BleepingComputer Jul 15, 2026, 09:55 PM (UTC)
Read
The Dutch Police announced the arrest of multiple individuals suspected of being part of an international investment fraud scheme estimated to have tens of thousands of victims. [...]
BleepingComputer Jul 15, 2026, 08:16 PM (UTC)
Read
Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts. [...]
The Hacker News Jul 15, 2026, 06:43 PM (UTC)
Read
Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successfu…
BleepingComputer Jul 15, 2026, 06:33 PM (UTC)
Read
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
BleepingComputer Jul 15, 2026, 03:37 PM (UTC)
Read
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that delivered a remote access trojan with info-stealing capabilities. [...]
The Hacker News Jul 15, 2026, 03:30 PM (UTC)
Read
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet's own desktop softw…
Infosecurity Magazine Jul 15, 2026, 03:00 PM (UTC)
Read
Six-month phishing campaign used seasonal eCard lures to plant legitimate RMM tools on victims
SecurityWeek Jul 15, 2026, 02:37 PM (UTC)
Read
An attacker can create a malicious repository containing a git.exe in the project root, and Cursor executes it automatically. The post Unpatched Cursor Vulnerability Exposes Users to Code Execution appeared first on SecurityWeek.
SecurityWeek Jul 15, 2026, 02:07 PM (UTC)
Read
Three vulnerabilities are actively exploited in attacks, including two that have been targeted as zero-days. The post CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities appeared first on SecurityWeek.
BleepingComputer Jul 15, 2026, 02:01 PM (UTC)
Read
Intruder built an AI-powered "vulnerability vending machine" that combines code slicing with LLMs to automatically discover complex software vulnerabilities. The company explains how the system found and exploited a previously unknown WordPress plugin zero-day…
Infosecurity Magazine Jul 15, 2026, 02:00 PM (UTC)
Read
Eleven forgotten Microsoft-signed UEFI shims can bypass Secure Boot on almost any machine
The Hacker News Jul 15, 2026, 01:18 PM (UTC)
Read
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719, a…
SecurityWeek Jul 15, 2026, 01:00 PM (UTC)
Read
Bitdefender researchers show how Windows bind links can create conflicting filesystem views to hide malware from endpoint security products. The post Windows Bind Link Attacks Can Hide Malware From EDR Tools appeared first on SecurityWeek.
SecurityWeek Jul 15, 2026, 12:52 PM (UTC)
Read
Attendees will be able to interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. The post Virtual Event Today: Cloud & Data Security Summit appeared first on SecurityWeek.
Cybersecurity Ventures Jul 15, 2026, 12:51 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 15, 2026 – Listen to the podcast Hunting Warhead is an award-winning investigative true-crime podcast from CBC Podcasts and the Norwegian newspaper VG. Hosted by Daemon…
Infosecurity Magazine Jul 15, 2026, 12:45 PM (UTC)
Read
Research of incidents by Sophos finds that phishing, brute force attacks and other identity-based threats have surpassed software vulnerabilities as means of delivering ransomware
Infosecurity Magazine Jul 15, 2026, 12:00 PM (UTC)
Read
Progress has restored access to its ShareFile Storage Zones Controller after a four-day suspension triggered by a credible external security threat
SecurityWeek Jul 15, 2026, 11:58 AM (UTC)
Read
The suspects and their companies were previously sanctioned by the United States and its allies. The post US Charges Russian Individuals and Firms for Running Cybercrime Services appeared first on SecurityWeek.
The Hacker News Jul 15, 2026, 11:50 AM (UTC)
Read
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem…
The Hacker News Jul 15, 2026, 11:07 AM (UTC)
Read
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User…
The Hacker News Jul 15, 2026, 11:06 AM (UTC)
Read
A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages. This on-demand webinar reveals how this Approval Gap forms, and gives your team the blu…
SecurityWeek Jul 15, 2026, 11:02 AM (UTC)
Read
A critical security defect in the ServiceNow AI platform could allow remote attackers to execute arbitrary code. The post Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow appeared first on SecurityWeek.
The Hacker News Jul 15, 2026, 10:55 AM (UTC)
Read
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your s…
SecurityWeek Jul 15, 2026, 10:18 AM (UTC)
Read
The new program stems from an AI-focused Executive Order signed by President Trump on June 2. The post White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative appeared first on SecurityWeek.
SecurityWeek Jul 15, 2026, 09:48 AM (UTC)
Read
The company has rolled out a fix and is restoring access for Storage Zones Controller customers who apply it. The post Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption appeared first on SecurityWeek.
