Malware Software Supply Chain4 Min Read July 11, 2026 Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, …
3 Min Read July 11, 2026 Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns Cybersecurity researchers have disclosed details of sustained cyber… Cyber Espionage Threat Intelligence
2 Min Read July 11, 2026 Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions Zimbra is urging customers to apply updates to address a critical… Email Security Vulnerability
3 Min Read July 10, 2026 URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat Progress Software has told ShareFile customers to shut down the Windows… Enterprise Security Security Incident
Malware Software Supply Chain3 Min Read July 10, 2026 Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the…
Firmware Security Vulnerability4 Min Read July 10, 2026 Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as…
Hardware Security Vulnerability5 Min Read July 10, 2026 Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto…
AI Security Vulnerability2 Min Read July 10, 2026 Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if…
Enterprise Security Malware2 Min Read July 10, 2026 New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON.…
Server Security Vulnerability3 Min Read July 10, 2026 Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of…
Asset Management Enterprise Security4 Min Read July 10, 2026 From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale Most enterprises assume their asset inventory is close enough to accurate. The evidence suggests otherwise. According to a survey of over 600…
Cybercrime Website Security6 Min Read July 10, 2026 Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the…
Mobile Security Privacy6 Min Read July 10, 2026 Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the…
Authentication Enterprise Security3 Min Read July 10, 2026 Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365…
Cryptocurrency Vulnerability4 Min Read July 10, 2026 Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is…
Cybercrime Law Enforcement2 Min Read July 10, 2026 Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks A 41-year-old former ransomware negotiator has been sentenced to nearly six years (i.e., 70 months) in prison in the U.S. for their role in…
Developer Security Supply Chain Security2 Min Read July 9, 2026 Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations,…
Cyber Espionage Malware4 Min Read July 9, 2026 New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older…
DevSecOps Supply Chain Security2 Min Read July 9, 2026 npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access…
Cybersecurity News Hacking News12 Min Read July 9, 2026 ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because…
AI Security Zero Trust2 Min Read July 9, 2026 AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write…
AI Security Application Security12 Min Read July 9, 2026 Summer of Clearinghouses Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it…
Endpoint Security Malware3 Min Read July 9, 2026 GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security…
Endpoint Security Vulnerability3 Min Read July 9, 2026 Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became…
AI Security Threat Detection4 Min Read July 8, 2026 AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off…
AI Security Botnet5 Min Read July 8, 2026 New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name…
Network Security Vulnerability2 Min Read July 8, 2026 Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and…
Email Security Phishing Windows4 Min Read July 8, 2026 New Ghost Phishing Wave Is Breaking Traditional Email Security A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost…
AI Security Cybercrime4 Min Read July 8, 2026 SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using…
DevSecOps Open Source Security4 Min Read July 8, 2026 GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any…
Compliance Identity Security4 Min Read July 8, 2026 The Verification Step Is the New ATO Battleground in 2026 For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated…
Malware Network Security2 Min Read July 8, 2026 China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by…
Cloud Security Vulnerability3 Min Read July 8, 2026 15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in…
AI Security Vulnerability3 Min Read July 8, 2026 CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities…
Malware Mobile Security3 Min Read July 7, 2026 RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill…
Email Security Vulnerability4 Min Read July 7, 2026 Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering…
Exploits Malware Network Vulnerabilities2 Min Read July 7, 2026 CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication…
Enterprise Security Vulnerability2 Min Read July 7, 2026 BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA)…
Malware Threat Intelligence3 Min Read July 6, 2026 Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented…
Linux Vulnerability5 Min Read July 6, 2026 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host…
DevOps Vulnerability2 Min Read July 6, 2026 Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig.…
Cybersecurity Hacking15 Min Read July 6, 2026 ⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt.…
Cyber Espionage Endpoint Security2 Min Read July 6, 2026 New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The…
Endpoint Security Malware4 Min Read July 6, 2026 New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows,…
Vulnerability Web Security4 Min Read July 6, 2026 Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a…
AI Security Threat Detection5 Min Read July 6, 2026 SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working,…