no alarms and no surprises please..
-
As Global Conflicts Go Digital, Businesses Need Wartime Gameplans
As Global Conflicts Go Digital, Businesses Need Wartime Gameplans The fate of a Ukrainian tax software company shows how modern cyberwarfare can claim casualties far beyond the battlefield, and how businesses across the ocean still need to protect themselves. Nate Nelson Go to gbhackers.com
-
AI Gateways Offer Attackers the Keys to the Kingdom
AI Gateways Offer Attackers the Keys to the Kingdom A cryptomining incident highlights how AI gateways can provide access to AI models, cloud infrastructure, and identity and access management (IAM) data. Jai Vijayan Go to gbhackers.com
-
RedHook Abuses Accessibility Service to Enable Developer Options and Wireless Debugging
RedHook Abuses Accessibility Service to Enable Developer Options and Wireless Debugging RedHook, an Android Remote Access Trojan (RAT) first profiled in July 2025, has resurfaced with a markedly more dangerous capability: autonomous abuse of Android’s… Delivered by PolitePaul service Go to gbhackers.com
-
GhostApproval Attack Impacts Amazon Q, Claude Code, Cursor, Google Antigravity, and Windsurf
GhostApproval Attack Impacts Amazon Q, Claude Code, Cursor, Google Antigravity, and Windsurf A newly disclosed vulnerability pattern known as “GhostApproval” is exposing significant flaws in the trust boundary of leading AI coding assistants, including Amazon Q… Delivered by PolitePaul service Go to gbhackers.com
-
Foxit Patches Multiple Use-After-Free Flaws Leading to Remote Code Execution
Foxit Patches Multiple Use-After-Free Flaws Leading to Remote Code Execution Foxit has released critical security updates to address multiple use-after-free vulnerabilities that could lead to remote code execution (RCE) in its widely used PDF… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign
Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data extortion. The threat… Delivered by PolitePaul service Go to gbhackers.com
-
Nike Alleged Breach: Threat Actors Claim Leak of Millions of Customer Records
Nike Alleged Breach: Threat Actors Claim Leak of Millions of Customer Records A threat actor on a prominent cybercrime forum has claimed responsibility for leaking data allegedly belonging to Nike and Alcon, posting the purported datasets… Delivered by PolitePaul service Go to gbhackers.com
-
‘GodDamn’ Ransomware Uses BYOVD to Smite US Companies
‘GodDamn’ Ransomware Uses BYOVD to Smite US Companies Microsoft co-signed a malicious kernel driver, and now it’s being used to kill security software in ransomware attacks. Nate Nelson Go to gbhackers.com
-
Police arrests 5,800 suspects in global anti-fraud crackdown
Police arrests 5,800 suspects in global anti-fraud crackdown Law enforcement agencies have arrested 5,811 suspects and seized $293 million in illicit assets in a global anti-fraud operation spanning 97 countries. […] Sergiu Gatlan Go to bleepingcomputer
-
AssuranceAmerica data breach exposes records of 6.9 million drivers
AssuranceAmerica data breach exposes records of 6.9 million drivers American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. […] Sergiu Gatlan Go to bleepingcomputer
-
Microsoft patches RoguePlanet Defender zero-day vulnerability
Microsoft patches RoguePlanet Defender zero-day vulnerability Microsoft has released a security patch to address a Defender zero-day vulnerability known as “RoguePlanet,” disclosed after the June 2026 Patch Tuesday. […] Sergiu Gatlan Go to bleepingcomputer
-
Mount Royal University confirms breach as hackers claim attack
Mount Royal University confirms breach as hackers claim attack Mount Royal University in Calgary says hackers stole and then deleted data from its file storage systems after breaching the university’s network. […] Bill Toulas Go to bleepingcomputer
-
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications. […] Bill Toulas Go to bleepingcomputer
-
Helix Data Extortion Group Uses Vishing and Device Code Phishing to Steal SharePoint Data
Helix Data Extortion Group Uses Vishing and Device Code Phishing to Steal SharePoint Data Helix has surfaced as a fast-moving data extortion group that targets Microsoft 365 users through phone scams and cloud-focused phishing instead of traditional malware drops. Attackers are after access first, then large volumes of corporate files, with SharePoint libraries becoming a…
-
Microsoft Releases Patches for RoguePlanet Defender Zero-Day Vulnerability
