Cyber Feed
- Update now: 7-Zip fixes RCE flaw exploitable with malicious archivesby Lawrence Abrams on July 18, 2026 at 7:32 pm
7-Zip version 26.02 was released to fix a remote code execution vulnerability that could allow attackers to execute malicious code by convincing users to open specially crafted compressed files. […]
- WordPress Core “wp2shell” RCE flaws get public exploits, patch nowby Lawrence Abrams on July 18, 2026 at 5:22 pm
Public exploits have been released for the critical “wp2shell” remote code execution vulnerabilities affecting WordPress Core, making it imperative that administrators patch their sites immediately. […]
- Microsoft warns of surge in ACR Stealer attacks on customersby Bill Toulas on July 18, 2026 at 2:17 pm
Microsoft has observed a surge in attacks using the ACR Stealer malware to steal browser-stored passwords, authentication tokens, and sensitive documents from its enterprise customers. […]
- The Future of Age Verification: Your Face Never Leaves Your Deviceby Sponsored by Incode on July 18, 2026 at 1:15 pm
As age verification laws expand worldwide, organizations face growing pressure to protect users’ privacy while meeting regulatory requirements. Incode explains how on-device age estimation verifies age without transmitting or storing facial images, reducing biometric privacy risks while supporting compliance. […]
- New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Codeby info@thehackernews.com (The Hacker News) on July 17, 2026 at 9:20 pm
Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it. An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until
- Abbott probes two cyber incidents amid extortion claimsby Lawrence Abrams on July 17, 2026 at 8:45 pm
Abbott Laboratories is investigating two separate cybersecurity incidents after confirming unauthorized access to internal legacy Exact Sciences systems in its Cancer Diagnostics business, while also investigating a separate claim that attackers breached its LabCentral portal and stole company data. […]
- OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requestsby info@thehackernews.com (The Hacker News) on July 17, 2026 at 8:20 pm
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta’s Red Team, which reported the denial-of-service bug and named it, published the
- Inc Ransomware Exploits SonicWall SMA Zero-Daysby Nate Nelson on July 17, 2026 at 8:01 pm
When chained together, the two vulnerabilities allow threat actors to gain root-level capabilities on SonicWall’s mobile access appliances.
- Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RATby info@thehackernews.com (The Hacker News) on July 17, 2026 at 6:54 pm
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an “unprecedented” four-tier blockchain-based command-and-control (C2) infrastructure spanning Tron,
- HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payloadby Bill Toulas on July 17, 2026 at 5:56 pm
A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL servers with a malicious payload of just 11 bytes. […]
- New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokensby info@thehackernews.com (The Hacker News) on July 17, 2026 at 5:12 pm
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast and firewall late. The intel feed behind that counter
- The Real AI Threat Is Blind Trustby R. Justin Martin on July 17, 2026 at 4:43 pm
AI models left to both interpret and execute commands eliminate critical cybersecurity oversight.
- GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theftby info@thehackernews.com (The Hacker News) on July 17, 2026 at 4:39 pm
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group known for its targeting of the gambling and gaming sectors using
- Abbott discloses cyberattack on cancer diagnostics businessby Ricky Zipp on July 17, 2026 at 3:29 pm
The cyberattack follows Abbott’s recent $21 billion purchase of Exact Sciences. Abbott did not disclose what kind of information was accessed.
- Ernst & Young discloses data breach after support system hackby Bill Toulas on July 17, 2026 at 2:55 pm
Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel. […]
- Ransomware attack forces Coca-Cola to suspend US production at dairy unitby David Jones on July 17, 2026 at 2:35 pm
The beverage company is still working to determine the full scope of the breach at its Fairlife business.
- In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprintby SecurityWeek News on July 17, 2026 at 2:27 pm
Noteworthy stories that might have slipped under the radar: OpenClaw AI agents exploited via WhatsApp, ransomware hits naval defense firm TKMS, Lidl discloses data breach. The post In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint appeared first on SecurityWeek.
