no alarms and no surprises please..
-
1M+ Emails Use Hidden Text to Dupe AI Security Filters
1M+ Emails Use Hidden Text to Dupe AI Security Filters Artificial intelligence and LLMs can be surprisingly ineffective against text salting, allowing phishing emails to slide right into your inbox. Nate Nelson Go to gbhackers.com
-
Dutch Police and Europol Disrupt Global Investment Scam Infrastructure and Arrest Key Suspects
Dutch Police and Europol Disrupt Global Investment Scam Infrastructure and Arrest Key Suspects Dutch police, working with international law-enforcement partners including Europol, have disrupted a sprawling investment-fraud operation alleged to have defrauded victims across multiple countries of… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Zoom Workplace Flaw Lets Unauthenticated Attackers Take Over Accounts Remotely
Critical Zoom Workplace Flaw Lets Unauthenticated Attackers Take Over Accounts Remotely Zoom has disclosed a critical vulnerability in its Windows desktop software that could allow unauthenticated attackers to take over user accounts remotely. This issue,… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Warns of Actively Exploited Oracle E-Business Suite Flaw
CISA Warns of Actively Exploited Oracle E-Business Suite Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that attackers are actively exploiting CVE-2026-46817, an improper privilege management vulnerability in Oracle E-Business… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Pair Stolen Wallet Databases With Keychain Passwords for Offline Crypto Theft
Hackers Pair Stolen Wallet Databases With Keychain Passwords for Offline Crypto Theft A macOS-focused information stealer is combining stolen wallet databases with credentials harvested from the Apple Keychain, browsers, and Apple Notes to conduct offline cryptocurrency… Delivered by PolitePaul service Go to gbhackers.com
-
Splunk Enterprise Flaws Expose Stored Credentials and Allow Arbitrary SPL Searches
Splunk Enterprise Flaws Expose Stored Credentials and Allow Arbitrary SPL Searches Splunk has released security updates for three vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These vulnerabilities could potentially expose stored credential hashes, enable… Delivered by PolitePaul service Go to gbhackers.com
-
Dutch police bust investment fraud ring stealing over €100 million
Dutch police bust investment fraud ring stealing over €100 million The Dutch Police announced the arrest of multiple individuals suspected of being part of an international investment fraud scheme estimated to have tens of thousands of victims. […] Bill Toulas Go to bleepingcomputer
-
Zoom warns of critical account takeover vulnerability
Zoom warns of critical account takeover vulnerability Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts. […] Bill Toulas Go to bleepingcomputer
-
Google Gemini CLI abused as a hacking agent, malware botnet operator
Google Gemini CLI abused as a hacking agent, malware botnet operator A Russian-speaking threat actor known as “bandcampro” used Google’s open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. […] Bill Toulas Go to bleepingcomputer
-
AsyncAPI npm packages infected with credential-stealing malware
AsyncAPI npm packages infected with credential-stealing malware Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that delivered a remote access trojan with info-stealing capabilities. […] Bill Toulas Go to bleepingcomputer
-
We built a vulnerability vending machine: AI tokens in, zero-days out
We built a vulnerability vending machine: AI tokens in, zero-days out Intruder built an AI-powered “vulnerability vending machine” that combines code slicing with LLMs to automatically discover complex software vulnerabilities. The company explains how the system found and exploited a previously unknown WordPress plugin zero-day, with additional discoveries already under responsible disclosure. […] Sponsored by…
-
New TuxBot v3 IoT Botnet Uses LLM-Generated Code to Hijack Devices and Launch DDoS Attacks
New TuxBot v3 IoT Botnet Uses LLM-Generated Code to Hijack Devices and Launch DDoS Attacks A newly identified IoT botnet framework, TuxBot v3 Evolution, is targeting internet-connected devices and turning compromised systems into tools for distributed denial-of-service attacks. The malware can run across a wide range of device architectures, creating a broad risk for routers,…
-
