no alarms and no surprises please..
-
Manage Vendor Risk in a Few Practical Steps
Manage Vendor Risk in a Few Practical Steps Risk tolerance, exposure visibility, board oversight — handling third-party risk is complicated but achievable with disciplined, precise governance. Daniel Nutkis Go to gbhackers.com
-
Frontier AI: The Genie’s Out of the Bottle, But Where’s the Rulebook?
Frontier AI: The Genie’s Out of the Bottle, But Where’s the Rulebook? Cutting-edge artificial intelligence models are deploying with more independence and less human oversight. Several state governments are trying to legislate transparency in their use. Arielle Waldman Go to gbhackers.com
-
Cursor IDE Auto-Executes Malicious Code in Poisoned Repos
Cursor IDE Auto-Executes Malicious Code in Poisoned Repos Researchers reported the vulnerability to Cursor in December, but it still remains in the popular AI coding platform and can be exploited in poisoned repository attacks. Alexander Culafi Go to gbhackers.com
-
SAP July 2026 Patch Day Fixes Critical NetWeaver, Approuter, and Commerce Cloud Vulnerabilities
SAP July 2026 Patch Day Fixes Critical NetWeaver, Approuter, and Commerce Cloud Vulnerabilities SAP’s July 2026 Security Patch Day addresses multiple high-impact vulnerabilities across its enterprise products, including a severe memory corruption issue in the SAP NetWeaver… Delivered by PolitePaul service Go to gbhackers.com
-
WinFsp Race Condition Flaw Allows Attackers to Gain SYSTEM-Level Access on Windows
WinFsp Race Condition Flaw Allows Attackers to Gain SYSTEM-Level Access on Windows A newly disclosed vulnerability in the Windows File System Proxy (WinFsp) could allow a local attacker to gain SYSTEM-level privileges by exploiting a race… Delivered by PolitePaul service Go to gbhackers.com
-
ShinyHunters Hackers Abuse Salesforce OAuth to Bypass MFA and Exfiltrate CRM Data
ShinyHunters Hackers Abuse Salesforce OAuth to Bypass MFA and Exfiltrate CRM Data A series of high-impact campaigns linked by overlapping tradecraft to ShinyHunters, in which attackers abused trusted Salesforce OAuth relationships to bypass conventional MFA protections,… Delivered by PolitePaul service Go to gbhackers.com
-
Pro-Iran Hacktivist Groups Launch DDoS and Hack-and-Leak Attacks Against Critical Infrastructure
Pro-Iran Hacktivist Groups Launch DDoS and Hack-and-Leak Attacks Against Critical Infrastructure A decentralized network of pro-Iran hacktivist groups is intensifying cyber operations against critical infrastructure, government entities, technology providers, and organizations perceived as aligned with… Delivered by PolitePaul service Go to gbhackers.com
-
ModHeader Chrome Extension Exposes 900,000 Users to Potential Browsing History Theft
ModHeader Chrome Extension Exposes 900,000 Users to Potential Browsing History Theft ModHeader version 7.0.187.0.187.0.18, a popular Chrome extension used for modifying HTTP headers, contained dormant code capable of collecting and exfiltrating browsing history data from… Delivered by PolitePaul service Go to gbhackers.com
-
US sanctions VPN, malware providers for enabling ransomware attacks
US sanctions VPN, malware providers for enabling ransomware attacks The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations. […] Sergiu Gatlan Go to bleepingcomputer
-
Japan’s largest taxi operator shuts systems after cyberattack
Japan’s largest taxi operator shuts systems after cyberattack Japan’s largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure. […] Bill Toulas Go to bleepingcomputer
-
Hackers backdoor Jscrambler npm package with infostealer malware
Hackers backdoor Jscrambler npm package with infostealer malware The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been downloaded almost 1,500 times. […] Bill Toulas Go to bleepingcomputer
-
New CrashStealer malware poses as Apple crash reporting tool
New CrashStealer malware poses as Apple crash reporting tool A new macOS information-stealing malware called CrashStealer pretends to be Apple’s crash-reporting tool to steal credentials, keychain data, and crypto wallets. […] Bill Toulas Go to bleepingcomputer
-
CISA warns of actively exploited RCE flaws in Joomla extensions
CISA warns of actively exploited RCE flaws in Joomla extensions The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to achieve remote code execution through arbitrary file uploads. […] Bill Toulas Go to bleepingcomputer
-
Chrome Extension Used by 1.6 Million Users Silently Included Data Exfiltration Capabilities