- Inside the Search for “Clean” Residential Proxies for Cardingby Sponsored by Flare on July 17, 2026 at 2:00 pm
Residential proxies are no longer the silver bullet they once were for carding. Flare explains why cybercriminals increasingly seek “clean” residential proxies and combine them with browser fingerprints, device profiles, and other identity signals to evade modern fraud detection. […]
- Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Imagesby info@thehackernews.com (The Hacker News) on July 17, 2026 at 1:48 pm
North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. “Any user who ran the project ended up with a four-stage payload aligned with OTTERCOOKIE: a browser credential and crypto wallet stealer, a file stealer, a
- Gold Eagle Clearinghouse Targets Security Gap, but How Is Unclearby Alexander Culafi on July 17, 2026 at 1:00 pm
The White House launched Gold Eagle to coordinate vulnerability response in a new AI world, but multiple questions linger over how it’s being implemented.
- Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusiveby SecurityWeek News on July 17, 2026 at 12:11 pm
(Video) Artificial intelligence is transforming cybersecurity, but are governance, compliance, and security practices evolving fast enough to keep up? The post Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive appeared first on SecurityWeek.
- Google Bets ‘Agentic Defense’ Strategy Can Outpace Attackersby Jeffrey Schwartz on July 17, 2026 at 11:50 am
Google Cloud incorporates key Wiz capabilities into an agentic defense platform to automate threat detection and remediation against AI attacks.
- E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistantsby info@thehackernews.com (The Hacker News) on July 17, 2026 at 11:44 am
The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability to drive other apps in the background by imitating taps and typing. Google has to ship it in the next major release, Android 18, and by 1 August 2027 at
- Beacon Security Raises $13 Million for Security Data Platformby Ionut Arghire on July 17, 2026 at 11:43 am
The startup helps organizations detect, hunt, and protect their assets across environments at machine speed. The post Beacon Security Raises $13 Million for Security Data Platform appeared first on SecurityWeek.
- The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?by info@thehackernews.com (The Hacker News) on July 17, 2026 at 11:30 am
Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding programs that can move from concept to operational deployment at commercial speed. Now the focus shifts to the trusted
- Industry Reactions to Pentagon Suspending CMMC Phase 2: Feedback Fridayby SecurityWeek News on July 17, 2026 at 11:08 am
Industry professionals broadly agree that the suspension pauses third-party CMMC audits but not the underlying legal obligation to protect CUI. The post Industry Reactions to Pentagon Suspending CMMC Phase 2: Feedback Friday appeared first on SecurityWeek.
- New Windows LegacyHive zero-day gives hackers admin privilegesby Sergiu Gatlan on July 17, 2026 at 11:05 am
A security researcher using the “Nightmare Eclipse” handle has released a Windows zero-day exploit dubbed LegacyHive that allows attackers to escalate privileges on up-to-date Windows systems. […]
- Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Manby info@thehackernews.com (The Hacker News) on July 17, 2026 at 10:53 am
Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that border officers pulled him out of the departure hall at Yerevan’s Zvartnots airport, held up a phone with a photo of him off his VKontakte page, and walked him into a side
- Windows Server 2022 reach end of mainstream support in 90 daysby Sergiu Gatlan on July 17, 2026 at 9:10 am
Microsoft announced that Windows Server 2022 will reach the mainstream end date in October 2026, but will switch to extended support and continue receiving security updates for five more years. […]
- Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichireiby Ionut Arghire on July 17, 2026 at 9:06 am
The company disconnected its systems on July 13 and is starting to gradually restore operations. The post Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei appeared first on SecurityWeek.
- ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Filesby info@thehackernews.com (The Hacker News) on July 17, 2026 at 8:56 am
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and pressed Enter. Microsoft laid out two of the delivery chains on Thursday. Its Defender Experts team, the
- New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionageby info@thehackernews.com (The Hacker News) on July 17, 2026 at 8:46 am
Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky, which uncovered the activity in February 2026, said it was aimed at government and diplomatic entities in
- Risk Ledger Raises $32 Million in Series B Fundingby Ionut Arghire on July 17, 2026 at 8:31 am
The British firm has built a collaborative platform to help organizations address supply chain security risks. The post Risk Ledger Raises $32 Million in Series B Funding appeared first on SecurityWeek.