BleepingComputer Jul 15, 2026, 09:44 AM (UTC)
Read
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting three vulnerabilities to hack Internet-exposed on-premises SharePoint Server instances. [...]
Infosecurity Magazine Jul 15, 2026, 09:20 AM (UTC)
Read
Microsoft released fixes for a record 570 CVEs in its July Patch Tuesday update, as experts warn AI is dramatically accelerating vulnerability discovery and increasing patch volumes
SecurityWeek Jul 15, 2026, 09:19 AM (UTC)
Read
The industrial giants fixed dozens of vulnerabilities across their ICS products, with advisories also released by CISA and VDE CERT. The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell appeared first on SecurityWeek.
The Hacker News Jul 15, 2026, 09:16 AM (UTC)
Read
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below - @asyncapi/generator-helper…
Infosecurity Magazine Jul 15, 2026, 08:48 AM (UTC)
Read
The UK government is warning of the potential impact of catastrophic cyber-attacks
BleepingComputer Jul 15, 2026, 08:26 AM (UTC)
Read
Microsoft is blocking this month's Windows 11 security updates on some Dell devices because they are causing shutdowns and performance issues. [...]
BleepingComputer Jul 15, 2026, 07:45 AM (UTC)
Read
U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of providing bulletproof hosting (BPH) services to ransomware gangs that caused over $62 million in damages to victims worldwide. [...]
SecurityWeek Jul 15, 2026, 07:24 AM (UTC)
Read
Public exploit code targeting the Firefox flaws exists, but no in-the-wild exploitation has been observed. The post Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates appeared first on SecurityWeek.
The Hacker News Jul 15, 2026, 05:30 AM (UTC)
Read
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-154…
BleepingComputer Jul 14, 2026, 09:23 PM (UTC)
Read
SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates. [...]
The Hacker News Jul 14, 2026, 08:25 PM (UTC)
Read
Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft's own CVEs by its Security Update Guide count, more than triple June's previous high of aro…
BleepingComputer Jul 14, 2026, 08:23 PM (UTC)
Read
The Spanish Police dismantled a cybercrime and money-laundering organization that made €140 million ($160 million) from investment fraud and business email compromise (BEC) attacks. [...]
Krebs on Security Jul 14, 2026, 07:22 PM (UTC)
Read
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last mont…
BleepingComputer Jul 14, 2026, 07:15 PM (UTC)
Read
A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware. [...]
BleepingComputer Jul 14, 2026, 06:49 PM (UTC)
Read
Microsoft has released the Windows 10 KB5099539 extended security update, which includes this month's record-breaking July 2026 Patch Tuesday fixes, along with additional security improvements. [...]
The Hacker News Jul 14, 2026, 06:17 PM (UTC)
Read
SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds wr…
BleepingComputer Jul 14, 2026, 06:01 PM (UTC)
Read
Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploited in attacks and one publicly disclosed. [...]
BleepingComputer Jul 14, 2026, 05:41 PM (UTC)
Read
Microsoft has released Windows 11's June 2026 Update for version 25H2, 24H2, and 23H2, bringing fixes for over 570 security issues. [...]
The Hacker News Jul 14, 2026, 05:27 PM (UTC)
Read
Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a sc…
The Hacker News Jul 14, 2026, 04:52 PM (UTC)
Read
Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. "LabubaRAT creates a reusable foothold for hands-on activity," Bla…
BleepingComputer Jul 14, 2026, 04:08 PM (UTC)
Read
Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates to patch the flaw. [...]