Chrome Extension Used by 1.6 Million Users Silently Included Data Exfiltration Capabilities A widely used browser extension, ModHeader, has been removed from the Chrome Web Store after researchers found that its signed release contained a dormant capability to collect, encrypt, and potentially upload users’ browsing-domain data. The extension reportedly had about 1.6 million combined installations…
-
Telegram’s t.me Domain Suspended, ServerHold Status Breaks Links Worldwide
Telegram’s t.me Domain Suspended, ServerHold Status Breaks Links Worldwide Telegram’s core t[.]me domain has been placed on serverHold at the .me registry, a registry-level status that removes the domain from the global DNS and breaks every t[.]me short link worldwide. WHOIS records confirm the domain now carries eight status flags, including serverHold, clientDeleteProhibited, and serverDeleteProhibited,…
-
New macOS Stealer Mimics Apple’s Crash Report Framework to Steal Browser Credentials
New macOS Stealer Mimics Apple’s Crash Report Framework to Steal Browser Credentials CrashStealer, a native C++ macOS infostealer that disguises itself as Apple’s built-in crash-reporting utility to harvest browser credentials, cryptocurrency wallets, password manager data, and keychain contents before encrypting and exfiltrating everything to a remote command-and-control server. Jamf first spotted a suspicious sample on…
-
Torq and Criminal IP Partner to Deliver Decision-Ready Threat Intelligence for Autonomous SOC Operations
Torq and Criminal IP Partner to Deliver Decision-Ready Threat Intelligence for Autonomous SOC Operations Torrance, California, USA, July 13th, 2026, CyberNewswire Criminal IP, the cyber threat intelligence search engine and attack surface management platform, today announced a new partnership and integration with Torq, the established agentic security operations leader. The partnership integrates Criminal IP’s decision-ready…
-
Turla Hackers Exploit SharePoint Flaw to Access Thousands of French User Accounts
Turla Hackers Exploit SharePoint Flaw to Access Thousands of French User Accounts Turla, a long-running cyber espionage operation linked by French authorities to Russia’s Federal Security Service, has again drawn attention after investigators detailed compromises affecting French organizations. The group has been active for more than two decades and is known for quietly stealing sensitive…
-
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth connections that tie…
-
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs. “It…
-
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched…
-
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t…
-
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false “fact” about the user,…
-
AI Data Centers and the Concentration of Wealth
AI Data Centers and the Concentration of Wealth This essay was written with Nathan E. Sanders, and originally appeared in The Guardian. Opposition to AI data centers has emerged as a primary theme in US politics, one that—surprisingly—doesn’t fall along party lines. We applaud people coming together for constructive debate on any issue, and agree…
-
ISC Stormcast For Tuesday, July 14th, 2026 https://isc.sans.edu/podcastdetail/10006, (Tue, Jul 14th)
ISC Stormcast For Tuesday, July 14th, 2026 https://isc.sans.edu/podcastdetail/10006, (Tue, Jul 14th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Someone Is Scanning for Your MCP Servers and AI Assistant Credentials, (Mon, Jul 13th)
Someone Is Scanning for Your MCP Servers and AI Assistant Credentials, (Mon, Jul 13th) The setup I pulled 14 days of Apache and ModSecurity logs from a single small web host. Nothing special about it. A handful of low-traffic virtual hosts. A WordPress site, a couple of custom application backends, a static devotional site. The…
-
Lessons Learned from CISA’s Recent GitHub Leak
Lessons Learned from CISA’s Recent GitHub Leak The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a recent data leak in which a contractor published dozens of internal CISA credentials — including AWS Govcloud keys — in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say…
-
Weak Security Continues to Fuel Russian Cyberattacks
Weak Security Continues to Fuel Russian Cyberattacks In a first, the UK and the EU jointly impose sanctions on Russian individuals and entities for cyberattacks and disinformation campaigns in the region. Jai Vijayan Go to gbhackers.com
-
‘Yellow Teams’ Are Defining the Future of AI Security
‘Yellow Teams’ Are Defining the Future of AI Security In some companies, engineers are building defense and attack tools to test the potential of artificial intelligence for cybersecurity — and its threat. Nate Nelson Go to gbhackers.com
-