Zoom Desktop Client for Windows Flaw Enables Account Takeover via Network Access
Zoom Desktop Client for Windows Flaw Enables Account Takeover via Network Access Zoom has released updates for a critical Windows desktop client vulnerability, tracked as CVE-2026-53412, that could allow unauthenticated attackers to remotely take over user accounts. This flaw arises from improper input validation and may enable unauthenticated attackers to execute account takeover attacks via…
-
Multiple Splunk Enterprise Vulnerabilities Enable Path Traversal and Information Disclosure Attacks
Multiple Splunk Enterprise Vulnerabilities Enable Path Traversal and Information Disclosure Attacks Splunk has released security updates addressing multiple vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These flaws could lead to issues such as path traversal, disclosure of stored credential hashes, and arbitrary execution of SPL (Search Processing Language) searches. Three security vulnerabilities affecting both…
-
CISA Warns of Oracle E-Business Suite Vulnerability Actively Exploited in Attacks
CISA Warns of Oracle E-Business Suite Vulnerability Actively Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in attacks. This flaw impacts Oracle Payments, a component of Oracle E-Business Suite.…
-
Hackers Can Type a Secret Username at the Windows Login Screen to Open a SYSTEM Shell
Hackers Can Type a Secret Username at the Windows Login Screen to Open a SYSTEM Shell A stealthy Windows backdoor has resurfaced alongside Daxin, a sophisticated espionage tool previously tied to China-linked activity. The newly documented implant lets an intruder type a special username at the Windows sign-in screen and, in some cases, immediately open…
-
Forgotten UEFI shims undermining Secure Boot
Forgotten UEFI shims undermining Secure Boot ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities Go to eset
-
Police Disrupt a €140M Cyber Fraud Ring in Spain
Police Disrupt a €140M Cyber Fraud Ring in Spain Iberian hackers carried out a variety of cyberattacks and laundered the winnings through complex financial networks. Nate Nelson Go to gbhackers.com
-
TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development
TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results. “While the AI complied with their request to…
-
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet’s own…
-
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below – CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719, a site isolation in the DOM: Navigation…
-
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough. For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools,…
-
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a…
-
SonicWall SMA1000 vulnerabilities in active exploitation
SonicWall SMA1000 vulnerabilities in active exploitation Categories: Threat Research Tags: advisory, Vulnerabilities, SonicWall Go to sophos
-
A Video Screen That Is Also a Camera
A Video Screen That Is Also a Camera Amazing: Researchers from ETH Zurich in Switzerland, however, managed to create a new type of pixel that can simultaneously do both. This hypercharged pixel, called a Fourier pixel, can generate and sense arbitrary light fields and tap into a pixel’s full potential for carrying information by manipulating…
-
ISC Stormcast For Thursday, July 16th, 2026 https://isc.sans.edu/podcastdetail/10010, (Thu, Jul 16th)
ISC Stormcast For Thursday, July 16th, 2026 https://isc.sans.edu/podcastdetail/10010, (Thu, Jul 16th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Weekly Update 512: IoT Lockout Fail
Weekly Update 512: IoT Lockout Fail “Build a smart home”, they said. “It’ll make life so much better”, they said. Well, life wasn’t very bloody good at 23:00 the other night after travelling 33 hours from Paris only to find the IoT doorlock batteries dead and the 9V “jump start” procedure completely failing! Eventually, the…
-
Forgotten Bootloaders Expose Secure Boot Blind Spot
Forgotten Bootloaders Expose Secure Boot Blind Spot Nearly a dozen vulnerable and now revoked UEFI shim bootloaders remained trusted for years, giving attackers a path to bypass Secure Boot. Jai Vijayan Go to gbhackers.com
-
Identity Attacks Overtake Exploits as Top Ransomware Cause
Identity Attacks Overtake Exploits as Top Ransomware Cause Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise. Alexander Culafi Go to gbhackers.com
-
Guten Tag, Bonjour, Hola to Our European Cyber Defenders!