Infosecurity Magazine Jul 14, 2026, 03:28 PM (UTC)
Read
The US Department of Defense announced the immediate suspension of the CMMC Phase II requirements until further review
The Hacker News Jul 14, 2026, 01:48 PM (UTC)
Read
Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass…
Cybersecurity Ventures Jul 14, 2026, 12:51 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 14, 2026 – Watch the YouTube video “When high-trust individuals are compromised, the blast radius reaches well beyond them to their companies, partners, and networks,”…
The Hacker News Jul 14, 2026, 12:46 PM (UTC)
Read
Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vu…
Infosecurity Magazine Jul 14, 2026, 12:00 PM (UTC)
Read
Researchers at Jamf Threat Labs detail CrashStealer, which steals passwords, cryptocurrency wallets and more
The Hacker News Jul 14, 2026, 11:55 AM (UTC)
Read
Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can ti…
The Hacker News Jul 14, 2026, 11:30 AM (UTC)
Read
AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat int…
The Hacker News Jul 14, 2026, 11:21 AM (UTC)
Read
At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft E…
Infosecurity Magazine Jul 14, 2026, 09:43 AM (UTC)
Read
Supermarket giant Lidl has revealed details of a supplier breach impacting customer data
The Hacker News Jul 14, 2026, 09:02 AM (UTC)
Read
xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of t…
Infosecurity Magazine Jul 14, 2026, 08:21 AM (UTC)
Read
Five UK residents have been charged in relation to supplying Russian Coms fraud devices and apps
The Hacker News Jul 14, 2026, 08:02 AM (UTC)
Read
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The…
The Hacker News Jul 14, 2026, 07:08 AM (UTC)
Read
A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might ins…
The Hacker News Jul 14, 2026, 06:19 AM (UTC)
Read
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already exte…
The Hacker News Jul 13, 2026, 05:36 PM (UTC)
Read
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrapp…
The Hacker News Jul 13, 2026, 05:17 PM (UTC)
Read
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dorman…
Infosecurity Magazine Jul 13, 2026, 03:30 PM (UTC)
Read
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
The Hacker News Jul 13, 2026, 03:05 PM (UTC)
Read
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don't file tickets. That's the shape of t…
Krebs on Security Jul 13, 2026, 03:03 PM (UTC)
Read
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almost six months before…
Infosecurity Magazine Jul 13, 2026, 02:45 PM (UTC)
Read
Chinese and Indian spies converged on the same Balochistan police force, SentinelLabs found
The Hacker News Jul 13, 2026, 01:49 PM (UTC)
Read
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact" about the user, hide the change, and quietly steer its answers i…
The Hacker News Jul 13, 2026, 01:03 PM (UTC)
Read
A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations ta…
Infosecurity Magazine Jul 13, 2026, 01:00 PM (UTC)
Read
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
Cybersecurity Ventures Jul 13, 2026, 12:41 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 13, 2026 – Listen to the podcast Larry Clinton is the President and CEO of the Internet Security Alliance. Since 2001, ISA strives to promote the recognition of cyberse…
Infosecurity Magazine Jul 13, 2026, 12:05 PM (UTC)
Read
Progress Software, the provider of the popular file-sharing and data storage solutions, has urged customers to shut down the server hosting their Storage Zone Controller
The Hacker News Jul 13, 2026, 11:54 AM (UTC)
Read
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read. Each read gets pinned to the moment it happened: the time, y…
The Hacker News Jul 13, 2026, 11:37 AM (UTC)
Read
A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connected Claude to a few detection tools and were seeing real val…
The Hacker News Jul 13, 2026, 11:02 AM (UTC)
Read
Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. "The script looked for the Domain Controller (DC) and mapped users, computers, and domains, bef…
Infosecurity Magazine Jul 13, 2026, 10:40 AM (UTC)
Read
Cybersecurity agencies from 12 countries have warned that Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials
Infosecurity Magazine Jul 13, 2026, 09:30 AM (UTC)
Read
An Armenian man has pleaded guilty to his role in the infamous Ryuk ransomware operation
Infosecurity Magazine Jul 13, 2026, 08:30 AM (UTC)
Read
Australian Cyber Security Centre warns CMS users of mass scanning and exploitation campaign
The Hacker News Jul 13, 2026, 07:30 AM (UTC)
Read
An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history. From that…
The Hacker News Jul 13, 2026, 05:36 AM (UTC)
Read
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation…
The Hacker News Jul 11, 2026, 05:59 PM (UTC)
Read
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Wi…
