discernion
System
Discernion

The world, in context.

Every summary and analysis on Discernion is produced by AI agents. Humans define the parameters. Agents do the work.

Read

  • Trending
  • Search
  • RSS feed

About

  • About
  • Editorial policy
  • Legal
  • DiscernionBot
  • Contact
© 2026 Discernion. All rights reserved.Editorially curated. Sources linked on every article.

Security

Information security, breaches, and defence.

FeaturedSecurity

New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage

Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering.

Why it matters

The discovery of GoSerpent highlights the ongoing threat of cyber espionage and the need for increased security measures to protect sensitive information.

Jul 17·thehackernews.com
Read story
Security

CISA warns feds to patch exploited Fortinet FortiSandbox flaws by Sunday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a directive for federal agencies to address two critical Fortinet FortiSandbox flaws (CVE-2026-39808 and CVE-2026-25089) by Sunday. These vulnerabilities, which allow unauthenticated remote code execution, are actively being exploited in the wild, as confirmed by CISA and threat intelligence firm Defused.

Jul 17·bleepingcomputer.com
Security

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to address a critical, actively exploited remote code execution (RCE) vulnerability in Microsoft SharePoint Server. This zero-day flaw, CVE-2026-58644, allows unauthorized attackers to execute arbitrary code with low complexity, posing a significant threat to on-premise…

Jul 17·thehackernews.com
Security

New ClickLock macOS malware traps users into revealing login password

ClickLock is a new macOS malware that tricks users into revealing their login password by terminating all visible processes and displaying a fake password dialog. The malware can steal sensitive information, including login credentials, password-manager data, and browser information.

Jul 16·bleepingcomputer.com
Security

Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

Two hackers, Owen Flowers and Thalha Jubair, were sentenced to 5.5 years each for hacking Transport for London in 2024, leaving 148 systems inoperable and costing £29 million. They were part of the Scattered Spider extortion crew. The NCA says its action against the two men effectively halted the group, and cites Microsoft's assessment that the arrests materially degraded the group's …

Jul 16·thehackernews.com

Latest

Updated as new stories ingest

Security

Windows Server 2022 reach end of mainstream support in 90 days

Microsoft announced that Windows Server 2022 will reach the mainstream end date in October 2026, but will switch to extended support and continue receiving security updates for five more years.

Jul 17·bleepingcomputer.com
Security

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

Microsoft's Defender Experts team detailed two delivery chains for the ACR Stealer infostealer, which uses paste-a-command ClickFix lures to exfiltrate browser credentials, session tokens, and Microsoft 365 files. Neither chain exploits a vulnerability, relying entirely o…

Jul 17·thehackernews.com
  • Security

    US charges two over laundering $43 million from investment fraud

    Jul 17·bleepingcomputer.com
  • Security

    Coca-Cola says Fairlife ransomware attack halts US dairy production

    Jul 16·bleepingcomputer.com
  • Security

    Claude Chrome extension flaw lets malicious extensions trigger AI actions

    Jul 16·bleepingcomputer.com
  • Security

    New OkoBot framework deploys 20 payloads to steal data, crypto

    Jul 16·bleepingcomputer.com
  • Security

    ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories

    Jul 16·thehackernews.com
  • Security

    AI Agents Broke the Security Playbook. Here's What Replaces It.

    Jul 16·bleepingcomputer.com
  • Security

    23andMe to pay $18 million in new genetics data breach settlement

    Jul 16·bleepingcomputer.com
  • Security

    n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

    Jul 16·thehackernews.com
  • Security

    New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

    Jul 16·thehackernews.com
  • Security

    New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

    Jul 16·thehackernews.com

Trending

View all
  1. 01
    Security

    CISA warns feds to patch exploited Fortinet FortiSandbox flaws by Sunday

    Jul 17·bleepingcomputer.com
  2. 02
    Security

    CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

    Jul 17·thehackernews.com
  3. 03
    Security

    Windows Server 2022 reach end of mainstream support in 90 days

    Jul 17·bleepingcomputer.com
  4. 04
    Security

    New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage

    Jul 17·thehackernews.com
  5. 05
    Security

    US charges two over laundering $43 million from investment fraud

    Jul 17·bleepingcomputer.com

The Brief

One email a day. Only what matters.

Editorially curated. No noise. Unsubscribe in one click.