Microsoft Releases Patches for RoguePlanet Defender Zero-Day Vulnerability Microsoft has released security updates to address a newly disclosed zero-day vulnerability in Microsoft Defender, publicly referred to as “RoguePlanet.” The flaw, tracked as CVE-2026-50656, affects the Microsoft Malware Protection Engine and could allow attackers to gain elevated privileges on vulnerable systems. The vulnerability is classified as…
-
New GhostApproval Vulnerability Affects Amazon Q, Claude Code, Cursor, and Other AI Agents
New GhostApproval Vulnerability Affects Amazon Q, Claude Code, Cursor, and Other AI Agents A newly disclosed vulnerability pattern dubbed “GhostApproval” has exposed a critical security flaw in six of the most widely used AI coding assistants: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf, allowing malicious repositories to bypass Human-in-the-Loop safety…
-
Palo Alto PAN-OS Vulnerability Allows Arbitrary Code Execution Through Malicious Network Traffic
Palo Alto PAN-OS Vulnerability Allows Arbitrary Code Execution Through Malicious Network Traffic Palo Alto Networks has disclosed a high-severity vulnerability in PAN-OS that could allow unauthenticated attackers to execute arbitrary code or trigger a denial-of-service (DoS) condition by sending specially crafted network traffic. Tracked as CVE-2026-0288, the flaw carries a CVSS-B score of 9.2 (HIGH,…
-
Accenture Confirms Data Breach – Hacker Claims Theft of Internal Source Code
Accenture Confirms Data Breach – Hacker Claims Theft of Internal Source Code IT services and consulting giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other sensitive data from the company. A threat actor operating under the alias “888” posted a…
-
ESET Threat Report H1 2026
ESET Threat Report H1 2026 A view of the H1 2026 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Go to eset
-
European Organizations Have a Collaboration Security Confidence Gap
European Organizations Have a Collaboration Security Confidence Gap A new survey shows security leaders have an inflated sense of safety regarding their collaboration tools and platforms. Jai Vijayan Go to gbhackers.com
-
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker’s code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls “Friendly Fire.”…
-
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer’s computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The…
-
Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes
Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to DNS threat intelligence…
-
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The agents are not malicious. They just do a…
-
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting, turns that habit into…
-
Cybersecurity and the Gap Between Skill and Ability
Cybersecurity and the Gap Between Skill and Ability Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more measured than some of the breathless…
-
ISC Stormcast For Thursday, July 9th, 2026 https://isc.sans.edu/podcastdetail/10000, (Thu, Jul 9th)
ISC Stormcast For Thursday, July 9th, 2026 https://isc.sans.edu/podcastdetail/10000, (Thu, Jul 9th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
_HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_ [Guest Diary], (Tue, Jul 7th)
_HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_ [Guest Diary], (Tue, Jul 7th) [This is a Guest Diary by Jason Callahan, an ISC intern as part of the SANS.edu BACS program] Every so often a honeypot hit comes along that is less about the exploit and more about the intent behind it. While reviewing DShield logs I ran into a scanning bot…
-
My Stack Simulator, (Wed, Jul 8th)
My Stack Simulator, (Wed, Jul 8th) The stack is a memory region where a program stores temporary data – like local variables and return addresses. Think of the stack as a pile of plates in your kitchen: you can only add a new plate to the top, and you can only take one away from the…
-
ISC Stormcast For Wednesday, July 8th, 2026 https://isc.sans.edu/podcastdetail/9998, (Wed, Jul 8th)
ISC Stormcast For Wednesday, July 8th, 2026 https://isc.sans.edu/podcastdetail/9998, (Wed, Jul 8th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
More Odd DNS Records: NIMLOC, (Tue, Jul 7th)
More Odd DNS Records: NIMLOC, (Tue, Jul 7th) Yesterday, I talked about NAPTR records and how they are related to RCS. But there is another “odd” record that shows up in my DNS logs. This one isn’t new, but I don’t think I ever covered it: NIMLOC. At least that is what Zeek calls it.…
-
Felons, Fraudsters Flog Offensive Cybersecurity Startup
Felons, Fraudsters Flog Offensive Cybersecurity Startup A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names. The X/Twitter account…
-
Weekly Update 511: Live from my Riad in Marrakech