GigaWiper Lets Threat Actors Choose Their Own Destructive Attack
GigaWiper Lets Threat Actors Choose Their Own Destructive Attack A modular implant borrows from various malware families to combine both backdoor and wiper activities to maximize impact and minimize operational output. Elizabeth Montalbano Go to gbhackers.com
-
Debian 13.6 Released With Security Updates for Linux, Apache, Curl, QEMU, and More
Debian 13.6 Released With Security Updates for Linux, Apache, Curl, QEMU, and More The Debian Project has released Debian 13.6, the sixth point update for its stable Debian 13 “trixie” distribution. This update, released on July 11,… Delivered by PolitePaul service Go to gbhackers.com
-
BusySnake Stealer Uses Reverse SSH Tunnels and AI-Generated Loaders to Evade Detection
BusySnake Stealer Uses Reverse SSH Tunnels and AI-Generated Loaders to Evade Detection Armored Likho, a previously undocumented threat group also tracked as Eagle Werewolf based on circumstantial evidence, is targeting government institutions and electric-power organizations across… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Warns of Actively Exploited iCagenda and Balbooa Forms File Upload Flaws
CISA Warns of Actively Exploited iCagenda and Balbooa Forms File Upload Flaws The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two file-upload vulnerabilities, affecting iCagenda and Balbooa Forms, to its Known Exploited Vulnerabilities (KEV)… Delivered by PolitePaul service Go to gbhackers.com
-
Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace
Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace The APT-C-60 threat actor has continued targeting Japanese organizations with a spear-phishing campaign that abuses Proton Drive, Windows shortcut files, trusted developer platforms, and… Delivered by PolitePaul service Go to gbhackers.com
-
Critical WordPress OAuth SSO Plugin Flaw Allows Unauthenticated Attackers to Gain Admin Access
Critical WordPress OAuth SSO Plugin Flaw Allows Unauthenticated Attackers to Gain Admin Access A critical authentication bypass vulnerability has been disclosed in the widely used miniOrange OAuth Single Sign-On (SSO) WordPress plugin, carrying a near-maximum CVSS score… Delivered by PolitePaul service Go to gbhackers.com
-
US and allies warn of Russian critical infrastructure attacks
US and allies warn of Russian critical infrastructure attacks Cybersecurity agencies from the United States and eight other countries have issued a joint warning that Russian state hackers are targeting vulnerable and poorly configured routers to infiltrate critical infrastructure networks. […] Sergiu Gatlan Go to bleepingcomputer
-
OpenAI temporarily relaxes GPT-5.6 Sol usage limits
OpenAI temporarily relaxes GPT-5.6 Sol usage limits OpenAI is temporarily relaxing GPT-5.6 Sol usage after demand for the company’s most powerful model surged over the past 48 hours. […] Mayank Parmar Go to bleepingcomputer
-
Claude Fable 5 stays free for paid users until July 19 as Anthropic buys more time
Claude Fable 5 stays free for paid users until July 19 as Anthropic buys more time Anthropic has just extended access to Claude Fable 5 for paid subscribers until July 19, giving you another week to keep using the most powerful model. […] Mayank Parmar Go to bleepingcomputer
-
RedHook Android malware now uses Wireless ADB for shell access
RedHook Android malware now uses Wireless ADB for shell access A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection. […] Bill Toulas Go to bleepingcomputer
-
Hackers Compromised jscrambler With 15,800+ Weekly Downloads to Attack Developers
Hackers Compromised jscrambler With 15,800+ Weekly Downloads to Attack Developers A supply chain attack on the jscrambler npm package, a JavaScript code-protection tool with over 15,800 weekly downloads, involved malicious versions that silently deployed native malware on Linux, macOS, and Windows systems. Socket Research Team detected the first malicious release, [email protected], on July 11, 2026,…
-
Anthropic Extends Claude Fable 5 Access From July 12 to July 19
Anthropic Extends Claude Fable 5 Access From July 12 to July 19 Anthropic has extended promotional access to Claude Fable 5 until July 19, 2026, giving eligible paid subscribers more time to use the company’s newest AI model at no additional charge. The offer was previously scheduled to end earlier. However, Anthropic confirmed that access…
-
SpyGlace Attacks Abuse Trusted Developer Services to Evade Network Detection