- US charges two over laundering $43 million from investment fraudby Sergiu Gatlan on July 17, 2026 at 8:13 am
U.S. prosecutors on Thursday charged a New York man and woman for their roles in a large-scale crime ring that laundered money stolen in cyber investment fraud scams. […]
- Fresh SharePoint Vulnerability Exploited Soon After Disclosureby Ionut Arghire on July 17, 2026 at 7:15 am
The critical-severity security defect allows remote, authenticated attackers to execute arbitrary code on the server. The post Fresh SharePoint Vulnerability Exploited Soon After Disclosure appeared first on SecurityWeek.
- CISA urges immediate action on actively exploited Fortinet flawsby Sergiu Gatlan on July 17, 2026 at 7:03 am
CISA on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. […]
- CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEVby info@thehackernews.com (The Hacker News) on July 17, 2026 at 6:42 am
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026. The vulnerability in question is CVE-2026-58644 (CVSS score: 9.8), a critical deserialization
- Coca-Cola Suspends US Fairlife Production Due to Ransomware Attackby Ionut Arghire on July 17, 2026 at 6:23 am
The company has yet to determine the full scope, nature, and impact of the incident. The post Coca-Cola Suspends US Fairlife Production Due to Ransomware Attack appeared first on SecurityWeek.
- New ClickLock macOS malware traps users into revealing login passwordby Bill Toulas on July 16, 2026 at 9:52 pm
A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password. […]
- Coca-Cola says Fairlife ransomware attack halts US dairy productionby Lawrence Abrams on July 16, 2026 at 9:09 pm
The Coca-Cola Company disclosed today that a ransomware attack impacting its Fairlife dairy subsidiary has disrupted operations, temporarily suspending production of Fairlife products across the United States. […]
- Agentic AI: Taming the Unpredictableby Arielle Waldman on July 16, 2026 at 8:57 pm
Agentic artificial intelligence is creating enough risks for organizations to demand a security reframe.
- 1M+ Emails Use Hidden Text to Dupe AI Security Filtersby Nate Nelson on July 16, 2026 at 7:41 pm
Artificial intelligence and LLMs can be surprisingly ineffective against text salting, allowing phishing emails to slide right into your inbox.
- Claude Chrome extension flaw lets malicious extensions trigger AI actionsby Lawrence Abrams on July 16, 2026 at 7:26 pm
A flaw in Anthropic’s Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude’s access to connected services such as Gmail, Google Docs, Google Calendar, and Salesforce. […]
- Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hackby info@thehackernews.com (The Hacker News) on July 16, 2026 at 5:09 pm
Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London. The attack left 148 TfL systems inoperable and forced all 27,000 of the transport authority’s employees into an office to get their passwords reset in person. Both the NCA and the CPS put TfL’s losses and recovery
- ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Storiesby info@thehackernews.com (The Hacker News) on July 16, 2026 at 3:41 pm
A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the explanation. Old bugs are back, weak defaults are earning their keep, and some attack paths are so plain they barely feel like research. Here’s the […]
- Legacy Systems, Real-World Impacts: The Reality of OT Securityby Tod Beardsley on July 16, 2026 at 3:15 pm
Legacy systems, safety concerns, and critical infrastructure risks make OT vulnerability disclosure one of cybersecurity’s most challenging balancing acts. The post Legacy Systems, Real-World Impacts: The Reality of OT Security appeared first on SecurityWeek.
- Gaps in network security, oversight strategy hamper US’s aviation cybersecurity regulatorsby Eric Geller on July 16, 2026 at 3:03 pm
A new government audit identified several weaknesses at the two agencies that protect air travel from hackers.
- Iran-nexus actors using AI to enhance cyber playbookby David Jones on July 16, 2026 at 2:58 pm
A report shows state-linked and hacktivist groups have used ChatGPT and other tools for malware development, phishing and mapping out industrial sites.
