Thursday · July 9, 2026 Vol. I · No. 189
Independent · Aggregated · Daily
"All the news that's worth your time"
Established 2026
The

Krull Report

A Daily News Brief · Curated by Vladimir Krull
Live
Eddie Hearn Reveals What Happened During Zuffa Boxing Peace Talks Floyd Mayweather: They Bet Life Savings on Me, Now Pray on My Downfall 'Grateful' Jayson Tatum finally addresses Jaylen Brown trade France vs. Morocco live stream: How to watch FIFA World Cup, odds, prediction, pick, lineups, chann… Christian Pulisic's USMNT legacy faces familiar questions after another injury-plagued World Cup ex… Eddie Hearn Predicts Andy Ruiz Jr. Will Become Heavyweight Champion Again After Career Reset Caminero's longest HR may have been on other side of world Lakers' Jonathan Kuminga pursuit comes with an obvious problem Eddie Hearn Reveals What Happened During Zuffa Boxing Peace Talks Floyd Mayweather: They Bet Life Savings on Me, Now Pray on My Downfall 'Grateful' Jayson Tatum finally addresses Jaylen Brown trade France vs. Morocco live stream: How to watch FIFA World Cup, odds, prediction, pick, lineups, chann… Christian Pulisic's USMNT legacy faces familiar questions after another injury-plagued World Cup ex… Eddie Hearn Predicts Andy Ruiz Jr. Will Become Heavyweight Champion Again After Career Reset Caminero's longest HR may have been on other side of world Lakers' Jonathan Kuminga pursuit comes with an obvious problem

Cybersecurity

Technology · Cybersecurity

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platfor…

Technology · Cybersecurity

What Changes When Your Software Supply Chain Includes AI Writing Your Code?

Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which …

Technology · Cybersecurity

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian uni…

Technology · Cybersecurity

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative acc…

Technology · Cybersecurity

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, …

Technology · Cybersecurity

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework…

Technology · Cybersecurity

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' a…

Technology · Cybersecurity

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-…

Technology · Cybersecurity

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: …

Technology · Cybersecurity

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions

Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very differen…

Technology · Cybersecurity

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan desi…

Technology · Cybersecurity

New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions

Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels…

Technology · Cybersecurity

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According …

Technology · Cybersecurity

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific d…

Technology · Cybersecurity

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from research…

Technology · Cybersecurity

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiat…

Technology · Cybersecurity

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go…

Technology · Cybersecurity

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and S…

Technology · Cybersecurity

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktop…

Technology · Cybersecurity

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable …

Technology · Cybersecurity

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data th…

Technology · Cybersecurity

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazi…

Technology · Cybersecurity

European Parliament Member Investigating Spyware Was Hacked With Pegasus

A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus s…

Technology · Cybersecurity

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The st…