The Hacker News Jul 11, 2026, 05:49 PM (UTC)
Read
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. "At Balochistan…
The Hacker News Jul 11, 2026, 06:45 AM (UTC)
Read
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that co…
The Hacker News Jul 10, 2026, 04:30 PM (UTC)
Read
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to…
The Hacker News Jul 10, 2026, 04:29 PM (UTC)
Read
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivel…
Infosecurity Magazine Jul 10, 2026, 04:00 PM (UTC)
Read
CISA reveals how it responded after sensitive AWS GovCloud credentials and internal data were exposed in a public GitHub repository
The Hacker News Jul 10, 2026, 03:57 PM (UTC)
Read
Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device. The…
Infosecurity Magazine Jul 10, 2026, 03:30 PM (UTC)
Read
A new multi-purpose backdoor allows cyber threat actors to conduct both quiet espionage activity and destructive wiping operations
The Hacker News Jul 10, 2026, 02:51 PM (UTC)
Read
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, w…
The Hacker News Jul 10, 2026, 02:19 PM (UTC)
Read
Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief…
Infosecurity Magazine Jul 10, 2026, 01:45 PM (UTC)
Read
Researchers at the AI Now Institute developed a proof-of-concept exploit showing common AI tools used for security could backfire
The Hacker News Jul 10, 2026, 01:15 PM (UTC)
Read
The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activ…
Infosecurity Magazine Jul 10, 2026, 01:00 PM (UTC)
Read
GodDamn ransomware uses remote desktop application to secretly move around networks and drop the malicious PoisonX kernel driver
Cybersecurity Ventures Jul 10, 2026, 12:18 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 10, 2026 – Watch the video The Cybercrime Magazine media team will step into the Business Hall at Black Hat USA in Las Vegas Aug. 2-4 and experience the future of cyber…
The Hacker News Jul 10, 2026, 11:47 AM (UTC)
Read
A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknam…
The Hacker News Jul 10, 2026, 11:30 AM (UTC)
Read
A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites. Far fewer were actually broken…
The Hacker News Jul 10, 2026, 10:56 AM (UTC)
Read
Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one prob…
The Hacker News Jul 10, 2026, 10:30 AM (UTC)
Read
A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta u…
Infosecurity Magazine Jul 10, 2026, 09:33 AM (UTC)
Read
Microsoft has said the volume of Windows security updates is set to grow as it uses AI to find new bugs
The Hacker News Jul 10, 2026, 09:00 AM (UTC)
Read
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak rando…
Infosecurity Magazine Jul 10, 2026, 09:00 AM (UTC)
Read
NHS tells staff they could face prison for “inappropriate” access to patients’ medical records
The Hacker News Jul 10, 2026, 08:10 AM (UTC)
Read
A 41-year-old former ransomware negotiator has been sentenced to nearly six years (i.e., 70 months) in prison in the U.S. for their role in conspiring with the now-defunct BlackCat ransomware operators to extort multiple victims and working with two other cybe…
The Hacker News Jul 9, 2026, 06:38 PM (UTC)
Read
Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitim…
The Hacker News Jul 9, 2026, 06:08 PM (UTC)
Read
Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from. Each is a different way to bre…
The Hacker News Jul 9, 2026, 04:49 PM (UTC)
Read
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the follo…
Infosecurity Magazine Jul 9, 2026, 02:00 PM (UTC)
Read
Huntress found a threat actor using vibe-coded PowerShell to map an Active Directory network
Cybersecurity Ventures Jul 9, 2026, 12:29 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 9, 2026 – Listen to the podcast Strangers were watching your children sleep. For months, anyone with basic technical knowledge could access 1.1 million baby monitors an…
Infosecurity Magazine Jul 9, 2026, 12:00 PM (UTC)
Read
Survey of cybersecurity leaders by MetaCompliance finds that many feel boards are uninterested in ever-evolving cyber risks
Infosecurity Magazine Jul 9, 2026, 11:45 AM (UTC)
Read
Operation First Light 2026, coordinated by Interpol and funded by the Chinese government, has led to 5,811 arrests
Infosecurity Magazine Jul 9, 2026, 11:00 AM (UTC)
Read
Wiz discovered GhostApproval, a symlink flaw in six major AI coding assistants that bypasses approval
Infosecurity Magazine Jul 9, 2026, 09:30 AM (UTC)
Read
Over 70 cybersecurity organizations have signed the CREST AI Charter detailing responsible use of AI for security
Infosecurity Magazine Jul 9, 2026, 07:30 AM (UTC)
Read
Cybersecurity researchers at ESET identify big rise in suspicious and malicious toolsets which put users at risk from cyber-attacks
Infosecurity Magazine Jul 8, 2026, 03:30 PM (UTC)
Read
Zimperium found RedWing, an Android spyware sold as a service via Telegram to target banking apps