- n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuerby info@thehackernews.com (The Hacker News) on July 16, 2026 at 1:33 pm
n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never
- Two Scattered Spider Hackers Sentenced to Jail in UKby Eduard Kovacs on July 16, 2026 at 1:21 pm
Thalha Jubair and Owen Flowers were prosecuted over a 2024 cyberattack targeting Transport for London (TfL). The post Two Scattered Spider Hackers Sentenced to Jail in UK appeared first on SecurityWeek.
- New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commandsby info@thehackernews.com (The Hacker News) on July 16, 2026 at 12:50 pm
Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report. “While the number of C2 [command-and-control] domains is currently small, the daily
- New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Passwordby info@thehackernews.com (The Hacker News) on July 16, 2026 at 12:33 pm
ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits. At the next login, Finder, the Dock, Spotlight, Terminal, Activity Monitor, and
- 20+ Hijacked Government Websites Became
an Attack Channelby info@thehackernews.com (The Hacker News) on July 16, 2026 at 11:58 am
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions. The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind a campaign
- New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commandsby info@thehackernews.com (The Hacker News) on July 16, 2026 at 11:32 am
Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click “Buy Now” instead. Ask a coding assistant to apply a maintainer’s fix from a GitHub thread, and a fake comment can make it run a stranger’s command on your computer. Neither trick hijacks the agent’s task. Each one just corrupts the facts it trusts and lets it carry on with the job you
- Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoorby info@thehackernews.com (The Hacker News) on July 16, 2026 at 11:17 am
An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin (“srt64.sys”), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in March 2022, with evidence indicating its use in targeted attacks aimed
- AI Can Find Bugs, But Human Knowledge Still Proves Themby info@thehackernews.com (The Hacker News) on July 16, 2026 at 10:10 am
Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate payloads, summarize attack surfaces, explain unfamiliar APIs, and run repetitive testing workflows at impressive speed. That is a real advantage for security teams. It also
- Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wideby info@thehackernews.com (The Hacker News) on July 16, 2026 at 9:23 am
Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people’s Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi password in plaintext. A researcher publishing under the handle tokay0 put the method online on Monday, having tested it only against vacuums he
- OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Solby info@thehackernews.com (The Hacker News) on July 16, 2026 at 8:42 am
OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an aim to fix issues before the tools are deployed widely. “GPT‑Red is a strong red-teamer, and our previous models are highly vulnerable to its prompt injection attacks,” the artificial intelligence (AI) company said. “We use GPT‑Red to adversarially […]
- Zoom Patches Critical Windows Flaw That Could Enable Account Takeoverby info@thehackernews.com (The Hacker News) on July 16, 2026 at 7:22 am
Zoom has released security updates for a critical security flaw impacting Zoom Workplace for Windows that could facilitate account takeover. The vulnerability, tracked as CVE-2026-53412 (CVSS score: 9.8), affects Zoom Workplace for Windows before version 7.0.0 and Zoom Workplace VDI Client for Windows before version 7.0.10, 6.6.15, and 6.5.18 in their respective branches. “Improper Input
- Police Disrupt a €140M Cyber Fraud Ring in Spainby Nate Nelson on July 16, 2026 at 7:00 am
Iberian hackers carried out a variety of cyberattacks and laundered the winnings through complex financial networks.
- Forgotten Bootloaders Expose Secure Boot Blind Spotby Jai Vijayan on July 15, 2026 at 9:19 pm
Nearly a dozen vulnerable and now revoked UEFI shim bootloaders remained trusted for years, giving attackers a path to bypass Secure Boot.
- Identity Attacks Overtake Exploits as Top Ransomware Causeby Alexander Culafi on July 15, 2026 at 8:16 pm
Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise.
- TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Developmentby info@thehackernews.com (The Hacker News) on July 15, 2026 at 6:43 pm
Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results. “While the AI complied with their request to generate botnet code, it included a safety disclaimer that the developer failed
- Guten Tag, Bonjour, Hola to Our European Cyber Defenders!by Tara Seals on July 15, 2026 at 6:08 pm
We’re thrilled to unveil the latest evolution of Dark Reading’s DR Global section — your go-to source for region-specific cybersecurity intelligence beyond North America.
