no alarms and no surprises please..
-
AWS GovCloud Credential Leak Leads CISA to Share Critical Cyber Incident Lessons
AWS GovCloud Credential Leak Leads CISA to Share Critical Cyber Incident Lessons The Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of an internal security incident involving exposed AWS GovCloud credentials, offering a transparent account… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Infect C++ and C# Project Files to Spread Multi-Stage Windows Backdoor
Hackers Infect C++ and C# Project Files to Spread Multi-Stage Windows Backdoor A sophisticated Windows Trojan that compromises software development projects to distribute a multi-stage backdoor, data stealer, clipboard hijacker, cryptominer, and file infector. Documented by Doctor… Delivered by PolitePaul service Go to gbhackers.com
-
Zimbra Releases Security Patch for Stored XSS Vulnerability in Classic Web Client
Zimbra Releases Security Patch for Stored XSS Vulnerability in Classic Web Client Zimbra has released its Daffodil v10.1.19 patch update, addressing a stored cross-site scripting (XSS) vulnerability in the platform’s Classic Web Client. The security issue… Delivered by PolitePaul service Go to gbhackers.com
-
Dell BIOS Flaw Lets Attackers Extract Plaintext Passwords Without Brute Force
Dell BIOS Flaw Lets Attackers Extract Plaintext Passwords Without Brute Force A newly disclosed Dell BIOS password-storage flaw can allow attackers with physical access to recover administrator and user passwords from SPI flash dumps in… Delivered by PolitePaul service Go to gbhackers.com
-
Top 10 Best Cloud Security Providers – 2026 Review
Top 10 Best Cloud Security Providers – 2026 Review As businesses continue to migrate critical applications and data to the cloud, the traditional security perimeter has dissolved. The responsibility for securing these dynamic,… Delivered by PolitePaul service Go to gbhackers.com
-
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets A PNG hiding a prompt injection could steal your repo’s secrets, researchers demonstrate. The technique, dubbed ‘Ghostcommit,’ slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo’s .env and…
-
New U-Boot flaws could enable stealthy firmware attacks
New U-Boot flaws could enable stealthy firmware attacks Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. […] Lawrence Abrams Go to bleepingcomputer
-
Ryuk ransomware member pleads guilty in the US, faces 15 years in prison
Ryuk ransomware member pleads guilty in the US, faces 15 years in prison A 34-year-old Armenian man has pleaded guilty to hacking U.S. companies and deploying the infamous Ryuk ransomware to encrypt their systems. […] Bill Toulas Go to bleepingcomputer
-
Police suspects Dutch hackers were involved in Odido breach
Police suspects Dutch hackers were involved in Odido breach The Dutch National Police (Politie) says it has found “strong indications” that Dutch hackers have been involved in a February breach at the telecommunications provider Odido. […] Sergiu Gatlan Go to bleepingcomputer
-
Progress urges ShareFile admins to shut down servers over “credible” threat
Progress urges ShareFile admins to shut down servers over “credible” threat Progress Software is emailing ShareFile customers who use Storage Zone Controllers to immediately shut down their servers after identifying what it describes as a “credible external security threat” targeting the on-premises secure file-sharing software. […] Lawrence Abrams Go to bleepingcomputer
-
Forg365 Phishing Platform Using AI to Attack Microsoft 365 Accounts
Forg365 Phishing Platform Using AI to Attack Microsoft 365 Accounts Forg365 is a phishing-as-a-service platform that targets Microsoft accounts, combining AI-powered phishing, session theft, and post-compromise mailbox access in a single operator panel The platform is reportedly distributed through Telegram, where criminals can access a 30-day trial, pay about per month, or choose an annual…
-
CISA Details “Lessons from a Cyber Incident” After AWS GovCloud Credentials Leak
CISA Details “Lessons from a Cyber Incident” After AWS GovCloud Credentials Leak CISA has published a candid after-action account revealing that a contractor accidentally exposed the agency’s own AWS GovCloud credentials and Infrastructure-as-Code repositories in a personal, public GitHub account, triggering an internal incident response and a rare public “lessons learned” disclosure from the federal…
