Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Hackers abuse ViPNet software to target Russian govt agencies

Bleeping Computer - 6 hodin 12 min zpět
An advanced threat actor is abusing the update mechanism for the ViPNet private networking product suite to target Russian organizations, including government agencies. [...]
Kategorie: Hacking & Security

UAC-0145 Uses ClickFix CAPTCHAs to Infect Ukrainian Devices wih Malware

The Hacker News - 7 hodin 5 min zpět
Russian state-sponsored threat actors have been observed leveraging the infamous ClickFix strategy to trick Ukrainian targets into infecting their own machines with data-stealing malware. According to the Computer Emergency Response Team of Ukraine (CERT-UA), the activity has been attributed to UAC-0145, a sub-cluster within Sandworm, an advanced hacking unit affiliated with GRU, Russia's Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

SonicWall SMA Zero-Days Exploited Before Disclosure to Gain Root Access

The Hacker News - 7 hodin 17 min zpět
A previously undocumented threat actor has been attributed to the exploitation of recently disclosed SonicWall Secure Mobile Access (SMA) 1000 series VPN appliances as zero-days prior their public disclosure since June 22, 2026. Cybersecurity company Volexity is tracking the activity under the moniker UTA0533. The discovery was made following an incident response investigation earlier this Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Update now: 7-Zip fixes RCE flaw exploitable with malicious archives

Bleeping Computer - 18 Červenec, 2026 - 21:32
7-Zip version 26.02 was released on June 25 to fix a remote code execution vulnerability that could allow attackers to execute malicious code by convincing users to open specially crafted compressed files. [...]
Kategorie: Hacking & Security

WordPress Core "wp2shell" RCE flaws get public exploits, patch now

Bleeping Computer - 18 Červenec, 2026 - 19:22
Public exploits have been released for the critical "wp2shell" remote code execution vulnerabilities affecting WordPress Core, making it imperative that administrators patch their sites immediately. [...]
Kategorie: Hacking & Security

Microsoft warns of surge in ACR Stealer attacks on customers

Bleeping Computer - 18 Červenec, 2026 - 16:17
Microsoft has observed a surge in attacks using the ACR Stealer malware to steal browser-stored passwords, authentication tokens, and sensitive documents from its enterprise customers. [...]
Kategorie: Hacking & Security

The Future of Age Verification: Your Face Never Leaves Your Device

Bleeping Computer - 18 Červenec, 2026 - 15:15
As age verification laws expand worldwide, organizations face growing pressure to protect users' privacy while meeting regulatory requirements. Incode explains how on-device age estimation verifies age without transmitting or storing facial images, reducing biometric privacy risks while supporting compliance. [...]
Kategorie: Hacking & Security

What Happens When AI Agents Start Handling Tier-1 Linux Support Tickets

LinuxSecurity.com - 18 Červenec, 2026 - 01:00
Every system admin has lived through the same Monday morning ritual. A queue of forty tickets, half of them password resets, permission errors, or disk space warnings that any experienced technician could resolve in under two minutes. The other half require actual judgment. For years, automation promised that software would eventually sort the two apart on its own. That promise is now being tested in production Linux environments.
Kategorie: Hacking & Security

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

The Hacker News - 17 Červenec, 2026 - 23:20
Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it. An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range untilSwati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Abbott probes two cyber incidents amid extortion claims

Bleeping Computer - 17 Červenec, 2026 - 22:45
Abbott Laboratories is investigating two separate cybersecurity incidents after confirming unauthorized access to internal legacy Exact Sciences systems in its Cancer Diagnostics business, while also investigating a separate claim that attackers breached its LabCentral portal and stole company data. [...]
Kategorie: Hacking & Security

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

The Hacker News - 17 Červenec, 2026 - 22:20
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta's Red Team, which reported the denial-of-service bug and named it, published the Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

The Hacker News - 17 Červenec, 2026 - 20:54
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an "unprecedented" four-tier blockchain-based command-and-control (C2) infrastructure spanning Tron,Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload

Bleeping Computer - 17 Červenec, 2026 - 19:56
A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL servers with a malicious payload of just 11 bytes. [...]
Kategorie: Hacking & Security

Microsoft’s Patch Tuesday updates: Keeping up with the latest fixes

Computerworld.com [Hacking News] - 17 Červenec, 2026 - 19:47

Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are.  Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.

The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates.  Like tacos, Patch Tuesday is here to stay.