Guten Tag, Bonjour, Hola to Our European Cyber Defenders! We’re thrilled to unveil the latest evolution of Dark Reading’s DR Global section — your go-to source for region-specific cybersecurity intelligence beyond North America. Tara Seals Go to gbhackers.com
-
Is ‘Tech-xit’ Imminent? UK Steps Up Sovereignty Push Amid AI Strife
Is ‘Tech-xit’ Imminent? UK Steps Up Sovereignty Push Amid AI Strife The US government’s restrictions on Anthropic and OpenAI frontier models have intensified calls in the UK and other countries to reduce their reliance on US tech companies, with significant cyber implications. Rob Wright Go to gbhackers.com
-
Claude Flaw Automatically Sends Malicious Prompts to AI Agents
Claude Flaw Automatically Sends Malicious Prompts to AI Agents When combined with another exploit, the “PromptFiction” vulnerability, which has been fixed, could have enabled an end-to-end attack on a targeted system. Elizabeth Montalbano Go to gbhackers.com
-
2-Click Cursor Exploit Enables Dev Environment Takeover
2-Click Cursor Exploit Enables Dev Environment Takeover Simple age-old bugs give bad actors access to developers’ secrets and source code-rich environments. Nate Nelson Go to gbhackers.com
-
Dell Warns of Critical PowerProtect Data Domain Flaws Allowing Remote Attackers to Take Complete…
Dell Warns of Critical PowerProtect Data Domain Flaws Allowing Remote Attackers to Take Complete… Dell has recently disclosed two critical vulnerabilities in PowerProtect Data Domain appliances that could allow unauthenticated remote attackers to gain complete control of affected… Delivered by PolitePaul service Go to gbhackers.com
-
11 Malicious NuGet Game Cheat Packages Deploy Pepesoft Windows Surveillance Malware
11 Malicious NuGet Game Cheat Packages Deploy Pepesoft Windows Surveillance Malware 11 malicious NuGet packages masquerading as game cheats, automation bots, and management “panels” that deploy a Windows payload called pepesoft.exe. The packages were published… Delivered by PolitePaul service Go to gbhackers.com
-
SheetAgent RAT Runs 14 Virtual Machine Checks and Self-Deletes When Analysis Is Detected
SheetAgent RAT Runs 14 Virtual Machine Checks and Self-Deletes When Analysis Is Detected A threat campaign targeting Indian government job seekers is using a recruitment notice for Senior Field Officer positions in the Cabinet Secretariat as a… Delivered by PolitePaul service Go to gbhackers.com
-
FaceTime Scammers Combine Credential Theft, Remote-Access Apps, and iOS Exploits for Device Takeover.
FaceTime Scammers Combine Credential Theft, Remote-Access Apps, and iOS Exploits for Device Takeover. Apple-focused scam operations are increasingly using FaceTime as a high-trust social-engineering channel to steal credentials and, in higher-risk cases, prepare victims for device compromise…. Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Fixes Multiple Windows RDP Flaws Exposing Sensitive Data Over the Network
Microsoft Fixes Multiple Windows RDP Flaws Exposing Sensitive Data Over the Network Microsoft has addressed multiple information-disclosure vulnerabilities in the Windows Remote Desktop Protocol (RDP). This widely used service enables remote administration and access to Windows… Delivered by PolitePaul service Go to gbhackers.com
-
CISA warns admins to patch actively exploited SharePoint flaws
CISA warns admins to patch actively exploited SharePoint flaws The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting three vulnerabilities to hack Internet-exposed on-premises SharePoint Server instances. […] Sergiu Gatlan Go to bleepingcomputer
-
Microsoft: Some Dell PCs shut down after recent Windows updates
Microsoft: Some Dell PCs shut down after recent Windows updates Microsoft is blocking this month’s Windows 11 security updates on some Dell devices because they are causing shutdowns and performance issues. […] Sergiu Gatlan Go to bleepingcomputer
-
US charges alleged operators of Russian bulletproof hosting service
US charges alleged operators of Russian bulletproof hosting service U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of providing bulletproof hosting (BPH) services to ransomware gangs that caused over $62 million in damages to victims worldwide. […] Sergiu Gatlan Go to bleepingcomputer
-
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates. […] Lawrence Abrams Go to bleepingcomputer
-
Spanish Police take down €140 million cyber fraud ring, arrest four
Spanish Police take down €140 million cyber fraud ring, arrest four The Spanish Police dismantled a cybercrime and money-laundering organization that made €140 million ($160 million) from investment fraud and business email compromise (BEC) attacks. […] Bill Toulas Go to bleepingcomputer