SpyGlace Attacks Abuse Trusted Developer Services to Evade Network Detection SpyGlace has returned in a campaign that hides malicious activity behind online services many companies trust. The operation, linked to APT-C-60, uses spear-phishing emails to steer victims toward a booby-trapped archive and then installs malware through a chain of ordinary tools. The latest activity shows…
-
Hackers Weaponize Real Academic Event Materials to Infect Researchers With RokRAT
Hackers Weaponize Real Academic Event Materials to Infect Researchers With RokRAT A targeted phishing campaign is using genuine academic event details to trick researchers into opening malware. The operation delivers a RokRAT variant through a fake document package that appears connected to a real seminar. The attackers used information from an actual academic event to…
-
One Misconfigured Python HTTP Server Exposed Three Active Campaigns from Attackers
One Misconfigured Python HTTP Server Exposed Three Active Campaigns from Attackers A forgotten web server can become a window into a criminal operation. In this case, a Python HTTP service left exposed on a virtual private server revealed the working materials of several attackers. The discovery offers a rare look at how phishing operations can…
-
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated 10.0 on the CVSS scoring…
-
ISC Stormcast For Monday, July 13th, 2026 https://isc.sans.edu/podcastdetail/10004, (Mon, Jul 13th)
ISC Stormcast For Monday, July 13th, 2026 https://isc.sans.edu/podcastdetail/10004, (Mon, Jul 13th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Wireshark 4.6.7 Released, (Sat, Jul 11th)
Wireshark 4.6.7 Released, (Sat, Jul 11th) Wireshark release 4.6.7 fixes 12 vulnerabilities and 16 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Australia warns of global campaign targeting vulnerable CMS platforms
Australia warns of global campaign targeting vulnerable CMS platforms The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins. […] Bill Toulas Go to bleepingcomputer
-
Apple Sues OpenAI and Former Employees for Alleged Theft of Trade Secrets
Apple Sues OpenAI and Former Employees for Alleged Theft of Trade Secrets Apple has filed a federal lawsuit against OpenAI, accusing the ChatGPT maker of orchestrating a systematic campaign to steal confidential hardware designs, manufacturing processes, and supplier relationships through more than 400 former Apple employees now working at OpenAI. The 41-page complaint, filed July…
-
Microsoft Teams on macOS Screen Sharing Bug Causing Blank Screens
Microsoft Teams on macOS Screen Sharing Bug Causing Blank Screens Microsoft has confirmed a known issue in Teams on macOS that causes screen sharing to fail, freeze, or show a blank black screen during meetings. The bug affects users running macOS versions older than macOS Tahoe 26.4, and Microsoft has now updated its rollout timeline…
-
New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents
New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents A novel supply chain attack called “Ghostcommit” that conceals prompt-injection instructions within PNG images to bypass AI code reviewers and trick coding agents into leaking secrets such as .env files. The ASSET Research Group demonstrated that a pull request containing an explicit, plain-text…
-
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux. Socket flagged the release six…
-
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. “At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen…
-
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially…
-
AWS GovCloud Credential Leak Leads CISA to Share Critical Cyber Incident Lessons
AWS GovCloud Credential Leak Leads CISA to Share Critical Cyber Incident Lessons The Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of an internal security incident involving exposed AWS GovCloud credentials, offering a transparent account… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Infect C++ and C# Project Files to Spread Multi-Stage Windows Backdoor
Hackers Infect C++ and C# Project Files to Spread Multi-Stage Windows Backdoor A sophisticated Windows Trojan that compromises software development projects to distribute a multi-stage backdoor, data stealer, clipboard hijacker, cryptominer, and file infector. Documented by Doctor… Delivered by PolitePaul service Go to gbhackers.com
-
Zimbra Releases Security Patch for Stored XSS Vulnerability in Classic Web Client
Zimbra Releases Security Patch for Stored XSS Vulnerability in Classic Web Client Zimbra has released its Daffodil v10.1.19 patch update, addressing a stored cross-site scripting (XSS) vulnerability in the platform’s Classic Web Client. The security issue… Delivered by PolitePaul service Go to gbhackers.com
-