-
Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds
Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds A critical flaw in how Dell stores BIOS administrator and user passwords allows full password recovery from a flash dump in milliseconds, with no brute force required. The vulnerability, tracked as CVE-2026-40639 (DSA-2026-197), stems from a broken XOR encryption scheme rather than…
-
281 Popular VPN Apps from the Google Play Store Leak Sensitive Data, Transfer Data Unencrypted
281 Popular VPN Apps from the Google Play Store Leak Sensitive Data, Transfer Data Unencrypted A new security study has found serious privacy and security issues in 281 popular Android VPN applications available on the Google Play Store. Researchers discovered that dozens of these apps transfer data without encryption, leak user traffic outside the VPN…
-
Progress Urges ShareFile Admins to Shut Down Servers Over Credible Security Threat
Progress Urges ShareFile Admins to Shut Down Servers Over Credible Security Threat Progress Software has issued an urgent advisory instructing customers running on-premises ShareFile Storage Zone Controllers to immediately power down the servers hosting these components, citing a “credible external security threat” against the platform. The notice, sent directly to customers’ inboxes, states that Progress…
-
URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat
URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a “credible external security threat.” The company has temporarily disabled access to the…
-
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages Unknown threat actors compromised the Injective Labs SDK project’s GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected], came embedded with fake telemetry functionality that exfiltrated data from…
-
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device.…
-
Laser Attack Resets Tangem Wallet Passwords on Cards That Can’t Be Patched
Laser Attack Resets Tangem Wallet Passwords on Cards That Can’t Be Patched Researchers at Ledger’s Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card’s password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever…
-
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief description of the high-severity vulnerabilities is as follows – GHSA-hjr6-g723-hmfm (CVSS score:…
-
Friday Squid Blogging: “Squidbleed” Vulnerability
Friday Squid Blogging: “Squidbleed” Vulnerability In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
AI Surveillance and Social Progress
AI Surveillance and Social Progress In the near future, AI-powered surveillance systems will be able to track everything we do in public, and much of what we do in private. And if we do something wrong—shoplift, litter, jaywalk, you name it—the system will notice, retain it, tie it to your official government record, communicate that…
-
Jen Ellis: Connecting Cyber Community With Political Machinery
Jen Ellis: Connecting Cyber Community With Political Machinery On the heels of her recent honors as a Member of the Order of the British Empire (MBE), we take a look back at the events that shaped Ellis’ advocacy on behalf of security researchers. Ericka Chickowski Go to gbhackers.com
-
Turning the Tables on Email Scammers With ‘ScamBuster’
Turning the Tables on Email Scammers With ‘ScamBuster’ An open source, AI-driven system adopts victim personas to engage with phishing attackers, allowing organizations and law enforcement to gather relevant data on cybercriminal operations. Elizabeth Montalbano Go to gbhackers.com
-
Cybercriminals Flock to Healthcare Businesses as Attacks Surge
Cybercriminals Flock to Healthcare Businesses as Attacks Surge While cyberattacks against hospitals and clinics grew modestly in the first half of 2026, attacks on service providers and other healthcare businesses more than doubled. Robert Lemos Go to gbhackers.com
-
Fresh ATM Crypto Software Bugs: Jackpot or Bust?
Fresh ATM Crypto Software Bugs: Jackpot or Bust? Organizations, and possibly ATMs, are at risk of compromise, thanks to holes in a Microsoft BitLocker security wrapper. Nate Nelson Go to gbhackers.com
-
AI Coding: Do Security Risks Outweigh Productivity Gains?