Weekly Update 511: Live from my Riad in Marrakech How’s this for a location?! I mean, last week was nice with Scott in Mallorca, but Marrakech is, well, wow 😮 Anyway, about those data breaches… This week I’m talking about the futility of attempting to remove piss from a pool, yet here we are, with…
-
Mexico’s New Cyber Plan Faces Its First Real Test
Mexico’s New Cyber Plan Faces Its First Real Test The Latin American nation’s cybersecurity plan — still in the expansion phase — has to survive its own knockout round during the FIFA World Cup. Robert Lemos Go to gbhackers.com
-
Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours
Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer. Alexander Culafi Go to gbhackers.com
-
Vidar Infostealer Hammers SMBs via Malvertising Campaign
Vidar Infostealer Hammers SMBs via Malvertising Campaign A financially motivated operation uses lures of cracked or pirated software to deliver a malware two-for-one combo for data theft and cryptomining. Elizabeth Montalbano Go to gbhackers.com
-
CISA orders feds to prioritize patching Langflow auth bypass flaw
CISA orders feds to prioritize patching Langflow auth bypass flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Friday to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents. […] Sergiu Gatlan Go to bleepingcomputer
-
Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti warns of new max severity UniFi OS vulnerability Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA orders feds to patch max severity ColdFusion flaw by Friday
CISA orders feds to patch max severity ColdFusion flaw by Friday The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to patch an actively exploited maximum-severity flaw in the Adobe ColdFusion commercial web app development platform by Friday. […] Sergiu Gatlan Go to bleepingcomputer
-
Accenture confirms breach after hacker offers stolen data for sale
Accenture confirms breach after hacker offers stolen data for sale IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. […] Lawrence Abrams Go to bleepingcomputer
-
Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese hackers develop LONGLEASH malware to expand ORB network Chinese hackers tracked as ‘UAT-7810’ are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers. […] Bill Toulas Go to bleepingcomputer
-
China-Nexus Hackers Exploit Ruckus Routers to Build Operational Relay Box Networks
China-Nexus Hackers Exploit Ruckus Routers to Build Operational Relay Box Networks UAT-7810, a China-nexus hacking group, is expanding a global network of hijacked internet devices by exploiting security flaws in Ruckus wireless routers and rolling out new custom malware. This activity feeds into what researchers call an Operational Relay Box network, a chain of compromised…
-
Discord’s Security Systems Mistakenly Banned 8,000+ Accounts Since May 2026
Discord’s Security Systems Mistakenly Banned 8,000+ Accounts Since May 2026 Discord has confirmed that a bug in its automated security systems led to the wrongful suspension of more than 8,000 user accounts between May 2026 and early July 2026. The company disclosed the issue via its official support account on X, clarifying both the root…
-
15-year-old GhostLock Kernel Flaw Enables Privilege Escalation in Major Linux Distributions
15-year-old GhostLock Kernel Flaw Enables Privilege Escalation in Major Linux Distributions A critical Linux kernel vulnerability, tracked as CVE-2026-43499 and dubbed “GhostLock,” has been disclosed by security researchers at VEGA, exposing a privilege escalation flaw that has silently affected major Linux distributions for over a decade. GhostLock originates from a logic error in the kernel’s…
-
OpenAI Reportedly Secures US Government Clearance to Launch GPT-5.6 Model
OpenAI Reportedly Secures US Government Clearance to Launch GPT-5.6 Model OpenAI has reportedly received approval from the U.S. Department of Commerce for a broad public launch of its advanced GPT-5.6 model, marking a significant moment in how Washington regulates access to frontier AI systems. A source familiar with the matter confirmed the development to Axios…
-
Anthropic Extends Free Access to Claude Fable 5 on All Paid Plans
Anthropic Extends Free Access to Claude Fable 5 on All Paid Plans Anthropic has extended promotional access to its newest AI model, Claude Fable 5, allowing subscribers on paid plans to use it at no additional cost through July 12, 2026, at 11:59:59 PM PT. The company confirmed the extension in an official announcement, stating…
-
State IDs for AI Agents: Will Estonia Set a Precedent?