-
Critical SonicWall Firewall 0-Day Vulnerabilities Actively Exploited in Attacks
Critical SonicWall Firewall 0-Day Vulnerabilities Actively Exploited in Attacks SonicWall has issued an urgent security advisory regarding two vulnerabilities affecting its SMA1000 Series appliances. The company is warning that attackers are actively exploiting these flaws in real-world attacks. The most critical issue, tracked as CVE-2026-15409, carries a maximum CVSS severity score of 10.0 and can…
-
Researcher Claims Bypass of EU Age Verification App Using Chrome Extension
Researcher Claims Bypass of EU Age Verification App Using Chrome Extension Security researcher Paul Moore has once again exposed critical weaknesses in the EU’s flagship age verification system, this time by bypassing the latest app release (version 2026.07-1) using a Chrome extension powered by ClaudeAI. The proof-of-concept shows that, despite months of “security hardening,” a…
-
Chinese Hackers Embed Claude Code and DeepSeek in AI-Powered Government Cyberattacks
Chinese Hackers Embed Claude Code and DeepSeek in AI-Powered Government Cyberattacks An active, highly structured intrusion campaign co-opting commercial artificial intelligence platforms as operational engines for state-sponsored operations. Rather than acting as peripheral research tools, Claude Code and DeepSeek-v4-pro were embedded directly into the core execution flows of a China-linked cyber espionage campaign. The operation…
-
Gamers Download Fake Cheats and Hand Attackers a Live Remote Control of Their Windows PCs
Gamers Download Fake Cheats and Hand Attackers a Live Remote Control of Their Windows PCs New research uncovered 11 malicious NuGet packages disguised as game cheats, bots, and management panels for popular online titles. The campaign targets gaming communities playing titles such as Albion Online, GTA5RP, GrandRP, Majestic RP, and Throne and Liberty. Once installed,…
-
New LegacyHive Windows 0-day Vulnerability Allows Users to Load Another User’s Registry
New LegacyHive Windows 0-day Vulnerability Allows Users to Load Another User’s Registry A proof-of-concept exploit dubbed LegacyHive has been released, enabling a Windows elevation-of-privilege vulnerability in the Windows User Profile Service that allows a standard user to load another user’s registry hive under their own registry classes root. Registry hives are files that store configuration…
-
Nigeria Deepens Cybersecurity Efforts as Cybercriminals See More Profits
Nigeria Deepens Cybersecurity Efforts as Cybercriminals See More Profits The West African country advanced rules to force organizations to disclose cyberattacks, joining other nations in a shift to mandated transparency. Robert Lemos Go to gbhackers.com
-
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below – CVE-2026-15409 (CVSS score: 10.0) – A Server-side request forgery…
-
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft’s own CVEs by its Security Update Guide count, more than triple June’s previous high of around 200. Those two live…
-
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows…
-
Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads
Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already…
-
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. “LabubaRAT creates a reusable foothold for hands-on activity,” Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today.…
-
Upcoming Speaking Engagements
Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking (virtually) at the Policy-Relevant Privacy Research Workshop in Calgary, Canada, on Monday, July 20, 2026. I’m speaking at Boston Leadership Exchange in Boston, Massachusetts, USA, on Wednesday, July 22, 2026. I’m speaking at Cognitive Security Conference…
-
Vulnerability in FIFA’s Network
Vulnerability in FIFA’s Network FIFA’s network was vulnerable to anyone with even minimal access. Bruce Schneier Go to bruce schneier
-
ISC Stormcast For Wednesday, July 15th, 2026 https://isc.sans.edu/podcastdetail/10008, (Wed, Jul 15th)
ISC Stormcast For Wednesday, July 15th, 2026 https://isc.sans.edu/podcastdetail/10008, (Wed, Jul 15th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Recent DShield SIEM Update, (Tue, Jul 14th)
Recent DShield SIEM Update, (Tue, Jul 14th) The last update to the DShield SIEM [4] was in Sep 2025 which contained some minor tweaks. This update currently is using ELK stack version 8.19.15, contains some additional dashboards and new logs. The following have been added to the DShield SIEM to provide additional information about what…