- Is ‘Tech-xit’ Imminent? UK Steps Up Sovereignty Push Amid AI Strifeby Rob Wright on July 15, 2026 at 5:03 pm
The US government’s restrictions on Anthropic and OpenAI frontier models have intensified calls in the UK and other countries to reduce their reliance on US tech companies, with significant cyber implications.
- OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Appsby info@thehackernews.com (The Hacker News) on July 15, 2026 at 3:30 pm
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet’s own desktop software. Sometimes it waits until you plug the device in first. The page is malicious. The app around it is the real one you installed, and
- Claude Flaw Automatically Sends Malicious Prompts to AI Agentsby Elizabeth Montalbano on July 15, 2026 at 3:27 pm
When combined with another exploit, the “PromptFiction” vulnerability, which has been fixed, could have enabled an end-to-end attack on a targeted system.
- CISA warns that multiple vulnerabilities in SharePoint are under exploitationby David Jones on July 15, 2026 at 3:05 pm
Security researchers say additional flaws are being chained together and a patch will not be available until August.
- US launches vulnerability clearinghouse amid AI-fueled surge in flawsby Eric Geller on July 15, 2026 at 2:51 pm
The Trump administration hopes the program will accelerate the discovery and fixing of serious technical problems before hackers exploit them.
- Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flawsby info@thehackernews.com (The Hacker News) on July 15, 2026 at 1:18 pm
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below – CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719, a site isolation in the DOM: Navigation component “We are aware that exploit code for this is public, however we are not aware of
- 2-Click Cursor Exploit Enables Dev Environment Takeoverby Nate Nelson on July 15, 2026 at 1:00 pm
Simple age-old bugs give bad actors access to developers’ secrets and source code-rich environments.
- SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.by info@thehackernews.com (The Hacker News) on July 15, 2026 at 11:50 am
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned browser extensions, and autonomous agents. Employees routinely paste intellectual property into
- Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesdayby info@thehackernews.com (The Hacker News) on July 15, 2026 at 11:07 am
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a core system component that manages user accounts and environments. “The PoC requires
- New Webinar: Closing the Approval Gap in AI-Era Ad Techby info@thehackernews.com (The Hacker News) on July 15, 2026 at 11:06 am
A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages. This on-demand webinar reveals how this Approval Gap forms, and gives your team the blueprint to close it before an auditor, regulator, or attacker finds it first. The Reality of the Approval Gap It’s a pattern every
- Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Executionby info@thehackernews.com (The Hacker News) on July 15, 2026 at 10:55 am
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open. No prompt
- Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malwareby info@thehackernews.com (The Hacker News) on July 15, 2026 at 9:16 am
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below – @asyncapi/generator-helpers@1.1.1 @asyncapi/generator-components@0.7.1 @asyncapi/generator@3.3.1 @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) “The
- Nigeria Deepens Cybersecurity Efforts as Cybercriminals See More Profitsby Robert Lemos on July 15, 2026 at 8:00 am
The West African country advanced rules to force organizations to disclose cyberattacks, joining other nations in a shift to mandated transparency.
- Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commandsby info@thehackernews.com (The Hacker News) on July 15, 2026 at 5:30 am
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below – CVE-2026-15409 (CVSS score: 10.0) – A Server-side request forgery (SSRF) vulnerability that a remote unauthenticated attacker could exploit to
- Cribl Adds Agentic Detection Engineering & Boosts SecOps With CardinalOps Dealby Jeffrey Schwartz on July 15, 2026 at 12:05 am
CardinalOps will give Cribl customers the ability to map detection rules and security controls to the MITRE ATT&CK framework. SecOps teams can identify coverage gaps and operationalize threat intelligence.
- Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakesby Jai Vijayan on July 14, 2026 at 9:50 pm
Three of the 622 CVEs for which Microsoft issued patches this week are zero-days; there are more than 60 critical vulnerabilities.