State IDs for AI Agents: Will Estonia Set a Precedent? The world’s digital testing ground plans to help people use AI agents for government purposes. Nate Nelson Go to gbhackers.com
-
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs…
-
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below – CVE-2026-48282 (CVSS score: 10.0) – A path traversal vulnerability in Adobe…
-
RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim’s phone, steal their banking logins, and capture the one-time codes that protect their accounts. Zimperium’s zLabs, which…
-
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots A critical flaw in Google’s Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared,…
-
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. “The campaign did not depend on a fake Microsoft password page.…
-
When AI agents look like attackers: what behavioral telemetry tells us
When AI agents look like attackers: what behavioral telemetry tells us <p>An X-Ops analysis of how AI coding agents trigger endpoint detection rules designed for adversaries</p> Categories: Threat Research Go to sophos
-
Google Is Suing Chinese Scammers Who Are Using Gemini
Google Is Suing Chinese Scammers Who Are Using Gemini Not sure this will have any effect, but I support the effort: According to Google’s legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to individuals who may not be technically savvy enough to set up fraudulent websites and text campaigns on their own.…
-
ISC Stormcast For Tuesday, July 7th, 2026 https://isc.sans.edu/podcastdetail/9996, (Tue, Jul 7th)
ISC Stormcast For Tuesday, July 7th, 2026 https://isc.sans.edu/podcastdetail/9996, (Tue, Jul 7th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
RCS and DNS: The NAPTR Record, (Mon, Jul 6th)
RCS and DNS: The NAPTR Record, (Mon, Jul 6th) Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer formatting, provides added (but optional) security. RCS messages may be end-to-end encrypted…
-
ISC Stormcast For Monday, July 6th, 2026 https://isc.sans.edu/podcastdetail/9994, (Mon, Jul 6th)
ISC Stormcast For Monday, July 6th, 2026 https://isc.sans.edu/podcastdetail/9994, (Mon, Jul 6th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Two arrested over credit card phishing – as the Netherlands is named Europe’s worst for payment fraud
Two arrested over credit card phishing – as the Netherlands is named Europe’s worst for payment fraud Two young men have been arrested in the Netherlands on suspicion of running a phishing operation that harvested the credit card details of unsuspecting victims. Read more in my article on the Hot for Security blog. Graham Cluley…
-
176: NSL
176: NSL One day Nick got a visit from the FBI demanding he give them data on one of his customers. They asked for it in the form of a National Security Letter or NSL. Something wasn’t right about this letter. It seemed to violate the constitution. So he set out to change the law.…
-
Big Brand Jobs Scam Targets Marketing Pros’ Google Accounts
Big Brand Jobs Scam Targets Marketing Pros’ Google Accounts The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets. Rob Wright Go to gbhackers.com
-
Dialogflow CX ‘Rogue Agent’ Flaw Enabled AI Chatbot Data Theft
Dialogflow CX ‘Rogue Agent’ Flaw Enabled AI Chatbot Data Theft Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security. Alexander Culafi Go to gbhackers.com
-
‘GitLost’ Flaw Leaks Private Data from GitHub’s Agentic Workflows
‘GitLost’ Flaw Leaks Private Data from GitHub’s Agentic Workflows The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org’s public repository and then silently pull data from its private repos, too. Elizabeth Montalbano Go to gbhackers.com
-
Thousands of MCP Servers Found Vulnerable to File Access and Injection Attacks
Thousands of MCP Servers Found Vulnerable to File Access and Injection Attacks Thousands of Model Context Protocol (MCP) servers, widely used to connect large language models (LLMs) to external systems, have been found vulnerable to critical… Delivered by PolitePaul service Go to gbhackers.com