AI Coding: Do Security Risks Outweigh Productivity Gains? AI coding tools cost $19-$200/month/user, but security scanning, remediation, and false positives add hidden costs. Are the productivity gains worth it? Alexander Culafi Go to gbhackers.com
-
Wireshark 4.6.7 Released to Patch 12 Vulnerabilities in SSH, TLS, Wi-Fi and pcapng
Wireshark 4.6.7 Released to Patch 12 Vulnerabilities in SSH, TLS, Wi-Fi and pcapng Wireshark has released version 4.6.74.6.74.6.7, addressing 121212 security flaws across protocol dissectors, capture-file parsers, and its external capture interface. The update resolves issues affecting… Delivered by PolitePaul service Go to gbhackers.com
-
New Multi-Stage LNK Attack Targets Hospitality Firms With Node.js Backdoor
New Multi-Stage LNK Attack Targets Hospitality Firms With Node.js Backdoor Hospitality firms are being targeted in an active phishing campaign that uses fake booking-related emails to deliver a multi-stage Node.js backdoor. The attack chain abuses… Delivered by PolitePaul service Go to gbhackers.com
-
NetScaler MCP Gateway Secures LLM and Agentic AI Traffic From a Single Platform
NetScaler MCP Gateway Secures LLM and Agentic AI Traffic From a Single Platform Citrix, a Cloud Software Group company, announced major updates to its NetScaler® platform on July 9, 2026, introducing MCP Gateway functionality designed to secure… Delivered by PolitePaul service Go to gbhackers.com
-
Process Parameter Poisoning Technique Hides Shellcode Inside Windows Startup Data
Process Parameter Poisoning Technique Hides Shellcode Inside Windows Startup Data A newly documented Windows injection approach, dubbed Process Parameter Poisoning or P³, uses process startup parameters as an unconventional staging area for shellcode. Implemented… Delivered by PolitePaul service Go to gbhackers.com
-
Odyssey Stealer Attacks Macs Worldwide and Replaces Crypto Wallet Apps With Drainers
Odyssey Stealer Attacks Macs Worldwide and Replaces Crypto Wallet Apps With Drainers Odyssey Stealer is driving a large-scale macOS infostealer campaign that now spans more than 100 countries, with operators systematically hijacking cryptocurrency ecosystems by replacing… Delivered by PolitePaul service Go to gbhackers.com
-
Former ransomware negotiator gets 4 years for BlackCat attacks
Former ransomware negotiator gets 4 years for BlackCat attacks A former employee of cybersecurity incident response company DigitalMint was sentenced to 70 months in prison for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
OpenMandriva Linux says contributor tried to sabotage the project
OpenMandriva Linux says contributor tried to sabotage the project The OpenMandriva Linux project announced that it was the target of an attempted act of internal sabotage after a dispute among contributors. […] Bill Toulas Go to bleepingcomputer
-
Injective SDK on npm infected with cryptocurrency wallet stealer
Injective SDK on npm infected with cryptocurrency wallet stealer Hackers compromised the Injective Labs SDK project’s GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases. […] Bill Toulas Go to bleepingcomputer
-
New Helix vishing group emerges in SharePoint data theft attacks
New Helix vishing group emerges in SharePoint data theft attacks A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. […] Bill Toulas Go to bleepingcomputer
-
Microsoft expects more Windows security updates from AI-discovered flaws
Microsoft expects more Windows security updates from AI-discovered flaws Microsoft says Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase. […] Lawrence Abrams Go to bleepingcomputer
-
Hackers Turn 50+ Dormant GitHub Accounts Into a Network for Corporate Source Code Recon
Hackers Turn 50+ Dormant GitHub Accounts Into a Network for Corporate Source Code Recon Research has uncovered coordinated campaigns that use more than dormant GitHub accounts to map corporate organizations, repositories, and developers. The activity relies on GitHub’s API to collect public information. However, some operators have also attempted to access private source code repositories…
-
Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims
Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims A former Florida ransomware negotiator has been sentenced to 70 months in federal prison after conspiring with BlackCat/ALPHV ransomware operators and helping attack multiple U.S. victims. Angelo Martino, of Land O’Lakes, Florida, worked for a U.S.-based cyber incident response company. His role was to help…
