LodeHQSubscribe →

LegacyHive zero-day, Zoom critical bug, Scattered Spider verdict

Infosec · 2026-07-18

Vulnerabilities & Exploits
LegacyHive zero‑day lets attackers hijack admin accounts on patched Windows2 MIN

Researcher Nightmare Eclipse released a PoC for LegacyHive, a local‑privilege escalation bug in the Windows User Profile Service that works on fully patched Windows 10/11 and Server systems. If exploited, a low‑privilege user can load admin hives and trigger code execution when the admin logs in, giving attackers full control.

Zoom patches critical Windows account‑takeover bug (CVSS 9.8)1 MIN

Zoom disclosed a CVE‑2026‑53412 vulnerability in its Windows desktop and VDI clients that lets unauthenticated attackers hijack accounts via network access. The flaw, scored 9.8/10, affects Zoom Workplace versions before 7.0.0. Updating to the latest client eliminates the risk.

Threats & Malware
ClickLock Stealer hijacks macOS via password‑prompt loops and process‑killing2 MIN

Group‑IB uncovered ClickLock Stealer, a macOS‑only malware that lures victims into running a bash command. It spawns a backdoor and steals browsers, crypto wallets, Keychain data, then suppresses security dialogs with aggressive process‑killing, forcing users to reveal passwords. The campaign spans 33 countries.

UK jails two teens, delivering a major blow to Scattered Spider1 MIN

Two British teenagers, 18‑year‑old Owen Flowers and 20‑year‑old Thalha Jubair, were sentenced to five‑and‑a‑half years for the 2024 TfL hack that crippled ticketing and live train data. Their convictions, authorities say, have severely disrupted the Scattered Spider gang, which has been linked to high‑profile breaches at MGM, WestJet and Okta.

GoSerpent RAT silently harvests Southeast Asian government secrets since 20259 MIN

In February 2026 Kaspersky’s Securelist uncovered a Go‑based backdoor, GoSerpent, used to infiltrate Southeast Asian ministries and diplomatic offices, deploying additional tools to dump credentials and exfiltrate files via network shares. The campaign shows a long‑running, sophisticated espionage effort that now includes a newer Stowaway proxy RAT alongside legacy variants.

Spain, allies bust €140 M cyber‑fraud ring that duped CEOs and investors5 MIN

Spanish police, with partners in three other nations, cracked a 70‑person fraud network that ran man‑in‑the‑middle, CEO‑impersonation and fake‑investment scams, siphoning at least €140 million. The operation seized 15 computers, 170 phones and froze €3 million, showing that coordinated international law‑enforcement can still strike at large‑scale cyber‑crime.

Breaches & Industry News
Fairlife ransomware shuts down U.S. dairy production for Coca‑Cola2 MIN

Coca‑Cola disclosed that a ransomware breach at its Fairlife dairy subsidiary forced a temporary halt to U.S. production, though product safety remains intact. The company activated incident response, engaged external experts, and notified law enforcement while assessing the full impact. No gang has claimed responsibility yet.

Research & Tools
DetectionForge automates CTI-to-ATT&CK Sigma rule generation4 MIN

DetectionForge uses a Gemini‑Flash‑powered agent to ingest threat‑intel reports, extract IOCs and TTPs, map them to MITRE ATT&CK, and output validated Sigma rules plus Splunk and Elastic translations. Its self‑correcting loop retries failed validations, cutting rule‑writing time from days to minutes. Faster rule deployment shrinks attacker dwell time and breach costs.

Get Infosec in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