-
Windows 11 26H2 Enables Backup Policy to Restore User Apps and Settings
Windows 11 26H2 Enables Backup Policy to Restore User Apps and Settings Microsoft has confirmed a significant policy change in the upcoming Windows 11 version 26H2. This update introduces a new default behavior for Windows settings… Delivered by PolitePaul service Go to gbhackers.com
-
US Cyber Agency Uses Anthropic Mythos to Audit Government Code for Bugs
US Cyber Agency Uses Anthropic Mythos to Audit Government Code for Bugs The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has started using Anthropic’s advanced AI model, Mythos, to audit government software for vulnerabilities. This marks… Delivered by PolitePaul service Go to gbhackers.com
-
Kazuar Backdoor Uses DLL Side-Loading and PowerShell Loaders for Stealthy Execution
Kazuar Backdoor Uses DLL Side-Loading and PowerShell Loaders for Stealthy Execution Turla’s Kazuar backdoor has re-emerged as a technically sophisticated persistence and reconnaissance tool that combines DLL side-loading with PowerShell-based loaders to achieve stealthy execution… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Introduces Execution Containers to Secure AI Agents on Windows
Microsoft Introduces Execution Containers to Secure AI Agents on Windows Microsoft has introduced a new security architecture to safeguard autonomous AI agents on Windows, unveiling the Microsoft Execution Containers (MXC) SDK at Build 2026…. Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft to enable Windows settings backup by default for orgs
Microsoft to enable Windows settings backup by default for orgs Microsoft says the Windows settings backup and restore tool will be enabled by default on Microsoft Entra-joined or Microsoft Entra hybrid-joined enterprise systems after upgrading to Windows 11 26H2. […] Sergiu Gatlan Go to bleepingcomputer
-
BeyondTrust warns of critical flaws in remote access software
BeyondTrust warns of critical flaws in remote access software BeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication. […] Sergiu Gatlan Go to bleepingcomputer
-
Microsoft testing new Cloud Rebuild Windows 11 recovery feature
Microsoft testing new Cloud Rebuild Windows 11 recovery feature Microsoft has begun testing the Cloud Rebuild recovery feature in the latest Windows 11 Insider Preview builds released for users in the Experimental channel. […] Sergiu Gatlan Go to bleepingcomputer
-
Phishing poses as big-brand job interview to steal Google accounts
Phishing poses as big-brand job interview to steal Google accounts A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. […] Ionut Ilascu Go to bleepingcomputer
-
Fake IT support calls on Microsoft Teams push EtherRAT malware
Fake IT support calls on Microsoft Teams push EtherRAT malware Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. […] Lawrence Abrams Go to bleepingcomputer
-
Cavern Manticore Abuses SysAid RMM and WinDirStat DLL Sideloading to Deploy C2 Framework
Cavern Manticore Abuses SysAid RMM and WinDirStat DLL Sideloading to Deploy C2 Framework A new Iranian-linked hacking group has been caught abusing everyday IT tools to slip malware onto Israeli networks. Researchers have named the group Cavern Manticore, and its latest campaign shows how creative attackers have become at hiding in plain sight. Instead of…
-
Tenda Authentication Backdoor Grants Attackers Full Administrative Access
Tenda Authentication Backdoor Grants Attackers Full Administrative Access A newly disclosed vulnerability in Tenda network devices exposes a critical authentication backdoor that allows attackers to gain full administrative access without valid credentials. The flaw affects multiple firmware versions across several Tenda router models, including the FH1201, W15E, AC10, AC5, and AC6 series. The issue, tracked…
-
16-Year-Old Linux KVM Vulnerability Allows Malicious Guest to Corrupt Host Kernel Memory