-
Microsoft Patch Tuesday July 2026 – The AI Acopolypse is Here , (Tue, Jul 14th)
Microsoft Patch Tuesday July 2026 – The AI Acopolypse is Here , (Tue, Jul 14th) This patch Tuesday includes a staggering 622 vulnerabilities, not including another 427 vulnerabilities in Chromium, affecting Microsoft’s Edge browser. 62 of the vulnerabilities are rated critical. One was disclosed before today, and two have already been exploited. Given the large number…
-
Microsoft Patches a Record 570 Security Flaws
Microsoft Patches a Record 570 Security Flaws Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries…
-
The ransomware negotiator who was working for the other side
The ransomware negotiator who was working for the other side When a company falls victim to a ransomware attack, it is not uncommon for it to turn to experts for help. Specialist ransomware negotiation firms handle communications with criminal gangs on a victim’s behalf. What victims don’t expect is that their trusted negotiator might be…
-
Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes
Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes Three of the 622 CVEs for which Microsoft issued patches this week are zero-days; there are more than 60 critical vulnerabilities. Jai Vijayan Go to gbhackers.com
-
6 GHz Wi-Fi Flaws Could Disrupt Critical Systems
6 GHz Wi-Fi Flaws Could Disrupt Critical Systems Automated Frequency Coordination systems by default trust client-side data, which could lead to location spoofing and other attacks that disrupt traffic. Alexander Culafi Go to gbhackers.com
-
Manage Vendor Risk in a Few Practical Steps
Manage Vendor Risk in a Few Practical Steps Risk tolerance, exposure visibility, board oversight — handling third-party risk is complicated but achievable with disciplined, precise governance. Daniel Nutkis Go to gbhackers.com
-
Frontier AI: The Genie’s Out of the Bottle, But Where’s the Rulebook?
Frontier AI: The Genie’s Out of the Bottle, But Where’s the Rulebook? Cutting-edge artificial intelligence models are deploying with more independence and less human oversight. Several state governments are trying to legislate transparency in their use. Arielle Waldman Go to gbhackers.com
-
Cursor IDE Auto-Executes Malicious Code in Poisoned Repos
Cursor IDE Auto-Executes Malicious Code in Poisoned Repos Researchers reported the vulnerability to Cursor in December, but it still remains in the popular AI coding platform and can be exploited in poisoned repository attacks. Alexander Culafi Go to gbhackers.com
-
SAP July 2026 Patch Day Fixes Critical NetWeaver, Approuter, and Commerce Cloud Vulnerabilities
SAP July 2026 Patch Day Fixes Critical NetWeaver, Approuter, and Commerce Cloud Vulnerabilities SAP’s July 2026 Security Patch Day addresses multiple high-impact vulnerabilities across its enterprise products, including a severe memory corruption issue in the SAP NetWeaver… Delivered by PolitePaul service Go to gbhackers.com
-
WinFsp Race Condition Flaw Allows Attackers to Gain SYSTEM-Level Access on Windows
WinFsp Race Condition Flaw Allows Attackers to Gain SYSTEM-Level Access on Windows A newly disclosed vulnerability in the Windows File System Proxy (WinFsp) could allow a local attacker to gain SYSTEM-level privileges by exploiting a race… Delivered by PolitePaul service Go to gbhackers.com
-
ShinyHunters Hackers Abuse Salesforce OAuth to Bypass MFA and Exfiltrate CRM Data
ShinyHunters Hackers Abuse Salesforce OAuth to Bypass MFA and Exfiltrate CRM Data A series of high-impact campaigns linked by overlapping tradecraft to ShinyHunters, in which attackers abused trusted Salesforce OAuth relationships to bypass conventional MFA protections,… Delivered by PolitePaul service Go to gbhackers.com
-
Pro-Iran Hacktivist Groups Launch DDoS and Hack-and-Leak Attacks Against Critical Infrastructure
Pro-Iran Hacktivist Groups Launch DDoS and Hack-and-Leak Attacks Against Critical Infrastructure A decentralized network of pro-Iran hacktivist groups is intensifying cyber operations against critical infrastructure, government entities, technology providers, and organizations perceived as aligned with… Delivered by PolitePaul service Go to gbhackers.com
-
ModHeader Chrome Extension Exposes 900,000 Users to Potential Browsing History Theft
ModHeader Chrome Extension Exposes 900,000 Users to Potential Browsing History Theft ModHeader version 7.0.187.0.187.0.18, a popular Chrome extension used for modifying HTTP headers, contained dormant code capable of collecting and exfiltrating browsing history data from… Delivered by PolitePaul service Go to gbhackers.com