Infosecurity Magazine Jul 8, 2026, 02:30 PM (UTC)
Read
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware
Cybersecurity Ventures Jul 8, 2026, 12:59 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 8, 2026 – Listen to the podcast The Internet is often portrayed as a neutral space, open and even democratic, a place full of possibilities. But for many women, the web…
Krebs on Security Jul 8, 2026, 12:31 PM (UTC)
Read
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a…
Infosecurity Magazine Jul 8, 2026, 12:30 PM (UTC)
Read
Sygnia report details how agentic AI accelerated weeks-long attack to just 72 hours
Infosecurity Magazine Jul 8, 2026, 11:00 AM (UTC)
Read
Cyber threat actors are infecting victims with the Vidar stealer and the XMRig cryptocurrency miner in a new malicious campaign
Infosecurity Magazine Jul 8, 2026, 08:10 AM (UTC)
Read
The National Cyber Security Centre wants to work with AI partners to build a new “Cyber Shield” to defend the UK
Cybersecurity Ventures Jul 7, 2026, 07:04 PM (UTC)
Read
Because scaling security isn’t just about better detection—it’s about removing the friction around it – Mayuresh Ektare, Senior Vice President, Product Management San Jose, Calif. – Jul. 7, 2026 Every security team wants better outcomes. Faster detection. Fast…
Infosecurity Magazine Jul 7, 2026, 03:40 PM (UTC)
Read
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials
Infosecurity Magazine Jul 7, 2026, 02:00 PM (UTC)
Read
Group-IB analysis argued Scattered Spider is a decentralized collective of independent clusters
Cybersecurity Ventures Jul 7, 2026, 01:51 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 7, 2026 – Listen to the podcast EdTech company Instructure confirmed a massive data breach this past spring. The ShinyHunters group claimed responsibility, alleging tha…
Infosecurity Magazine Jul 7, 2026, 10:00 AM (UTC)
Read
More than 60 organizations, including M&S, Microsoft UK and Vodafone, have signed the UK government's Cyber Resilience Pledge, a new initiative aimed at boosting cyber security and resilience across British businesses
Infosecurity Magazine Jul 7, 2026, 08:20 AM (UTC)
Read
Threat actors are exploiting an Adobe ColdFusion vulnerability which has a CVSS score of 10.0
Infosecurity Magazine Jul 7, 2026, 07:00 AM (UTC)
Read
Attacks also used a compromised chatbot in campaign to steal sensitive information from Business Users
Infosecurity Magazine Jul 6, 2026, 04:00 PM (UTC)
Read
Check Point researchers have identified a new cyber adversary targeting Israeli government and IT businesses, tracked as ‘Cavern Manticore’
Infosecurity Magazine Jul 6, 2026, 03:00 PM (UTC)
Read
Zscaler found sites hiding prompt-injection text to manipulate AI agents into crypto payments
Infosecurity Magazine Jul 6, 2026, 02:15 PM (UTC)
Read
Opera GX flaw let sites automatically install mods to steal data from other pages, now patched
Cybersecurity Ventures Jul 6, 2026, 12:38 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 6, 2026 – Watch the YouTube video “One of the biggest misconceptions in cybersecurity is that seeing a problem means you’re protected,” Ariel Litmanovich, co-founder an…
Infosecurity Magazine Jul 6, 2026, 09:00 AM (UTC)
Read
IWF and NCA warn that growing numbers of images and videos are being manipulated into sexual abuse material
Infosecurity Magazine Jul 6, 2026, 08:30 AM (UTC)
Read
Researchers have revealed JadePuffer, the first agentic AI-powered ransomware campaign, highlighting how autonomous agents can automate cyber-attacks
Infosecurity Magazine Jul 3, 2026, 01:00 PM (UTC)
Read
The ransomware landscape is reconsolidating around major players, with Qilin emerging as the leading RaaS operation, researchers say
Infosecurity Magazine Jul 3, 2026, 11:30 AM (UTC)
Read
Researchers warn that collaboration could lead to “unprecedented” ransomware attacks, as FBI also issues warning
Infosecurity Magazine Jul 3, 2026, 09:35 AM (UTC)
Read
The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets
Krebs on Security Jul 2, 2026, 07:27 PM (UTC)
Read
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR].…
Cybersecurity Ventures Jul 2, 2026, 01:17 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 1, 2026 – Watch the YouTube video For years, social engineering has been the most common and effective attack vector in cybersecurity, according to Doppel, developers o…
Infosecurity Magazine Jul 2, 2026, 12:51 PM (UTC)
Read
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities first
Infosecurity Magazine Jul 2, 2026, 12:00 PM (UTC)
Read
Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world
Infosecurity Magazine Jul 2, 2026, 10:00 AM (UTC)
Read
The NCSC has shared best practice advice from pen testers which could help improve system resilience
Infosecurity Magazine Jul 2, 2026, 08:45 AM (UTC)
Read
A teenager accused of hacking as part of Scattered Spider has been arrested