16-Year-Old Linux KVM Vulnerability Allows Malicious Guest to Corrupt Host Kernel Memory A newly disclosed Linux Kernel-based Virtual Machine (KVM) vulnerability, tracked as CVE-2026-53359 and dubbed “Januscape,” exposes a critical flaw that allows a malicious guest to corrupt host kernel memory, breaking the fundamental isolation guarantees of virtualization. The issue, which remained unnoticed for nearly…
-
Critical BeyondTrust Flaws Let Attackers Bypass Access Controls and Gain Unauthorized Access
Critical BeyondTrust Flaws Let Attackers Bypass Access Controls and Gain Unauthorized Access BeyondTrust has disclosed multiple critical and high-severity vulnerabilities affecting its Remote Support (RS) and Privileged Remote Access (PRA) solutions, potentially allowing attackers to bypass access controls and gain unauthorized access to sensitive systems. The issues are tracked under Advisory ID BT26-03 and carry…
-
Windows Device Identifier Feature Leads to Arrest of Scattered Spider Hacking Group Member
Windows Device Identifier Feature Leads to Arrest of Scattered Spider Hacking Group Member A persistent Microsoft device identifier was used to unravel the anonymity of an alleged Scattered Spider operator, according to a federal superseding complaint filed in the Northern District of Illinois. Peter Stokes, 19, a dual U.S.–Estonian citizen who allegedly used the handles…
-
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below – CVE-2026-40138 (CVSS score: 9.2)…
-
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations An Iranian hacking group affiliated with Iran’s Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been…
-
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems A use-after-free bug in Linux’s KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed ‘Januscape’ and tracked as CVE-2026-53359, the flaw sits in the shadow MMU…
-
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the “X-WEBAUTH-USER” header from any…
-
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became…
-
France to Stop Certifying Non-Quantum-Safe Encryption
France to Stop Certifying Non-Quantum-Safe Encryption France is accelerating its transition to post-quantum encryption: France’s cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems. Samih Souissi, ANSSI’s chief of staff, said at…
-
‘BusySnake’ Infostealer Slithers into Critical Infrastructure Networks
‘BusySnake’ Infostealer Slithers into Critical Infrastructure Networks A threat group researchers call “Armored Likho” has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan. Jai Vijayan Go to gbhackers.com
-
CitrixBleed-ing Again? NetScaler Vulnerability Under Attack
CitrixBleed-ing Again? NetScaler Vulnerability Under Attack Attackers wasted little time targeting the latest memory disclosure flaw in Citrix’s NetScaler products, after researchers published a proof-of-concept exploit (PoC). Rob Wright Go to gbhackers.com
-
JadePuffer: The First Complete LLM-Driven Ransomware Attack
JadePuffer: The First Complete LLM-Driven Ransomware Attack An “agentic threat actor” successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems. Elizabeth Montalbano Go to gbhackers.com
-
SilverFox Campaign Turns ValleyRAT Into Multi-Stage Malware With Rootkit Capabilities
SilverFox Campaign Turns ValleyRAT Into Multi-Stage Malware With Rootkit Capabilities The SilverFox advanced persistent threat (APT) group has escalated its offensive toolkit by transforming ValleyRAT from a conventional remote access trojan into an eight-stage… Delivered by PolitePaul service Go to gbhackers.com
-
FIFA World Cup Phishing Scam Uses Fake Reward Pages to Steal Credit Card Data
FIFA World Cup Phishing Scam Uses Fake Reward Pages to Steal Credit Card Data A sophisticated email phishing campaign exploiting the global excitement around the 2026 FIFA World Cup is deceiving fans with counterfeit reward pages designed to… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Warns Windows 11 Enterprise Devices May Boot to Black Screen After Updates