-
US sanctions VPN, malware providers for enabling ransomware attacks
US sanctions VPN, malware providers for enabling ransomware attacks The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations. […] Sergiu Gatlan Go to bleepingcomputer
-
Japan’s largest taxi operator shuts systems after cyberattack
Japan’s largest taxi operator shuts systems after cyberattack Japan’s largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure. […] Bill Toulas Go to bleepingcomputer
-
Hackers backdoor Jscrambler npm package with infostealer malware
Hackers backdoor Jscrambler npm package with infostealer malware The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been downloaded almost 1,500 times. […] Bill Toulas Go to bleepingcomputer
-
New CrashStealer malware poses as Apple crash reporting tool
New CrashStealer malware poses as Apple crash reporting tool A new macOS information-stealing malware called CrashStealer pretends to be Apple’s crash-reporting tool to steal credentials, keychain data, and crypto wallets. […] Bill Toulas Go to bleepingcomputer
-
CISA warns of actively exploited RCE flaws in Joomla extensions
CISA warns of actively exploited RCE flaws in Joomla extensions The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to achieve remote code execution through arbitrary file uploads. […] Bill Toulas Go to bleepingcomputer
-
Chrome Extension Used by 1.6 Million Users Silently Included Data Exfiltration Capabilities
Chrome Extension Used by 1.6 Million Users Silently Included Data Exfiltration Capabilities A widely used browser extension, ModHeader, has been removed from the Chrome Web Store after researchers found that its signed release contained a dormant capability to collect, encrypt, and potentially upload users’ browsing-domain data. The extension reportedly had about 1.6 million combined installations…
-
Telegram’s t.me Domain Suspended, ServerHold Status Breaks Links Worldwide
Telegram’s t.me Domain Suspended, ServerHold Status Breaks Links Worldwide Telegram’s core t[.]me domain has been placed on serverHold at the .me registry, a registry-level status that removes the domain from the global DNS and breaks every t[.]me short link worldwide. WHOIS records confirm the domain now carries eight status flags, including serverHold, clientDeleteProhibited, and serverDeleteProhibited,…
-
New macOS Stealer Mimics Apple’s Crash Report Framework to Steal Browser Credentials
New macOS Stealer Mimics Apple’s Crash Report Framework to Steal Browser Credentials CrashStealer, a native C++ macOS infostealer that disguises itself as Apple’s built-in crash-reporting utility to harvest browser credentials, cryptocurrency wallets, password manager data, and keychain contents before encrypting and exfiltrating everything to a remote command-and-control server. Jamf first spotted a suspicious sample on…
-
Torq and Criminal IP Partner to Deliver Decision-Ready Threat Intelligence for Autonomous SOC Operations
Torq and Criminal IP Partner to Deliver Decision-Ready Threat Intelligence for Autonomous SOC Operations Torrance, California, USA, July 13th, 2026, CyberNewswire Criminal IP, the cyber threat intelligence search engine and attack surface management platform, today announced a new partnership and integration with Torq, the established agentic security operations leader. The partnership integrates Criminal IP’s decision-ready…
-
Turla Hackers Exploit SharePoint Flaw to Access Thousands of French User Accounts
Turla Hackers Exploit SharePoint Flaw to Access Thousands of French User Accounts Turla, a long-running cyber espionage operation linked by French authorities to Russia’s Federal Security Service, has again drawn attention after investigators detailed compromises affecting French organizations. The group has been active for more than two decades and is known for quietly stealing sensitive…
-
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth connections that tie…
-
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs. “It…
-
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched…
-
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t…
-
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false “fact” about the user,…
-
AI Data Centers and the Concentration of Wealth
AI Data Centers and the Concentration of Wealth This essay was written with Nathan E. Sanders, and originally appeared in The Guardian. Opposition to AI data centers has emerged as a primary theme in US politics, one that—surprisingly—doesn’t fall along party lines. We applaud people coming together for constructive debate on any issue, and agree…