-
GigaWiper Malware Attacking Windows Systems With Data Wipers and Fake Ransomware Notices
GigaWiper Malware Attacking Windows Systems With Data Wipers and Fake Ransomware Notices GigaWiper is a newly identified Windows threat built to do more than steal information or lock a screen. Once activated, it can erase disks, scramble files beyond recovery, and leave organizations facing sudden outages. Its arrival shows how destructive malware can combine several…
-
Django SQL Injection Vulnerability Actively Exploited in the Wild
Django SQL Injection Vulnerability Actively Exploited in the Wild A high-severity SQL injection vulnerability in the Django web framework is now being actively exploited in real-world attacks, raising concerns for organizations running geospatial applications on PostGIS-backed deployments. The flaw, tracked as CVE-2026-1207, affects Django’s GIS module and has been confirmed by multiple threat intelligence sources…
-
Braintree NuGet Typosquat Uses XOR-Obfuscated C2 to Hide Environment Secret Theft
Braintree NuGet Typosquat Uses XOR-Obfuscated C2 to Hide Environment Secret Theft A malicious NuGet package impersonating the Braintree .NET payment library has put production payment systems at risk. The package can collect live card details during transactions, then send the data away without alerting the application or its users. It also seeks credentials that could…
-
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Datadog Security Labs is warning of “several overlapping campaigns” that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. “Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old,…
-
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from. Each is a different way to…
-
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run…
-
ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories
ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it. This week is full of that kind of damage. Not loud. Not…
-
AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up
AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write tailored bait, pick targets, test what lands, and jump to the next host before your team clears…
-
The Language of AI Could Change How Humans Speak
The Language of AI Could Change How Humans Speak Because of the way they are trained, large language models capture only a slice of human language. They’re trained on the written word, from textbooks to social media posts, and our speech as captured in movies and on television. These models have minimal access to the…
-
ISC Stormcast For Friday, July 10th, 2026 https://isc.sans.edu/podcastdetail/10002, (Fri, Jul 10th)
ISC Stormcast For Friday, July 10th, 2026 https://isc.sans.edu/podcastdetail/10002, (Fri, Jul 10th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Invited to a “job interview” with Netflix or OpenAI? Beware! Your Google password could be at risk
Invited to a “job interview” with Netflix or OpenAI? Beware! Your Google password could be at risk Have you received an email from a recruiter at Adobe, Netflix, or OpenAI offering you an exciting new marketing role? Well, before you start brushing up your interview technique, take a closer look at who is really behind…
-
Iran’s Cyber Crosshairs Focus Beyond Critical Infrastructure
Iran’s Cyber Crosshairs Focus Beyond Critical Infrastructure Obscurity isn’t a defense. If your company has any Internet-facing vulnerability, you’re at risk from multiple threats. Joe Slowik Go to gbhackers.com
-
Microsoft Reins in RoguePlanet Zero-Day Threat
Microsoft Reins in RoguePlanet Zero-Day Threat The researcher known as “Nightmare-Eclipse” published a proof-of-concept (PoC) exploit for the Windows Defender vulnerability in early June after dropping several other Microsoft zero-days. Rob Wright Go to gbhackers.com
-
As Global Conflicts Go Digital, Businesses Need Wartime Gameplans
As Global Conflicts Go Digital, Businesses Need Wartime Gameplans The fate of a Ukrainian tax software company shows how modern cyberwarfare can claim casualties far beyond the battlefield, and how businesses across the ocean still need to protect themselves. Nate Nelson Go to gbhackers.com
-
AI Gateways Offer Attackers the Keys to the Kingdom
AI Gateways Offer Attackers the Keys to the Kingdom A cryptomining incident highlights how AI gateways can provide access to AI models, cloud infrastructure, and identity and access management (IAM) data. Jai Vijayan Go to gbhackers.com
