Posts by Editorial Team
GodDamn Ransomware PoisonX Driver Kills EDR
The GodDamn ransomware PoisonX driver is a Microsoft-signed kernel tool that ransomware operators use to silently kill EDR and antivirus processes before deploying encryption — and because the driver carries a legitimate Microsoft signature, standard driver-trust checks wave it straight through. What Happened Symantec disclosed on July 9, 2026 that a ransomware family called GodDamn…
Read MoreMicrosoft July 2026 Patch Tuesday Zero-Day Hits SharePoint
The Microsoft July 2026 Patch Tuesday zero-day count is the largest disclosure on record — trackers put the total at 570 to 622 CVEs depending on methodology — and two of the fixed flaws were already being exploited before the patch shipped: one in Active Directory Federation Services, one in SharePoint Server. A separate, publicly…
Read MoreNightmare Eclipse Windows Zero-Day Trilogy
The Nightmare Eclipse Windows zero-day trilogy has moved from proof-of-concept code on GitHub to a confirmed, real-world intrusion: Huntress found BlueHammer, RedSun, and UnDefend deployed together in one attack chain that started with a compromised FortiGate VPN appliance. What Happened A researcher operating under the handle “Nightmare Eclipse” (also seen as “Chaotic Eclipse”) has published…
Read MoreEnergy Sector Cybersecurity: Recent European Cyberattacks Highlight the Risk
Energy sector cybersecurity has long been a point of strategic leverage in Europe. In recent years, that leverage has extended beyond physical infrastructure into the digital systems that support generation, distribution, and coordination across the grid. Recent cyber incidents have brought this into sharper focus. While each attack appears isolated, they collectively point to a…
Read MoreGitea Docker CVE-2026-20896 Auth Bypass
Gitea Docker CVE-2026-20896 is now under active exploitation: a single crafted HTTP header lets an unauthenticated attacker impersonate any user of a self-hosted Gitea instance — including an administrator — and walk away with private repositories and any secrets committed by mistake. What Happened Gitea’s official Docker image ships with REVERSE_PROXY_TRUSTED_PROXIES=*. On deployments that also…
Read More