-
ISC Stormcast For Tuesday, July 14th, 2026 https://isc.sans.edu/podcastdetail/10006, (Tue, Jul 14th)
ISC Stormcast For Tuesday, July 14th, 2026 https://isc.sans.edu/podcastdetail/10006, (Tue, Jul 14th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Someone Is Scanning for Your MCP Servers and AI Assistant Credentials, (Mon, Jul 13th)
Someone Is Scanning for Your MCP Servers and AI Assistant Credentials, (Mon, Jul 13th) The setup I pulled 14 days of Apache and ModSecurity logs from a single small web host. Nothing special about it. A handful of low-traffic virtual hosts. A WordPress site, a couple of custom application backends, a static devotional site. The…
-
Lessons Learned from CISA’s Recent GitHub Leak
Lessons Learned from CISA’s Recent GitHub Leak The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a recent data leak in which a contractor published dozens of internal CISA credentials — including AWS Govcloud keys — in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say…
-
Weak Security Continues to Fuel Russian Cyberattacks
Weak Security Continues to Fuel Russian Cyberattacks In a first, the UK and the EU jointly impose sanctions on Russian individuals and entities for cyberattacks and disinformation campaigns in the region. Jai Vijayan Go to gbhackers.com
-
‘Yellow Teams’ Are Defining the Future of AI Security
‘Yellow Teams’ Are Defining the Future of AI Security In some companies, engineers are building defense and attack tools to test the potential of artificial intelligence for cybersecurity — and its threat. Nate Nelson Go to gbhackers.com
-
GigaWiper Lets Threat Actors Choose Their Own Destructive Attack
GigaWiper Lets Threat Actors Choose Their Own Destructive Attack A modular implant borrows from various malware families to combine both backdoor and wiper activities to maximize impact and minimize operational output. Elizabeth Montalbano Go to gbhackers.com
-
Debian 13.6 Released With Security Updates for Linux, Apache, Curl, QEMU, and More
Debian 13.6 Released With Security Updates for Linux, Apache, Curl, QEMU, and More The Debian Project has released Debian 13.6, the sixth point update for its stable Debian 13 “trixie” distribution. This update, released on July 11,… Delivered by PolitePaul service Go to gbhackers.com
-
BusySnake Stealer Uses Reverse SSH Tunnels and AI-Generated Loaders to Evade Detection
BusySnake Stealer Uses Reverse SSH Tunnels and AI-Generated Loaders to Evade Detection Armored Likho, a previously undocumented threat group also tracked as Eagle Werewolf based on circumstantial evidence, is targeting government institutions and electric-power organizations across… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Warns of Actively Exploited iCagenda and Balbooa Forms File Upload Flaws
CISA Warns of Actively Exploited iCagenda and Balbooa Forms File Upload Flaws The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two file-upload vulnerabilities, affecting iCagenda and Balbooa Forms, to its Known Exploited Vulnerabilities (KEV)… Delivered by PolitePaul service Go to gbhackers.com
-
Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace
Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace The APT-C-60 threat actor has continued targeting Japanese organizations with a spear-phishing campaign that abuses Proton Drive, Windows shortcut files, trusted developer platforms, and… Delivered by PolitePaul service Go to gbhackers.com
-
Critical WordPress OAuth SSO Plugin Flaw Allows Unauthenticated Attackers to Gain Admin Access
Critical WordPress OAuth SSO Plugin Flaw Allows Unauthenticated Attackers to Gain Admin Access A critical authentication bypass vulnerability has been disclosed in the widely used miniOrange OAuth Single Sign-On (SSO) WordPress plugin, carrying a near-maximum CVSS score… Delivered by PolitePaul service Go to gbhackers.com
-
US and allies warn of Russian critical infrastructure attacks
US and allies warn of Russian critical infrastructure attacks Cybersecurity agencies from the United States and eight other countries have issued a joint warning that Russian state hackers are targeting vulnerable and poorly configured routers to infiltrate critical infrastructure networks. […] Sergiu Gatlan Go to bleepingcomputer
-
OpenAI temporarily relaxes GPT-5.6 Sol usage limits
OpenAI temporarily relaxes GPT-5.6 Sol usage limits OpenAI is temporarily relaxing GPT-5.6 Sol usage after demand for the company’s most powerful model surged over the past 48 hours. […] Mayank Parmar Go to bleepingcomputer