Dell BIOS Flaw Lets Attackers Extract Plaintext Passwords Without Brute Force
Dell BIOS Flaw Lets Attackers Extract Plaintext Passwords Without Brute Force A newly disclosed Dell BIOS password-storage flaw can allow attackers with physical access to recover administrator and user passwords from SPI flash dumps in… Delivered by PolitePaul service Go to gbhackers.com
-
Top 10 Best Cloud Security Providers – 2026 Review
Top 10 Best Cloud Security Providers – 2026 Review As businesses continue to migrate critical applications and data to the cloud, the traditional security perimeter has dissolved. The responsibility for securing these dynamic,… Delivered by PolitePaul service Go to gbhackers.com
-
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets A PNG hiding a prompt injection could steal your repo’s secrets, researchers demonstrate. The technique, dubbed ‘Ghostcommit,’ slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo’s .env and…
-
New U-Boot flaws could enable stealthy firmware attacks
New U-Boot flaws could enable stealthy firmware attacks Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. […] Lawrence Abrams Go to bleepingcomputer
-
Ryuk ransomware member pleads guilty in the US, faces 15 years in prison
Ryuk ransomware member pleads guilty in the US, faces 15 years in prison A 34-year-old Armenian man has pleaded guilty to hacking U.S. companies and deploying the infamous Ryuk ransomware to encrypt their systems. […] Bill Toulas Go to bleepingcomputer
-
Police suspects Dutch hackers were involved in Odido breach
Police suspects Dutch hackers were involved in Odido breach The Dutch National Police (Politie) says it has found “strong indications” that Dutch hackers have been involved in a February breach at the telecommunications provider Odido. […] Sergiu Gatlan Go to bleepingcomputer
-
Progress urges ShareFile admins to shut down servers over “credible” threat
Progress urges ShareFile admins to shut down servers over “credible” threat Progress Software is emailing ShareFile customers who use Storage Zone Controllers to immediately shut down their servers after identifying what it describes as a “credible external security threat” targeting the on-premises secure file-sharing software. […] Lawrence Abrams Go to bleepingcomputer
-
Forg365 Phishing Platform Using AI to Attack Microsoft 365 Accounts
Forg365 Phishing Platform Using AI to Attack Microsoft 365 Accounts Forg365 is a phishing-as-a-service platform that targets Microsoft accounts, combining AI-powered phishing, session theft, and post-compromise mailbox access in a single operator panel The platform is reportedly distributed through Telegram, where criminals can access a 30-day trial, pay about per month, or choose an annual…
-
CISA Details “Lessons from a Cyber Incident” After AWS GovCloud Credentials Leak
CISA Details “Lessons from a Cyber Incident” After AWS GovCloud Credentials Leak CISA has published a candid after-action account revealing that a contractor accidentally exposed the agency’s own AWS GovCloud credentials and Infrastructure-as-Code repositories in a personal, public GitHub account, triggering an internal incident response and a rare public “lessons learned” disclosure from the federal…
-
Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds
Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds A critical flaw in how Dell stores BIOS administrator and user passwords allows full password recovery from a flash dump in milliseconds, with no brute force required. The vulnerability, tracked as CVE-2026-40639 (DSA-2026-197), stems from a broken XOR encryption scheme rather than…
-
281 Popular VPN Apps from the Google Play Store Leak Sensitive Data, Transfer Data Unencrypted
281 Popular VPN Apps from the Google Play Store Leak Sensitive Data, Transfer Data Unencrypted A new security study has found serious privacy and security issues in 281 popular Android VPN applications available on the Google Play Store. Researchers discovered that dozens of these apps transfer data without encryption, leak user traffic outside the VPN…
-
Progress Urges ShareFile Admins to Shut Down Servers Over Credible Security Threat
Progress Urges ShareFile Admins to Shut Down Servers Over Credible Security Threat Progress Software has issued an urgent advisory instructing customers running on-premises ShareFile Storage Zone Controllers to immediately power down the servers hosting these components, citing a “credible external security threat” against the platform. The notice, sent directly to customers’ inboxes, states that Progress…
-
URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat
URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a “credible external security threat.” The company has temporarily disabled access to the…
-
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages Unknown threat actors compromised the Injective Labs SDK project’s GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected], came embedded with fake telemetry functionality that exfiltrated data from…
-
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device.…
-
Laser Attack Resets Tangem Wallet Passwords on Cards That Can’t Be Patched
Laser Attack Resets Tangem Wallet Passwords on Cards That Can’t Be Patched Researchers at Ledger’s Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card’s password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever…
-
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief description of the high-severity vulnerabilities is as follows – GHSA-hjr6-g723-hmfm (CVSS score:…
-
Friday Squid Blogging: “Squidbleed” Vulnerability
Friday Squid Blogging: “Squidbleed” Vulnerability In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
AI Surveillance and Social Progress
AI Surveillance and Social Progress In the near future, AI-powered surveillance systems will be able to track everything we do in public, and much of what we do in private. And if we do something wrong—shoplift, litter, jaywalk, you name it—the system will notice, retain it, tie it to your official government record, communicate that…
-
Jen Ellis: Connecting Cyber Community With Political Machinery
Jen Ellis: Connecting Cyber Community With Political Machinery On the heels of her recent honors as a Member of the Order of the British Empire (MBE), we take a look back at the events that shaped Ellis’ advocacy on behalf of security researchers. Ericka Chickowski Go to gbhackers.com
-
Turning the Tables on Email Scammers With ‘ScamBuster’
Turning the Tables on Email Scammers With ‘ScamBuster’ An open source, AI-driven system adopts victim personas to engage with phishing attackers, allowing organizations and law enforcement to gather relevant data on cybercriminal operations. Elizabeth Montalbano Go to gbhackers.com
-
Cybercriminals Flock to Healthcare Businesses as Attacks Surge
Cybercriminals Flock to Healthcare Businesses as Attacks Surge While cyberattacks against hospitals and clinics grew modestly in the first half of 2026, attacks on service providers and other healthcare businesses more than doubled. Robert Lemos Go to gbhackers.com
-
Fresh ATM Crypto Software Bugs: Jackpot or Bust?
Fresh ATM Crypto Software Bugs: Jackpot or Bust? Organizations, and possibly ATMs, are at risk of compromise, thanks to holes in a Microsoft BitLocker security wrapper. Nate Nelson Go to gbhackers.com
-
AI Coding: Do Security Risks Outweigh Productivity Gains?
AI Coding: Do Security Risks Outweigh Productivity Gains? AI coding tools cost $19-$200/month/user, but security scanning, remediation, and false positives add hidden costs. Are the productivity gains worth it? Alexander Culafi Go to gbhackers.com
-
Wireshark 4.6.7 Released to Patch 12 Vulnerabilities in SSH, TLS, Wi-Fi and pcapng
Wireshark 4.6.7 Released to Patch 12 Vulnerabilities in SSH, TLS, Wi-Fi and pcapng Wireshark has released version 4.6.74.6.74.6.7, addressing 121212 security flaws across protocol dissectors, capture-file parsers, and its external capture interface. The update resolves issues affecting… Delivered by PolitePaul service Go to gbhackers.com
-
New Multi-Stage LNK Attack Targets Hospitality Firms With Node.js Backdoor
New Multi-Stage LNK Attack Targets Hospitality Firms With Node.js Backdoor Hospitality firms are being targeted in an active phishing campaign that uses fake booking-related emails to deliver a multi-stage Node.js backdoor. The attack chain abuses… Delivered by PolitePaul service Go to gbhackers.com
-
NetScaler MCP Gateway Secures LLM and Agentic AI Traffic From a Single Platform
NetScaler MCP Gateway Secures LLM and Agentic AI Traffic From a Single Platform Citrix, a Cloud Software Group company, announced major updates to its NetScaler® platform on July 9, 2026, introducing MCP Gateway functionality designed to secure… Delivered by PolitePaul service Go to gbhackers.com
-
Process Parameter Poisoning Technique Hides Shellcode Inside Windows Startup Data
Process Parameter Poisoning Technique Hides Shellcode Inside Windows Startup Data A newly documented Windows injection approach, dubbed Process Parameter Poisoning or P³, uses process startup parameters as an unconventional staging area for shellcode. Implemented… Delivered by PolitePaul service Go to gbhackers.com
-