-
RedHook Abuses Accessibility Service to Enable Developer Options and Wireless Debugging
RedHook Abuses Accessibility Service to Enable Developer Options and Wireless Debugging RedHook, an Android Remote Access Trojan (RAT) first profiled in July 2025, has resurfaced with a markedly more dangerous capability: autonomous abuse of Android’s… Delivered by PolitePaul service Go to gbhackers.com
-
GhostApproval Attack Impacts Amazon Q, Claude Code, Cursor, Google Antigravity, and Windsurf
GhostApproval Attack Impacts Amazon Q, Claude Code, Cursor, Google Antigravity, and Windsurf A newly disclosed vulnerability pattern known as “GhostApproval” is exposing significant flaws in the trust boundary of leading AI coding assistants, including Amazon Q… Delivered by PolitePaul service Go to gbhackers.com
-
Foxit Patches Multiple Use-After-Free Flaws Leading to Remote Code Execution
Foxit Patches Multiple Use-After-Free Flaws Leading to Remote Code Execution Foxit has released critical security updates to address multiple use-after-free vulnerabilities that could lead to remote code execution (RCE) in its widely used PDF… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign
Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data extortion. The threat… Delivered by PolitePaul service Go to gbhackers.com
-
Nike Alleged Breach: Threat Actors Claim Leak of Millions of Customer Records
Nike Alleged Breach: Threat Actors Claim Leak of Millions of Customer Records A threat actor on a prominent cybercrime forum has claimed responsibility for leaking data allegedly belonging to Nike and Alcon, posting the purported datasets… Delivered by PolitePaul service Go to gbhackers.com
-
‘GodDamn’ Ransomware Uses BYOVD to Smite US Companies
‘GodDamn’ Ransomware Uses BYOVD to Smite US Companies Microsoft co-signed a malicious kernel driver, and now it’s being used to kill security software in ransomware attacks. Nate Nelson Go to gbhackers.com
-
Police arrests 5,800 suspects in global anti-fraud crackdown
Police arrests 5,800 suspects in global anti-fraud crackdown Law enforcement agencies have arrested 5,811 suspects and seized $293 million in illicit assets in a global anti-fraud operation spanning 97 countries. […] Sergiu Gatlan Go to bleepingcomputer
-
AssuranceAmerica data breach exposes records of 6.9 million drivers
AssuranceAmerica data breach exposes records of 6.9 million drivers American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. […] Sergiu Gatlan Go to bleepingcomputer
-
Microsoft patches RoguePlanet Defender zero-day vulnerability
Microsoft patches RoguePlanet Defender zero-day vulnerability Microsoft has released a security patch to address a Defender zero-day vulnerability known as “RoguePlanet,” disclosed after the June 2026 Patch Tuesday. […] Sergiu Gatlan Go to bleepingcomputer
-
Mount Royal University confirms breach as hackers claim attack
Mount Royal University confirms breach as hackers claim attack Mount Royal University in Calgary says hackers stole and then deleted data from its file storage systems after breaching the university’s network. […] Bill Toulas Go to bleepingcomputer
-
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications. […] Bill Toulas Go to bleepingcomputer
-
Helix Data Extortion Group Uses Vishing and Device Code Phishing to Steal SharePoint Data
Helix Data Extortion Group Uses Vishing and Device Code Phishing to Steal SharePoint Data Helix has surfaced as a fast-moving data extortion group that targets Microsoft 365 users through phone scams and cloud-focused phishing instead of traditional malware drops. Attackers are after access first, then large volumes of corporate files, with SharePoint libraries becoming a…
-
Microsoft Releases Patches for RoguePlanet Defender Zero-Day Vulnerability
Microsoft Releases Patches for RoguePlanet Defender Zero-Day Vulnerability Microsoft has released security updates to address a newly disclosed zero-day vulnerability in Microsoft Defender, publicly referred to as “RoguePlanet.” The flaw, tracked as CVE-2026-50656, affects the Microsoft Malware Protection Engine and could allow attackers to gain elevated privileges on vulnerable systems. The vulnerability is classified as…
-
New GhostApproval Vulnerability Affects Amazon Q, Claude Code, Cursor, and Other AI Agents