In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”

Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry.  As a case in point, Adobe, among others, follows a similar patch cadence.

Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.

In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.

July’s Patch Tuesday sees an end-of-support collision amidst a massive, record-setting patch wave

Microsoft addressed 722 CVEs this month once the 427 Chromium upstream relays are set aside — roughly three times a normal cycle and one of the largest single months in recent memory. Two vulnerabilities arrive under active exploitation: an elevation of privilege in Active Directory Federation Services (CVE-2026-56155), and an elevation of privilege in SharePoint Server (CVE-2026-56164). A third, a BitLocker security feature bypass (CVE-2026-50661) is publicly disclosed but not yet exploited.

The July 2026 Patch Tuesday earns Patch Now recommendations for Windows, Office, Exchange, and SQL Server. SharePoint has two critical RCEs on top of its exploited zero-day, and Exchange Server returns with a critical on-premises spoofing flaw. Adding to our (dear) administrator’s efforts, SharePoint Server 2016/2019 and SQL Server 2016 all reach end of support today. The Readiness team has provided a handy infographic of the expected risk profile of this month’s Patch Tuesday updates.

More info is available here on Microsoft Security updates for July 2026.

For June, Patch Tuesday means an IT scramble

Microsoft this month released 206 updates affecting Windows, Office, Exchange Server, and its developer tools — including three Windows vulnerabilities already publicly disclosed. That trio includes an elevation of privilege in the Collaborative Translation Framework (CVE-2026-45586), a denial of service in HTTP.sys (CVE-2026-49160), and a BitLocker security feature bypass (CVE-2026-50507). At the moment, none appear to be under active exploitation, but all three are rated “Exploitation More Likely.” 

Even without an exploited zero-day, the June 2026 Patch Tuesday release requires Patch Now recommendations for Windows, Office, and Exchange. The latter is back in the patch picture with a consolidated security update that Microsoft recommends installing “as soon as possible.”

More info is available here on Microsoft Security updates for June 2026.

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft this month released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office. 

The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for Jira and Confluence), four Word Preview Pane RCEs, the large TCP/IP vulnerability cluster, and the carry-over BitLocker recovery condition (still active on Windows 10 and Windows Server) warrants an accelerated deployment release schedule. 

More info is available here on Microsoft Security updates for May 2026.

Microsoft’s Patch Tuesday release for April is a whopper

Windows admins are going to be busy this month, dealing with the largest Patch Tuesday cycle in memory. The April release involves 165 updates and roughly 340 unique CVEs from Microsoft — including two zero-days, one of which is already being actively exploited in the wild. 

The Readiness team recommends “Patch Now” schedules for nearly every major product family: Windows, Office (with a zero-day), Microsoft Edge (Chromium), SQL Server, and Microsoft Developer Tools (.NET). April also brings Phase 2 of Microsoft’s Kerberos RC4 hardening with full enforcement set for July. There is a lot to cover, so here’s a useful infographic mapping the deployment risk for each platform.

More info is available here on Microsoft Security updates for April 2026.

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

Microsoft’s March Patch Tuesday release addresses 83 vulnerabilities across Windows, Office, SQL Server, Azure, and .NET — with two publicly disclosed zero-days affecting SQL Server and .NET (though neither is being actively exploited in the wild.) Six additional vulnerabilities spanning the Windows KernelGraphics ComponentSMB ServerAccessibility Infrastructure, and Winlogon are flagged as “Exploitation More Likely.”

The most significant change this month is the introduction of Common Log File System (CLFS) hardening with signature verification, which will affect how Windows handles log files across the operating system. More info on Microsoft Security updates for March 2026.

February’s Patch Tuesday release fixes 59 flaws, including 6 being exploited

The company’s Patch Tuesday release for February addresses 59 CVEs across the company’s product family — roughly half the volume of January’s 159 patches. Six vulnerabilities, affecting Windows Shell, MSHTML, Desktop Window Manager, Remote Desktop, Remote Access, and Microsoft Word, are already being actively exploited. (All five Critical-rated CVEs target Azureservices rather than Windows, however.) 

Both Windows and Office get a “Patch Now” recommendation, with CISA setting a March 3 enforcement deadline for all six exploited vulnerabilities. Two new enforcement timelines also take effect in April: Kerberos RC4 deprecation (CVE-2026-20833) and Windows Deployment Services hardening (CVE-2026-0386). More info on Microsoft Security updates for February 2026.