Odyssey Stealer Attacks Macs Worldwide and Replaces Crypto Wallet Apps With Drainers
Odyssey Stealer Attacks Macs Worldwide and Replaces Crypto Wallet Apps With Drainers Odyssey Stealer is driving a large-scale macOS infostealer campaign that now spans more than 100 countries, with operators systematically hijacking cryptocurrency ecosystems by replacing… Delivered by PolitePaul service Go to gbhackers.com
-
Former ransomware negotiator gets 4 years for BlackCat attacks
Former ransomware negotiator gets 4 years for BlackCat attacks A former employee of cybersecurity incident response company DigitalMint was sentenced to 70 months in prison for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
OpenMandriva Linux says contributor tried to sabotage the project
OpenMandriva Linux says contributor tried to sabotage the project The OpenMandriva Linux project announced that it was the target of an attempted act of internal sabotage after a dispute among contributors. […] Bill Toulas Go to bleepingcomputer
-
Injective SDK on npm infected with cryptocurrency wallet stealer
Injective SDK on npm infected with cryptocurrency wallet stealer Hackers compromised the Injective Labs SDK project’s GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases. […] Bill Toulas Go to bleepingcomputer
-
New Helix vishing group emerges in SharePoint data theft attacks
New Helix vishing group emerges in SharePoint data theft attacks A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. […] Bill Toulas Go to bleepingcomputer
-
Microsoft expects more Windows security updates from AI-discovered flaws
Microsoft expects more Windows security updates from AI-discovered flaws Microsoft says Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase. […] Lawrence Abrams Go to bleepingcomputer
-
Hackers Turn 50+ Dormant GitHub Accounts Into a Network for Corporate Source Code Recon
Hackers Turn 50+ Dormant GitHub Accounts Into a Network for Corporate Source Code Recon Research has uncovered coordinated campaigns that use more than dormant GitHub accounts to map corporate organizations, repositories, and developers. The activity relies on GitHub’s API to collect public information. However, some operators have also attempted to access private source code repositories…
-
Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims
Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims A former Florida ransomware negotiator has been sentenced to 70 months in federal prison after conspiring with BlackCat/ALPHV ransomware operators and helping attack multiple U.S. victims. Angelo Martino, of Land O’Lakes, Florida, worked for a U.S.-based cyber incident response company. His role was to help…
-
GigaWiper Malware Attacking Windows Systems With Data Wipers and Fake Ransomware Notices
GigaWiper Malware Attacking Windows Systems With Data Wipers and Fake Ransomware Notices GigaWiper is a newly identified Windows threat built to do more than steal information or lock a screen. Once activated, it can erase disks, scramble files beyond recovery, and leave organizations facing sudden outages. Its arrival shows how destructive malware can combine several…
-
Django SQL Injection Vulnerability Actively Exploited in the Wild
Django SQL Injection Vulnerability Actively Exploited in the Wild A high-severity SQL injection vulnerability in the Django web framework is now being actively exploited in real-world attacks, raising concerns for organizations running geospatial applications on PostGIS-backed deployments. The flaw, tracked as CVE-2026-1207, affects Django’s GIS module and has been confirmed by multiple threat intelligence sources…
-
Braintree NuGet Typosquat Uses XOR-Obfuscated C2 to Hide Environment Secret Theft
Braintree NuGet Typosquat Uses XOR-Obfuscated C2 to Hide Environment Secret Theft A malicious NuGet package impersonating the Braintree .NET payment library has put production payment systems at risk. The package can collect live card details during transactions, then send the data away without alerting the application or its users. It also seeks credentials that could…
-
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Datadog Security Labs is warning of “several overlapping campaigns” that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. “Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old,…
-
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from. Each is a different way to…
-
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run…
-
ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories
ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it. This week is full of that kind of damage. Not loud. Not…