Cybersecurity Newsfeed - 08/07/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 08/07/26
🛡️ Vulnerabilities
Critical Gitea Docker Exploitation: A severe vulnerability affecting Gitea Docker deployments is under active exploitation. The flaw bypasses authentication, allowing remote attackers to steal proprietary source code and secrets. Administrators must update to the latest patched version immediately More info
Dialogflow CX Rogue Agent Flaw: A critical flaw in Google’s Dialogflow CX enterprise platform allows malicious actors to manipulate chatbot parameters, bypassing guardrails to extract sensitive customer data and session tokens. Strict input validation is required to prevent data exfiltration. More info
CISA Adds RCE Flaw to KEV (CVE-2026-48282): CISA mandated immediate patching for a critical remote code execution flaw caused by a buffer overflow in a network packet processing engine. It is actively exploited by APT groups seeking backdoor access to sensitive infrastructure. More info
GitLost Agentic Workflow Leaks: A vulnerability dubbed GitLost is causing severe private data leaks when automated AI agents improperly handle GitHub repository permissions, exposing proprietary code and API keys to public access. More info
BeyondTrust Remote Access Flaws: Urgent patches were released for critical flaws in BeyondTrust’s remote access suite that allow unauthenticated attackers to escalate privileges and execute arbitrary code, potentially granting unfettered control over internal networks. More info
Opera GX CSS Modification Flaw: A vulnerability in the Opera GX browser’s “GX Mods” feature allows attackers to craft malicious CSS payloads for cross-site scripting and session hijacking. Users should disable third-party UI modifications until patched. More info
🎯 Adversaries
Vidar & XMRig Dual Campaign: A new malicious campaign is deploying the Vidar information stealer alongside the XMRig cryptominer via phishing and malvertising. This ensures both immediate data theft and sustained passive income through silent Monero mining. More info
Cyber Army of Russia Reborn Arrest: Spanish authorities have apprehended an alleged key member of a pro-Russian hacktivist group responsible for disruptive DDoS attacks against European critical infrastructure, marking a major milestone in dismantling the operation. More info
Chinese Hackers Deploy LongLeash: State-sponsored Chinese actors engineered “LongLeash,” a highly stealthy proxy malware that compromises vulnerable edge devices. This expands their anonymized Operational Relay Box (ORB) network for sustained global espionage. More info
Clamer SOC Integrates SharpHound: The Clamer SOC group is utilizing the SharpHound reconnaissance tool to map Active Directory environments and identify attack paths. This accelerates the deployment of ransomware and persistent administrative access. More info
MuddyWater’s Global Espionage Campaign: The Iran-linked APT MuddyWater has launched an extensive new campaign using custom remote access trojans to infiltrate government, defense, and telecom sectors across four continents. More info
Iranian Modular C2 Frameworks: Iranian state-sponsored hackers are utilizing a flexible, plugin-based command-and-control framework that adapts payloads and communication protocols on the fly, severely complicating detection and incident response efforts. More info
Armored Likho APT Targets Grid: Armored Likho is conducting a targeted cyberespionage campaign against government and electric power entities, utilizing zero-days to breach networks and exfiltrate operational data from industrial control systems. More info
📈 Trends
Redwing Malware-as-a-Service Platform: A new MaaS platform called Redwing is simplifying the distribution of Android banking trojans. The subscription-based service provides cybercriminals with modular apps designed to harvest credentials and intercept 2FA codes. More info
Fake Job Scams Target Marketers: Sophisticated job scams are impersonating major brands like Netflix and Coca-Cola on LinkedIn. The campaigns trick professionals into paying fake administrative fees or downloading malicious onboarding documents. More info
SkillCloak Evasion Technique: Researchers detailed “SkillCloak,” an advanced evasion technique that manipulates memory management to seamlessly hide malware within legitimate application processes, bypassing heuristic antivirus and EDR solutions. More info
💥 Breaches & Leaks
- Accenture Confirms Data Breach: Accenture officially confirmed a breach following a threat actor’s dark web sale of internal corporate documents. The company has isolated affected servers and claims customer operations remain unaffected as the investigation continues. More info
📚 Others
- Windows 11 Cloud Rebuild Feature: Microsoft is testing a “Cloud Rebuild” feature that allows users to seamlessly download and install a secure, fresh OS image directly from the cloud, aiding in rapid ransomware remediation and minimizing downtime. More info