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attackby info@thehackernews.com (The Hacker News) on July 14, 2026 at 8:25 pm
Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft’s own CVEs by its Security Update Guide count, more than triple June’s previous high of around 200. Those two live bugs are the ones to grab first. Microsoft credits incident responders for both. Both are
- 6 GHz Wi-Fi Flaws Could Disrupt Critical Systemsby Alexander Culafi on July 14, 2026 at 7:58 pm
Automated Frequency Coordination systems by default trust client-side data, which could lead to location spoofing and other attacks that disrupt traffic.
- SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Databy info@thehackernews.com (The Hacker News) on July 14, 2026 at 6:17 pm
SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could
- Manage Vendor Risk in a Few Practical Stepsby Daniel Nutkis on July 14, 2026 at 5:44 pm
Risk tolerance, exposure visibility, board oversight — handling third-party risk is complicated but achievable with disciplined, precise governance.
- Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Readsby info@thehackernews.com (The Hacker News) on July 14, 2026 at 5:27 pm
Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai; the difference is scope. Anthropic restricted the arbitrary-prompt path in May as part of its response to the
- LabubaRAT Masquerades as NVIDIA Software to Control Windows Hostsby info@thehackernews.com (The Hacker News) on July 14, 2026 at 4:52 pm
Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. “LabubaRAT creates a reusable foothold for hands-on activity,” Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today. “Once deployed, it can profile the host,
- Frontier AI: The Genie’s Out of the Bottle, but Where’s the Rulebook?by Arielle Waldman on July 14, 2026 at 4:02 pm
Cutting-edge artificial intelligence models are deploying with more independence and less human oversight. Several state governments are trying to legislate transparency in their use.
- ClickFix’s Mushrooming Ecosystem Demands New Defense Tacticsby Elizabeth Montalbano on July 14, 2026 at 3:53 pm
The attack vector is available for rent at scale, and evades AV and EDR, leaving YARA analysis as the best detection option.
- Sharp rise in AI adoption for cyber defense exposes major governance gapby David Jones on July 14, 2026 at 2:46 pm
A report by the SANS Institute indicates a split between senior security leaders and frontline practitioners.
- Healthcare sector faces persistent supply-chain security, identity management challengesby Eric Geller on July 14, 2026 at 2:36 pm
A new report says doctors and nurses should train for cyberattacks the way firefighters train for major blazes — even if they expect them to be rare.
- RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadataby info@thehackernews.com (The Hacker News) on July 14, 2026 at 1:48 pm
Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo’s security team, which discovered and reported the flaws, said one “leaks the broker’s confidential OAuth
- Cursor IDE Auto-Executes Malicious Code in Poisoned Reposby Alexander Culafi on July 14, 2026 at 1:00 pm
Researchers reported the vulnerability to Cursor in December, but it still remains in the popular AI coding platform and can be exploited in poisoned repository attacks.
- 11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Bootby info@thehackernews.com (The Hacker News) on July 14, 2026 at 12:46 pm
Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. “An attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware,”
- Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risksby info@thehackernews.com (The Hacker News) on July 14, 2026 at 11:55 am
Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person’s separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or
- How Pentera Turns AI Security Workflows into Validation Enginesby info@thehackernews.com (The Hacker News) on July 14, 2026 at 11:30 am
AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data. That fragmentation matters because attackers do not move through environments one
- OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentialsby info@thehackernews.com (The Hacker News) on July 14, 2026 at 11:21 am
At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad actors have begun
- Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Readby info@thehackernews.com (The Hacker News) on July 14, 2026 at 9:02 am
xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not
- U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Supportby info@thehackernews.com (The Hacker News) on July 14, 2026 at 8:02 am
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian
- 148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnetby info@thehackernews.com (The Hacker News) on July 14, 2026 at 7:08 am
A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site and let the students who came to dodge
- Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activityby info@thehackernews.com (The Hacker News) on July 14, 2026 at 6:19 am
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it. In