Kategorie: Hacking & Security

OnlyFans performers become unlikely allies of CISOs in securing websites

Computerworld.com [Hacking News] - 17 Červenec, 2026 - 19:37

CISOs at government organizations and universities have an unexpected ally coming to their aid: OnlyFans models.

For some time, hackers have exploited weaknesses in the websites of universities or government departments to host scams or malware, using content stolen from the OnlyFans website as bait to attract victims.

Now, according to security researchers at Upguard, the fightback has begun: creators of adult content on OnlyFans are leveraging Google search results and the protection offered by copyright law to break up the traffic distribution systems created by bad actors.

These distribution systems work in three stages: entry points using adult or other content to attract and capture web traffic, a routing system sends it to destination sites, and those sites monetize the traffic through scams and malware. It has proved to be a lucrative business for the scammers.

Google recognizes the approach and calls such actors SEO parasites as they benefit from the reputations of other organizations — in particular government or academic sites, which Google views as having high authority.

Since the creators of OnlyFans content are also the copyright holders, they are able to issue Digital Millennium Copyright Act (DMCA) take-down notices for the stolen content posted by the bad actors to other sites. Upguard was able to track this through Google’s DMCA Transparency Report, and through the Lumen Database, another tracker of takedown notices, to which it was granted research access.

“This allows us to identify likely compromised sites: government and university domains advertising unlicensed adult content,” Upguard said.

The OnlyFans creators’ action has two benefits for the operators of the affected websites: The adult content associated with their domain disappears from Google search results, no longer affecting their reputation — and if they receive takedown notices for such content they can check their webservers for the vulnerabilities that enabled the bad actors to post it there in the first place.

This article first appeared on CSO.

Kategorie: Hacking & Security

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

The Hacker News - 17 Červenec, 2026 - 19:12
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast and firewall late. The intel feed behind that counter Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

OpenAI’s new hardware is a $230, 13-switch keyboard for Codex

Computerworld.com [Hacking News] - 17 Červenec, 2026 - 19:07

OpenAI is selling its first hardware — without any help from Jony Ive. It describes the Codex Micro as a “command center for agentic work” but it’s really a 13-switch wireless keyboard customized to help developers keep tabs on what their Codex agents are doing. It costs $230.

The keyboard has 13 mechanical switches (one keycap covers two of them by default), a rotary encoder, joystick, and RGB backlighting around the whole keypad and individual keys. It comes with 32 customizable icon keycaps.

OpenAI claims that the Codex Micro is a serious business tool: The command keys enable Codex users accept changes, reject outputs, push-to-talk, start new chats, and trigger custom actions. The rotary encoder can be used to dial up the “brainpower” allocated to tasks — or in more conventional terms, how many tokens to allocate to reasoning on a task. And the RGB lighting can provide feedback on how various tasks are progressing. And the RGB lighting under the “agent” keys can provide feedback on how various tasks are progressing.

The Codex Micro’s manufacturer, Work Louder, already has a similar device on the market, the Creator Micro, which offers similar functionality, but without the colorful keys. It costs $56 less than the Codex Micro, however.

The Codex Micro will fit in snugly with OpenAI’s other merchandise, where using Codex is as much about a fashion statement as a technological choice.

This article first appeared on InfoWorld.

Kategorie: Hacking & Security

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

The Hacker News - 17 Červenec, 2026 - 18:39
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group known for its targeting of the gambling and gaming sectors using Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Why Mobile Proxies Are Harder to Block Than Datacenter IPs

LinuxSecurity.com - 17 Červenec, 2026 - 18:24
You're running a web scraping project to collect pricing data from e-commerce sites. You set up a pool of datacenter proxies, launch your scripts, and within minutes — banned. CAPTCHAs everywhere. Your data pipeline stops before it really begins.
Kategorie: Hacking & Security

Business Email Compromise with AI Enhancements and New Defense Strategies

LinuxSecurity.com - 17 Červenec, 2026 - 18:10
Business Email Compromise used to be a numbers game — mass-blasted emails, broken English, an obvious "URGENT WIRE TRANSFER" subject line. That era is over. Generative AI has turned BEC into a tailored, low-noise operation that mimics writing style, voice, and even video presence. This piece looks at what's actually changed under the hood, what defenders are testing in response, and why so many organizations are still structurally unprepared for it.
Kategorie: Hacking & Security
Syndikovat obsah