crime. More info
MuddyWater Abuses Microsoft Teams: The Iranian-linked MuddyWater group is using compromised Microsoft Teams accounts to send malicious files or links, exploiting internal organizational trust to deploy backdoors. More info
OceanLotus Targets PyPI via “zichatbot”: A suspected OceanLotus campaign has targeted the Python Package Index (PyPI) with a malicious package designed to install a sophisticated backdoor on developer environments. More info
XLabsv1 Botnet Exploits ADB: A new Mirai-based variant, XLabsv1, is targeting exposed Android Debug Bridge (ADB) interfaces over TCP/IP to enlist devices into its DDoS network. More info
Stealthy Quasar RAT Targets Linux: A new variant of the Quasar RAT is targeting Linux systems, specifically aiming at software developers to steal source code and sensitive credentials. More info
📈 Trends
Google Ads Abused for GoDaddy Phishing: Attackers are promoting fraudulent ManageWP login portals via Google Ads to harvest credentials from webmasters and gain administrative access to WordPress sites. More info
Chrome Application Bound Encryption Bypass: Security researchers have identified a new method to decrypt stored credentials in Google Chrome on Windows by leveraging specific service calls, bypassing intended master password protections. More info
“ClickFix” Campaign Hits macOS: A new social engineering campaign uses fake utility installers to deliver infostealer malware to macOS users, harvesting browser cookies, keychains, and crypto wallets. More info
CloudZ RAT Exploits Windows Phone Link: This malware gains access to PCs and leverages the Windows Phone Link feature to intercept 2FA one-time passwords (OTPs) from linked Android devices. More info
Amazon SES Abused for Phishing: Threat actors are increasingly using Amazon Simple Email Service (SES) to conduct high-volume phishing, leveraging Amazon’s reputation to evade traditional filters. More info
Massive “Low and Slow” DDoS Attack: A major provider was targeted by a 5-hour DDoS attack involving 2.45 billion packets, designed to exhaust resources while remaining below automated detection thresholds. More info