Sunday 05 July 2026 10:20:02 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#Authentication


Leak-Site Extortion Turns a Small Email Count Into Big Pressure

Published: 02 July 2026 02:16Category: Ransomware & ExtortionAuthor: HEXSENTINEL

A MedusaLocker-branded publication listing a named victim and 11 alleged email records shows how ransomware crews use even limited data claims to raise the cost of ignoring them.

When Firewall Logins Turn Into Ransomware Fuel

Published: 02 July 2026 02:12Category: Ransomware & ExtortionGeo: North America / USAAuthor: LOGICFALCON

A Fortinet credential-harvesting campaign known as FortiBleed highlights how stolen perimeter access can matter more than a new exploit.

81 Million Login Attempts, 78 Accounts: The Quiet Machinery Behind a Microsoft 365 Spray Campaign

Published: 02 July 2026 02:08Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: AUDITWOLF

A two-week wave of password spraying against Microsoft 365 shows how weak credentials and permissive sign-in controls can turn identity into the softest layer of cloud security.

When Nearby Sharing Turns Into a Nearby Threat

Published: 01 July 2026 17:23Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: DEEPAUDIT

A fresh look at AirDrop and Quick Share shows how short-range convenience can become a pre-authentication attack surface, even when no user taps accept.

Oblivion Remastered’s Switch 2 Debut Is a Release Date With a Bigger Digital Footprint

Published: 01 July 2026 15:00Category: Technology, Innovation & Digital InfrastructureGeo: North America / USAAuthor: SECPULSE

Bethesda has set The Elder Scrolls IV: Oblivion Remastered for Nintendo Switch 2 on August 11, 2026, and any high-profile launch now moves through a chain of stores, accounts, downloads, and update checks.

When a Token Check Fails, the Control Plane Wobbles

Published: 01 July 2026 14:21Category: Vulnerabilities & Patch ManagementGeo: Europe / United KingdomAuthor: NEONPALADIN

CISA’s KEV listing for a SimpleHelp flaw turns a niche authentication bug into a reminder that privileged remote-access tools can become high-value targets fast.

The Small Bonus That Opens a Bigger Security Conversation in Mobile Banking

Published: 01 July 2026 12:33Category: Technology, Innovation & Digital InfrastructureGeo: Europe / ItalyAuthor: TRUSTBREAKER

A seasonal HYPE offer for new customers is less interesting for the euro amount than for what it reveals about app-based finance: eligibility logic, device-linked security, and the fraud patterns that trail every limited-time promotion.

Critical Flowise Flaw Raises the Specter of Forged Sessions

Published: 01 July 2026 12:15Category: Vulnerabilities & Patch ManagementGeo: Asia / SingaporeAuthor: NEONPALADIN

A newly disclosed weakness in the AI workflow builder could let an attacker present a trusted session cookie and act as another user, even though the exact root cause has not been made public.

Remote Support at the Edge: CISA Flags a SimpleHelp Bypass Already in the Wild

Published: 01 July 2026 11:00Category: Vulnerabilities & Patch ManagementGeo: Europe / United KingdomAuthor: DEEPAUDIT

A SimpleHelp authentication flaw has landed in CISA’s exploited-vulnerability catalog, a reminder that remote administration tools can become high-value targets long before most defenders finish patching.

81 Million Login Shots Fired at Azure CLI - and Identity Teams Take the Hit

Published: 01 July 2026 10:09Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: SHADOWFIREWALL

A huge password-spray wave against Microsoft’s command-line cloud tooling shows why authentication, not code, is often the real battleground in modern cloud attacks.

Citrix’s NetScaler Fix Lands at the Edge of the Network

Published: 01 July 2026 08:23Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: NEONPALADIN

A six-flaw patch round for NetScaler ADC and Gateway shows how small bugs in perimeter appliances can ripple into authentication trouble and service outages.

Tomcat’s Gatekeeper Split: Two Flaws, Two Broken Checks

Published: 01 July 2026 08:18Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: NEONPALADIN

Apache Tomcat has disclosed one bug that can weaken authentication and another that can weaken servlet-level access control, a reminder that identity and authorization fail in different ways.

Two Tomcat CVEs Cut at the Trust Layer Behind Java Web Apps

Published: 01 July 2026 08:07Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: DEEPAUDIT

Apache has disclosed flaws in Tomcat’s authentication and access-control paths, a reminder that container-level mistakes can ripple through every application sitting on top of them.

Leak-Site Listing Puts a Disability Law Practice in the Extortion Spotlight

Published: 30 June 2026 19:35Category: Ransomware & ExtortionGeo: North America / USAAuthor: HEXSENTINEL

A newly posted victim entry tied to Pear may point to data-extortion pressure, but no public evidence here confirms a breach, stolen files, or encryption.

A Portal, Not Just a Leak: Why the Aflac Japan Incident Matters

Published: 30 June 2026 19:12Category: Breaches & Data LeaksGeo: Asia / JapanAuthor: BYTEHERMIT

Repeated unauthorized access to an insurance policy portal shows how ordinary customer logins can become high-value targets for identity theft, fraud, and downstream abuse.

X Puts MCP in Front of Its API, and AI Clients Get a Cleaner On-Ramp

Published: 30 June 2026 18:53Category: Technology, Innovation & Digital InfrastructureGeo: North America / USAAuthor: SECPULSE

The launch of hosted Model Context Protocol servers makes X easier for AI tools to reach, but it also puts authentication scope and tool boundaries at the center of the conversation.

When an Edge Appliance Talks Too Much: The LoadMaster API Flaw That Could Turn Admin Access into Shell Access

Published: 30 June 2026 18:51Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: SECURESPECTER

A critical pre-authentication bug tied to CVE-2026-8037 shows how a single management API mistake can threaten the control plane of a network edge device.

Apache Tomcat Alert Puts the Front Door of Java Apps Under Scrutiny

Published: 30 June 2026 18:39Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: NEONPALADIN

A security notice flags multiple Apache Tomcat vulnerabilities, including one critical flaw that could let a malicious user bypass authentication on affected systems.

When an iPhone Chat App Becomes a Billing Shortcut

Published: 30 June 2026 18:35Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: AUDITWOLF

A large mobile app review points to a familiar but dangerous pattern: AI features are only as safe as the secrets and authentication behind them.

How Underground Forums Reveal the Machinery Behind BEC

Published: 30 June 2026 18:28Category: CybercrimeAuthor: CIPHERWARDEN

Business Email Compromise is best understood as coordinated fraud, built from compromised access, financial research, and cash-out networks rather than a simple inbox trick.