Friday · July 10, 2026 Vol. I · No. 190
Independent · Aggregated · Daily
"All the news that's worth your time"
Established 2026
The

Krull Report

A Daily News Brief · Curated by Vladimir Krull
Live
In private call, Education Dept. tried, but failed, to reassure disability advocates Talk Portland Fire vs. Las Vegas Aces Here! Lionel Scaloni reportedly to keep most of Messi’s Argentina lineup unchanged against Switzerland Cory Sandhagen explains why he’ll be difficult for Mario Bautista to ‘deal with’ in UFC 329 rematch UFC 329: Gable Steveson Reacts to Josh Hokit’s Persona Missing out on Leo Carlsson doesn’t ruin the Flyers’ offseason Hamilton Hammers Unveil Jerseys & Release 2026-27 Schedule Gelof exits in 3rd inning with apparent right knee injury after sliding into fence In private call, Education Dept. tried, but failed, to reassure disability advocates Talk Portland Fire vs. Las Vegas Aces Here! Lionel Scaloni reportedly to keep most of Messi’s Argentina lineup unchanged against Switzerland Cory Sandhagen explains why he’ll be difficult for Mario Bautista to ‘deal with’ in UFC 329 rematch UFC 329: Gable Steveson Reacts to Josh Hokit’s Persona Missing out on Leo Carlsson doesn’t ruin the Flyers’ offseason Hamilton Hammers Unveil Jerseys & Release 2026-27 Schedule Gelof exits in 3rd inning with apparent right knee injury after sliding into fence

Cybersecurity

Technology · Cybersecurity

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXi…

Technology · Cybersecurity

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabi…

Technology · Cybersecurity

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financi…

Technology · Cybersecurity

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed Tr…

Technology · Cybersecurity

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packag…

Technology · Cybersecurity

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases …

Technology · Cybersecurity

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" importan…

Technology · Cybersecurity

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive c…

Technology · Cybersecurity

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS scor…

Technology · Cybersecurity

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (…

Technology · Cybersecurity

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransom…

Technology · Cybersecurity

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to targ…

Technology · Cybersecurity

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hou…

Technology · Cybersecurity

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed fo…

Technology · Cybersecurity

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known …

Technology · Cybersecurity

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabil…

Technology · Cybersecurity

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked …

Technology · Cybersecurity

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middl…

Technology · Cybersecurity

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: a…

Technology · Cybersecurity

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091,…

Technology · Cybersecurity

When Identity is the Attack Path

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS…

Technology · Cybersecurity

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's b…

Technology · Cybersecurity

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late Febr…

Technology · Cybersecurity

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register…