New GhostApproval Vulnerability Affects Amazon Q, Claude Code, Cursor, and Other AI Agents A newly disclosed vulnerability pattern dubbed “GhostApproval” has exposed a critical security flaw in six of the most widely used AI coding assistants: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf, allowing malicious repositories to bypass Human-in-the-Loop safety…
-
Palo Alto PAN-OS Vulnerability Allows Arbitrary Code Execution Through Malicious Network Traffic
Palo Alto PAN-OS Vulnerability Allows Arbitrary Code Execution Through Malicious Network Traffic Palo Alto Networks has disclosed a high-severity vulnerability in PAN-OS that could allow unauthenticated attackers to execute arbitrary code or trigger a denial-of-service (DoS) condition by sending specially crafted network traffic. Tracked as CVE-2026-0288, the flaw carries a CVSS-B score of 9.2 (HIGH,…
-
Accenture Confirms Data Breach – Hacker Claims Theft of Internal Source Code
Accenture Confirms Data Breach – Hacker Claims Theft of Internal Source Code IT services and consulting giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other sensitive data from the company. A threat actor operating under the alias “888” posted a…
-
ESET Threat Report H1 2026
ESET Threat Report H1 2026 A view of the H1 2026 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Go to eset
-
European Organizations Have a Collaboration Security Confidence Gap
European Organizations Have a Collaboration Security Confidence Gap A new survey shows security leaders have an inflated sense of safety regarding their collaboration tools and platforms. Jai Vijayan Go to gbhackers.com
-
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker’s code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls “Friendly Fire.”…
-
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer’s computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The…
-
Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes
Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to DNS threat intelligence…
-
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The agents are not malicious. They just do a…
-
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting, turns that habit into…
-
Cybersecurity and the Gap Between Skill and Ability
Cybersecurity and the Gap Between Skill and Ability Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more measured than some of the breathless…
-
ISC Stormcast For Thursday, July 9th, 2026 https://isc.sans.edu/podcastdetail/10000, (Thu, Jul 9th)
ISC Stormcast For Thursday, July 9th, 2026 https://isc.sans.edu/podcastdetail/10000, (Thu, Jul 9th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
_HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_ [Guest Diary], (Tue, Jul 7th)
_HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_ [Guest Diary], (Tue, Jul 7th) [This is a Guest Diary by Jason Callahan, an ISC intern as part of the SANS.edu BACS program] Every so often a honeypot hit comes along that is less about the exploit and more about the intent behind it. While reviewing DShield logs I ran into a scanning bot…
-
My Stack Simulator, (Wed, Jul 8th)
My Stack Simulator, (Wed, Jul 8th) The stack is a memory region where a program stores temporary data – like local variables and return addresses. Think of the stack as a pile of plates in your kitchen: you can only add a new plate to the top, and you can only take one away from the…
-
ISC Stormcast For Wednesday, July 8th, 2026 https://isc.sans.edu/podcastdetail/9998, (Wed, Jul 8th)
ISC Stormcast For Wednesday, July 8th, 2026 https://isc.sans.edu/podcastdetail/9998, (Wed, Jul 8th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
More Odd DNS Records: NIMLOC, (Tue, Jul 7th)
More Odd DNS Records: NIMLOC, (Tue, Jul 7th) Yesterday, I talked about NAPTR records and how they are related to RCS. But there is another “odd” record that shows up in my DNS logs. This one isn’t new, but I don’t think I ever covered it: NIMLOC. At least that is what Zeek calls it.…
-
Felons, Fraudsters Flog Offensive Cybersecurity Startup
Felons, Fraudsters Flog Offensive Cybersecurity Startup A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names. The X/Twitter account…
-
Weekly Update 511: Live from my Riad in Marrakech
Weekly Update 511: Live from my Riad in Marrakech How’s this for a location?! I mean, last week was nice with Scott in Mallorca, but Marrakech is, well, wow 😮 Anyway, about those data breaches… This week I’m talking about the futility of attempting to remove piss from a pool, yet here we are, with…
-
