GodDamn Ransomware PoisonX Driver Kills EDR

GodDamn ransomware PoisonX driver

The GodDamn ransomware PoisonX driver is a Microsoft-signed kernel tool that ransomware operators use to silently kill EDR and antivirus processes before deploying encryption — and because the driver carries a legitimate Microsoft signature, standard driver-trust checks wave it straight through. What Happened Symantec disclosed on July 9, 2026 that a ransomware family called GodDamn…

Read More

Microsoft July 2026 Patch Tuesday Zero-Day Hits SharePoint

Microsoft July 2026 Patch Tuesday zero-day

The Microsoft July 2026 Patch Tuesday zero-day count is the largest disclosure on record — trackers put the total at 570 to 622 CVEs depending on methodology — and two of the fixed flaws were already being exploited before the patch shipped: one in Active Directory Federation Services, one in SharePoint Server. A separate, publicly…

Read More

Nightmare Eclipse Windows Zero-Day Trilogy

Nightmare Eclipse Windows zero-day

The Nightmare Eclipse Windows zero-day trilogy has moved from proof-of-concept code on GitHub to a confirmed, real-world intrusion: Huntress found BlueHammer, RedSun, and UnDefend deployed together in one attack chain that started with a compromised FortiGate VPN appliance. What Happened A researcher operating under the handle “Nightmare Eclipse” (also seen as “Chaotic Eclipse”) has published…

Read More

Energy Sector Cybersecurity: Recent European Cyberattacks Highlight the Risk

energy sector cybersecurity

Energy sector cybersecurity has long been a point of strategic leverage in Europe. In recent years, that leverage has extended beyond physical infrastructure into the digital systems that support generation, distribution, and coordination across the grid. Recent cyber incidents have brought this into sharper focus. While each attack appears isolated, they collectively point to a…

Read More

Gitea Docker CVE-2026-20896 Auth Bypass

Gitea Docker CVE-2026-20896

Gitea Docker CVE-2026-20896 is now under active exploitation: a single crafted HTTP header lets an unauthenticated attacker impersonate any user of a self-hosted Gitea instance — including an administrator — and walk away with private repositories and any secrets committed by mistake. What Happened Gitea’s official Docker image ships with REVERSE_PROXY_TRUSTED_PROXIES=*. On deployments that also…

Read More