Detection engineering: A programmatic approach to identifying cyber threats
Detection engineering, which was once a niche practice among mostly large companies, appears to have evolved into a capability that organizations across industries now consider essential to their security operations. What is detection engineering? Detection engineering is about creating and implementing systems to identify potential security threats within an organization’s specific technology environment without drowning in...
The Platform You Trust Is the Platform They Target
By: Max Gannon, Cofense IntelligenceCofense Intelligence is observing a clear shift in phishing operations: threat actors are moving beyond broad, one-size-fits-all campaigns and adopting platform-aware delivery that adapts to the victim’s device, browser, and environment. What began as simple Windows-focused malware distribution campaigns has evolved into more sophisticated campaigns that can selectively deliver credential phishing, remote access tools, or...
Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool
Executive Summary Insikt Group has identified new infrastructure associated with the TAG-182 threat cluster, used to disseminate MarkiRAT malware in support of Iranian government surveillance operations. It is highly likely that TAG-182 is targeting Iranians living inside and outside the country using different lures, including free download tools and fake VPN applications. The group’s operations are highly likely...
Backdoors & Breaches: New scenarios and adaptations
Sharing new scenarios and adaptations to play the Datadog expansion pack of Backdoors & Breaches. - Read more
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users
A Reddit disclosure has ignited a serious debate about developer trust and covert surveillance, alleging that Anthropic embedded undisclosed detection logic inside its Claude Code CLI tool, specifically targeting users in China or those routing traffic through Chinese AI lab proxies. A Reddit user identified as LegitMichel777 on the r/ClaudeAI subreddit posted detailed findings on June 30, 2026, claiming...
SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, developer, and AI credentials.
The post SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux appeared first on TechRepublic. - Read more
CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only. - Read more
Frangoteam FUXA SCADA/HMI
View CSAF
Summary
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance.
The following versions of Frangoteam FUXA SCADA/HMI are affected:
FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207)
CVSS
Vendor
Equipment
Vulnerabilities
v3 7.5
Frangoteam
Frangoteam FUXA SCADA/HMI
Authentication Bypass by Spoofing
Background
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Switzerland
Vulnerabilities
Expand All +
CVE-2026-13207
FUXA versions 1.3.1...
Schneider Electric EasyLogic T150 and Saitel DP RTU
View CSAF
Summary
Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files.
The following versions of Schneider Electric EasyLogic T150 and Saitel DP RTU are affected:
EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller <=11.06.30 (CVE-2026-9650)
EasyLogic T150 (formerly Saitel DR)...
Malicious Chromium extension spoofs Perplexity AI to hijack browser searches
Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its...