Mexico’s New Cyber Plan Faces Its First Real Test
Mexico’s New Cyber Plan Faces Its First Real Test The Latin American nation’s cybersecurity plan — still in the expansion phase — has to survive its own knockout round during the FIFA World Cup. Robert Lemos Go to gbhackers.com
-
Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours
Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer. Alexander Culafi Go to gbhackers.com
-
Vidar Infostealer Hammers SMBs via Malvertising Campaign
Vidar Infostealer Hammers SMBs via Malvertising Campaign A financially motivated operation uses lures of cracked or pirated software to deliver a malware two-for-one combo for data theft and cryptomining. Elizabeth Montalbano Go to gbhackers.com
-
CISA orders feds to prioritize patching Langflow auth bypass flaw
CISA orders feds to prioritize patching Langflow auth bypass flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Friday to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents. […] Sergiu Gatlan Go to bleepingcomputer
-
Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti warns of new max severity UniFi OS vulnerability Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA orders feds to patch max severity ColdFusion flaw by Friday
CISA orders feds to patch max severity ColdFusion flaw by Friday The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to patch an actively exploited maximum-severity flaw in the Adobe ColdFusion commercial web app development platform by Friday. […] Sergiu Gatlan Go to bleepingcomputer
-
Accenture confirms breach after hacker offers stolen data for sale
Accenture confirms breach after hacker offers stolen data for sale IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. […] Lawrence Abrams Go to bleepingcomputer
-
Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese hackers develop LONGLEASH malware to expand ORB network Chinese hackers tracked as ‘UAT-7810’ are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers. […] Bill Toulas Go to bleepingcomputer
-
China-Nexus Hackers Exploit Ruckus Routers to Build Operational Relay Box Networks
China-Nexus Hackers Exploit Ruckus Routers to Build Operational Relay Box Networks UAT-7810, a China-nexus hacking group, is expanding a global network of hijacked internet devices by exploiting security flaws in Ruckus wireless routers and rolling out new custom malware. This activity feeds into what researchers call an Operational Relay Box network, a chain of compromised…
-
Discord’s Security Systems Mistakenly Banned 8,000+ Accounts Since May 2026
Discord’s Security Systems Mistakenly Banned 8,000+ Accounts Since May 2026 Discord has confirmed that a bug in its automated security systems led to the wrongful suspension of more than 8,000 user accounts between May 2026 and early July 2026. The company disclosed the issue via its official support account on X, clarifying both the root…
-
15-year-old GhostLock Kernel Flaw Enables Privilege Escalation in Major Linux Distributions
15-year-old GhostLock Kernel Flaw Enables Privilege Escalation in Major Linux Distributions A critical Linux kernel vulnerability, tracked as CVE-2026-43499 and dubbed “GhostLock,” has been disclosed by security researchers at VEGA, exposing a privilege escalation flaw that has silently affected major Linux distributions for over a decade. GhostLock originates from a logic error in the kernel’s…
-
OpenAI Reportedly Secures US Government Clearance to Launch GPT-5.6 Model
OpenAI Reportedly Secures US Government Clearance to Launch GPT-5.6 Model OpenAI has reportedly received approval from the U.S. Department of Commerce for a broad public launch of its advanced GPT-5.6 model, marking a significant moment in how Washington regulates access to frontier AI systems. A source familiar with the matter confirmed the development to Axios…
-
Anthropic Extends Free Access to Claude Fable 5 on All Paid Plans
Anthropic Extends Free Access to Claude Fable 5 on All Paid Plans Anthropic has extended promotional access to its newest AI model, Claude Fable 5, allowing subscribers on paid plans to use it at no additional cost through July 12, 2026, at 11:59:59 PM PT. The company confirmed the extension in an official announcement, stating…
-
State IDs for AI Agents: Will Estonia Set a Precedent?
State IDs for AI Agents: Will Estonia Set a Precedent? The world’s digital testing ground plans to help people use AI agents for government purposes. Nate Nelson Go to gbhackers.com