Thursday · July 9, 2026 Vol. I · No. 189
Independent · Aggregated · Daily
"All the news that's worth your time"
Established 2026
The

Krull Report

A Daily News Brief · Curated by Vladimir Krull
Live
San Jose Earthquakes Acquire Up to $1 Million in General Allocation Money from FC Dallas for Goalke… With SEC fight over, Coinbase's top legal exec Grewal moves on, and others reassigned 49ers 90-in-90: Vederian Lowe should provide peace of mind Arbitrum jumps 19% benefitting from Robinhood's $568 million onchain trading frenzy Pistons vs. Sixers: Summer League Begins! Zach LeDay Nears Move to Hapoel Tel Aviv on Lucrative Multi-Year Deal AI-generated ads on Google will hopefully get disclosures soon Jalen Brunson's Game 1 Finals Jersey Sold For $1.024M At Auction San Jose Earthquakes Acquire Up to $1 Million in General Allocation Money from FC Dallas for Goalke… With SEC fight over, Coinbase's top legal exec Grewal moves on, and others reassigned 49ers 90-in-90: Vederian Lowe should provide peace of mind Arbitrum jumps 19% benefitting from Robinhood's $568 million onchain trading frenzy Pistons vs. Sixers: Summer League Begins! Zach LeDay Nears Move to Hapoel Tel Aviv on Lucrative Multi-Year Deal AI-generated ads on Google will hopefully get disclosures soon Jalen Brunson's Game 1 Finals Jersey Sold For $1.024M At Auction

Cybersecurity

Technology · Cybersecurity

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE…

Technology · Cybersecurity

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips…

Technology · Cybersecurity

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affilia…

Technology · Cybersecurity

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an…

Technology · Cybersecurity

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites

Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up n…

Technology · Cybersecurity

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious a…

Technology · Cybersecurity

From Assistive to Agentic: The AI Shift That's Redefining Threat Management

Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are work…

Technology · Cybersecurity

Forget Data Leakage: Shadow AI's Real Threat Is Access Control

The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, dom…

Technology · Cybersecurity

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company…

Technology · Cybersecurity

Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone

Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability,…

Technology · Cybersecurity

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabili…

Technology · Cybersecurity

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware deli…

Technology · Cybersecurity

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026. "The clipper in this campaign relies on Windows Scr…

Technology · Cybersecurity

INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023

Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claimin…

Technology · Cybersecurity

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic

Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control …

Technology · Cybersecurity

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises,…

Technology · Cybersecurity

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into yo…

Technology · Cybersecurity

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point…

Technology · Cybersecurity

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identif…

Technology · Cybersecurity

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end…

Technology · Cybersecurity

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It's validation. Secu…

Technology · Cybersecurity

The Top 10 Attack Surface Exposures in 2026

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like M…

Technology · Cybersecurity

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating a…

Technology · Cybersecurity

144 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI)…