Microsoft Warns Windows 11 Enterprise Devices May Boot to Black Screen After Updates Microsoft has issued a warning to enterprise administrators about a critical issue affecting Windows 11 systems. This problem may cause devices to boot to… Delivered by PolitePaul service Go to gbhackers.com
-
IBM WebSphere Application Server Hit by Critical XSS and Path Traversal Vulnerabilities
IBM WebSphere Application Server Hit by Critical XSS and Path Traversal Vulnerabilities IBM has disclosed several security vulnerabilities in its WebSphere Application Server that put enterprise environments at risk of cross-site scripting (XSS) and path-traversal attacks…. Delivered by PolitePaul service Go to gbhackers.com
-
PHP TLS Flaw Lets Remote Server Trigger DoS and Crash Entire FPM Process
PHP TLS Flaw Lets Remote Server Trigger DoS and Crash Entire FPM Process A newly disclosed high-severity vulnerability in PHP, tracked as CVE-2026-12184, poses a significant risk to web applications by allowing a remotely triggerable denial-of-service (DoS)… Delivered by PolitePaul service Go to gbhackers.com
-
Flipper Zero firmware development continues with community help
Flipper Zero firmware development continues with community help Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. […] Bill Toulas Go to bleepingcomputer
-
Opera GX 0-Click Vulnerability Lets Attackers Exfiltrate User Data via Malicious Website
Opera GX 0-Click Vulnerability Lets Attackers Exfiltrate User Data via Malicious Website A newly disclosed vulnerability in Opera GX allowed attackers to silently exfiltrate sensitive user data with no interaction required, simply by luring victims to a malicious website. The issue, documented in recent research titled “One trigram at a time: XSLeak via Universal CSS…
-
New TrojPix Attack Lets Attackers Access Air-gapped Computers From 208 Meters
New TrojPix Attack Lets Attackers Access Air-gapped Computers From 208 Meters A novel electromagnetic (EM) covert-channel attack, dubbed TrojPix, can steal sensitive data from already-compromised air-gapped computers over distances of up to 208 meters, even through concrete walls, by exploiting only the pixels displayed on a victim’s screen. The technique was developed by a team…
-
Hackers Abuse OpenAI Org Invites to Harvest Sensitive Prompts and API Activity
Hackers Abuse OpenAI Org Invites to Harvest Sensitive Prompts and API Activity Hackers are actively abusing OpenAI’s organization invitation feature to launch a new form of “poisoned tenant” attack, allowing them to harvest sensitive prompts, API activity, and potentially corporate data from unsuspecting users. According to research disclosed by Push Security, attackers created a fake…
-
SSH Honeypots Miss Most Post-Login Attacks by Focusing on Interactive Shells
SSH Honeypots Miss Most Post-Login Attacks by Focusing on Interactive Shells SSH honeypots, widely used in cyber defense, may miss most real-world post-login attacker activity, according to new research that challenges long-standing assumptions in deception technology. A recent study titled “Ghost Without Shell: Measuring Non-Interactive SSH Attacks on Honeypots” by researchers from the Czech Technical…
-
Parrot 7.3 Released With Optimized Packages and Updated Tools
Parrot 7.3 Released With Optimized Packages and Updated Tools Parrot Security has released Parrot OS 7.3, introducing significant system-level optimizations, updated security tools, and a redesigned application management experience to improve performance and usability for security professionals. The update arrives just months after the previous release, with developers focusing less on expanding the toolset and…
-
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing Scanners meant to catch malicious add-on “skills” for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past…
-
JadePuffer ransomware used AI agent to automate entire attack
JadePuffer ransomware used AI agent to automate entire attack Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. […] Bill Toulas Go to bleepingcomputer