Cybersecurity — Cybersecurity News

PCAPGraph: Threat Hunting at the Speed of Triage

PCAPGraph: Threat Hunting at the Speed of Triage

PCAPGraph is an open-source network investigation and threat hunting tool that transforms packet cap...

Open-Source Network Discovery & Topology Mapping

Open-Source Network Discovery & Topology Mapping

RedSide Security has open-sourced NETMAPPER, a network discovery and visualization tool designed to ...

 RDPGraph: Turn Windows Event Logs into an Interactive RDP Attack Graph

RDPGraph: Turn Windows Event Logs into an Interactive RDP Attack Graph

When an incident unfolds and all you have left are Windows event logs, understanding attacker moveme...

Latest Posts

Critical "wp2shell" WordPress Core RCE Vulnerability Puts 500M+ Sites at Risk

Critical "wp2shell" WordPress Core RCE Vulnerability Puts 500M+ Sites at Risk

RedSide Security July 18, 2026 Vulnerability 4 views

A critical WordPress Core vulnerability dubbed wp2shell allows unauthenticated attackers to achieve remote code execution on affected websites without requiring plugins or user credentials. WordPress has released emergency patches and is force-pushing updates to vulnerable installations worldwide.

Continue reading: Critical "wp2shell" WordPress Core RCE Vulnerabili…
Citrix Secure Access Client Flaws Allow SYSTEM Privilege Escalation on Windows Endpoints

Citrix Secure Access Client Flaws Allow SYSTEM Privilege Escalation on Windows Endpoints

RedSide Security July 18, 2026 Vulnerability 4 views

Cloud Software Group has patched two vulnerabilities affecting Citrix Secure Access Client and Endpoint Analysis Client for Windows, including CVE-2026-53565, a high-severity privilege escalation flaw that allows low-privileged users to gain full SYSTEM access. Organizations are urged to upgrade immediately.

Continue reading: Citrix Secure Access Client Flaws Allow SYSTEM Pri…
New "Spirals" Ransomware Encrypts Enterprise Network in Under 24 Hours

New "Spirals" Ransomware Encrypts Enterprise Network in Under 24 Hours

RedSide Security July 18, 2026 Cybercrime 6 views

A newly discovered ransomware family named Spirals encrypted an enterprise network in less than 24 hours after compromising an internet-facing IIS server. The Rust-based ransomware used web shells, Cloudflare tunnels, credential dumping, WMI, and PsExec to achieve rapid domain-wide deployment before encrypting systems and threatening data leaks.

Continue reading: New "Spirals" Ransomware Encrypts Enterprise Netwo…
F5 Discloses High-Severity NGINX Vulnerabilities, Including Potential RCE Flaw

F5 Discloses High-Severity NGINX Vulnerabilities, Including Potential RCE Flaw

RedSide Security July 16, 2026 Vulnerability 12 views

F5 has released patches for three vulnerabilities affecting NGINX Plus and NGINX Open Source, including a critical heap buffer overflow (CVE-2026-42533) that may enable remote code execution. Organizations using NGINX web servers, ingress controllers, or gateway products should patch immediately and review affected configurations.

Continue reading: F5 Discloses High-Severity NGINX Vulnerabilities, …
AI-Generated "Vibe-Coded" PowerShell Malware Used for Active Directory Reconnaissance

AI-Generated "Vibe-Coded" PowerShell Malware Used for Active Directory Reconnaissance

RedSide Security July 13, 2026 Cybersecurity 38 views

Researchers uncovered an AI-generated PowerShell script used to enumerate Active Directory environments during a real-world intrusion. The "vibe-coded" malware demonstrates how attackers are increasingly using AI to create custom reconnaissance tools that evade traditional signature-based detection while retaining the same underlying attack behaviors.

Continue reading: AI-Generated "Vibe-Coded" PowerShell Malware Used …
 Jscrambler npm Package Compromised - Malicious Releases Deploy Cross-Platform Infostealer

Jscrambler npm Package Compromised - Malicious Releases Deploy Cross-Platform Infostealer

RedSide Security July 13, 2026 Vulnerability 28 views

Attackers compromised the Jscrambler npm package and published multiple malicious versions containing a cross-platform Rust infostealer. The malware targets cloud credentials, GitHub tokens, AI coding tools, cryptocurrency wallets, and CI/CD environments, highlighting the growing risk of software supply chain attacks against developers.

Continue reading: Jscrambler npm Package Compromised - Malicious Re…
PoC and Technical Details Released for SharePoint Remote Code Execution Vulnerability

PoC and Technical Details Released for SharePoint Remote Code Execution Vulnerability

RedSide Security July 08, 2026 Vulnerability 34 views

Researchers have released a working proof-of-concept exploit for CVE-2025-53770, a critical SharePoint Server remote code execution vulnerability. The flaw abuses XML schema imports and .NET deserialization gadgets to achieve code execution on vulnerable on-premises SharePoint deployments, increasing the risk of large-scale exploitation.

Continue reading: PoC and Technical Details Released for SharePoint …
Critical Fast-MCP-Telegram Vulnerability Allows Authentication Bypass via Path Traversal

Critical Fast-MCP-Telegram Vulnerability Allows Authentication Bypass via Path Traversal

RedSide Security July 07, 2026 Vulnerability 38 views

A critical authentication bypass vulnerability (**CVE-2026-52830**) in Fast-MCP-Telegram allows attackers to exploit path traversal flaws in Bearer token validation and gain unauthorized access to Telegram sessions. Users are strongly advised to upgrade to version 0.19.1 immediately.

Continue reading: Critical Fast-MCP-Telegram Vulnerability Allows Au…
Bad Epoll Linux Kernel Flaw Lets Attackers Gain Root Access on Linux and Android

Bad Epoll Linux Kernel Flaw Lets Attackers Gain Root Access on Linux and Android

RedSide Security July 04, 2026 Vulnerability 61 views

A newly disclosed Linux kernel vulnerability, Bad Epoll (CVE-2026-46242), allows unprivileged users to gain root access on Linux and Android systems through a race condition and use-after-free flaw in the epoll subsystem. With no workaround available, organizations are urged to deploy kernel patches as soon as they become available.

Continue reading: Bad Epoll Linux Kernel Flaw Lets Attackers Gain Ro…
Introducing AnyStix: Automated Country-Based Threat Intelligence for OpenCTI

Introducing AnyStix: Automated Country-Based Threat Intelligence for OpenCTI

RedSide Security July 02, 2026 Tools & Technology 52 views

AnyStix is an open-source threat intelligence tool that collects country-specific malicious submissions from ANY.RUN, enriches them with indicators, converts them into STIX 2.1 format, and automatically imports them into OpenCTI. The platform enables continuous, region-focused threat intelligence collection using publicly available sandbox data.

Continue reading: Introducing AnyStix: Automated Country-Based Threa…