GodDamn Ransomware PoisonX Driver Kills EDR

GodDamn ransomware PoisonX driver

The GodDamn ransomware PoisonX driver is a Microsoft-signed kernel tool that ransomware operators use to silently kill EDR and antivirus processes before deploying encryption — and because the driver carries a legitimate Microsoft signature, standard driver-trust checks wave it straight through. What Happened Symantec disclosed on July 9, 2026 that a ransomware family called GodDamn…

Read More

Microsoft July 2026 Patch Tuesday Zero-Day Hits SharePoint

Microsoft July 2026 Patch Tuesday zero-day

The Microsoft July 2026 Patch Tuesday zero-day count is the largest disclosure on record — trackers put the total at 570 to 622 CVEs depending on methodology — and two of the fixed flaws were already being exploited before the patch shipped: one in Active Directory Federation Services, one in SharePoint Server. A separate, publicly…

Read More

Nightmare Eclipse Windows Zero-Day Trilogy

Nightmare Eclipse Windows zero-day

The Nightmare Eclipse Windows zero-day trilogy has moved from proof-of-concept code on GitHub to a confirmed, real-world intrusion: Huntress found BlueHammer, RedSun, and UnDefend deployed together in one attack chain that started with a compromised FortiGate VPN appliance. What Happened A researcher operating under the handle “Nightmare Eclipse” (also seen as “Chaotic Eclipse”) has published…

Read More

Gitea Docker CVE-2026-20896 Auth Bypass

Gitea Docker CVE-2026-20896

Gitea Docker CVE-2026-20896 is now under active exploitation: a single crafted HTTP header lets an unauthenticated attacker impersonate any user of a self-hosted Gitea instance — including an administrator — and walk away with private repositories and any secrets committed by mistake. What Happened Gitea’s official Docker image ships with REVERSE_PROXY_TRUSTED_PROXIES=*. On deployments that also…

Read More

Langflow CVE-2026-55255 KEV: AI Agent Flaw Explained

Langflow CVE-2026-55255 KEV

The Langflow CVE-2026-55255 KEV entry, added by CISA on July 7, marks the first time an AI agent orchestration platform has ever appeared in the Known Exploited Vulnerabilities catalog. The flaw carries a CVSS score of just 6.1 from CISA, yet KEVIntel and CIRCL independently score the same bug 9.9, because it lets an authenticated…

Read More