{"updated":1784035730120,"items":[{"title":"Cursor IDE Auto-Executes Malicious Code in Poisoned Repos","summary":"Researchers reported the vulnerability to Cursor in December, but it still remains in the popular AI coding platform and can be exploited in poisoned repository attacks.","cat":"vulnerability","ts":1784034000000,"source":"Dark Reading","link":"https://www.darkreading.com/application-security/cursor-ide-malicious-code-poisoned-repos"},{"title":"11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot","summary":"Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the moder","cat":"research","ts":1784033178000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/11-old-microsoft-signed-linux-uefi.html"},{"title":"Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks","summary":"Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way ","cat":"breach","ts":1784030100000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/study-of-85-crypto-wallet-extensions.html"},{"title":"How Pentera Turns AI Security Workflows into Validation Engines","summary":"AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragment","cat":"research","ts":1784028600000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/how-pentera-turns-ai-security-workflows.html"},{"title":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials","summary":"At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate ","cat":"breach","ts":1784028095000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/oauth-client-id-spoofing-lets-attackers.html"},{"title":"Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read","summary":"xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publi","cat":"research","ts":1784019768000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/grok-build-uploads-entire-git.html"},{"title":"U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support","summary":"The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious act","cat":"ransomware","ts":1784016153000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/us-sanctions-first-vpn-service-and.html"},{"title":"148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet","summary":"A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog","cat":"malware","ts":1784012916000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html"},{"title":"Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity","summary":"Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The","cat":"ransomware","ts":1784009964000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/microsoft-maps-year-long-shinyhunters.html"},{"title":"Weak Security Continues to Fuel Russian Cyberattacks","summary":"In a first, the UK and the EU jointly imposed sanctions on Russian individuals and entities for cyberattacks and disinformation campaigns in the region.","cat":"nation-state","ts":1783977899000,"source":"Dark Reading","link":"https://www.darkreading.com/endpoint-security/weak-security-fuel-russian-cyberattacks"},{"title":"'Yellow Teams' Are Defining the Future of AI Security","summary":"In some companies, engineers are building defense and attack tools to test the potential of artificial intelligence for cybersecurity — and its threat.","cat":"research","ts":1783966710000,"source":"Dark Reading","link":"https://www.darkreading.com/cybersecurity-operations/yellow-teams-defining-future-ai-security"},{"title":"CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks","summary":"Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that ","cat":"malware","ts":1783964172000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/crashstealer-macos-malware-uses.html"},{"title":"Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found","summary":"Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector bui","cat":"research","ts":1783963044000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html"},{"title":"GigaWiper Lets Threat Actors Choose Their Own Destructive Attack","summary":"A modular implant borrows from various malware families to combine both backdoor and wiper activities to maximize impact and minimize operational output.","cat":"malware","ts":1783961454000,"source":"Dark Reading","link":"https://www.darkreading.com/cyberattacks-data-breaches/gigawiper-threat-actors-choose-their-own-destructive-attack"},{"title":"⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More","summary":"Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the o","cat":"ransomware","ts":1783955157000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/weekly-recap-sharefile-threat-citrix.html"},{"title":"Lessons Learned from CISA s Recent GitHub Leak","summary":"The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys --","cat":"breach","ts":1783955008000,"source":"Krebs on Security","link":"https://krebsonsecurity.com/2026/07/lessons-learned-from-cisas-recent-github-leak/"},{"title":"New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email","summary":"Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false \"fact\" abou","cat":"research","ts":1783950588000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/new-memghost-attack-plants-persistent.html"},{"title":"Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft","summary":"A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assis","cat":"research","ts":1783947813000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/forg365-phaas-targets-microsoft-365.html"},{"title":"Turning the Tables on Email Scammers With 'ScamBuster'","summary":"An open source, AI-driven system adopts victim personas to engage with phishing attackers, allowing organizations and law enforcement to gather relevant data on cybercriminal operations.","cat":"research","ts":1783947600000,"source":"Dark Reading","link":"https://www.darkreading.com/cyberattacks-data-breaches/turning-tables-email-scammers-scambuster"},{"title":"Meta Files Patent for AI That Can Listen All Day and Track How You're Feeling","summary":"Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read. ","cat":"research","ts":1783943686000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/meta-files-patent-for-ai-that-can.html"},{"title":"Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots","summary":"A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connec","cat":"research","ts":1783942625000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/thinking-fast-and-slow-in-soc-case-for.html"},{"title":"Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory","summary":"Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. \"The script looked for the Domain C","cat":"research","ts":1783940553000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/attacker-uses-suspected-ai-generated.html"},{"title":"Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365","summary":"An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080","cat":"research","ts":1783927800000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/misconfigured-server-reveals-three.html"},{"title":"iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days","summary":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabiliti","cat":"vulnerability","ts":1783920962000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/icagenda-and-balbooa-forms-joomla-flaws.html"},{"title":"Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install","summary":"The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook th","cat":"malware","ts":1783792766000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html"},{"title":"Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns","summary":"Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat a","cat":"nation-state","ts":1783792171000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/hackers-weaponize-balochistan-police.html"},{"title":"Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions","summary":"Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been desc","cat":"vulnerability","ts":1783752355000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html"},{"title":"Jen Ellis: Connecting Cyber Community With Political Machinery","summary":"Security Pro File: On the heels of her recent honors as a Member of the Order of the British Empire (MBE), we take a look back at the events that shaped Jen Ellis' advocacy on behalf of security resea","cat":"research","ts":1783710484000,"source":"Dark Reading","link":"https://www.darkreading.com/cybersecurity-operations/jen-ellis-connecting-cyber-community-political-machinery"},{"title":"Cybercriminals Flock to Healthcare Businesses as Attacks Surge","summary":"While cyberattacks against hospitals and clinics grew modestly in the first half of 2026, attacks on service providers and other healthcare businesses more than doubled.","cat":"research","ts":1783702294000,"source":"Dark Reading","link":"https://www.darkreading.com/threat-intelligence/cybercriminals-healthcare-businesses-attacks-surge"},{"title":"URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat","summary":"Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a \"credible external secu","cat":"research","ts":1783701000000,"source":"The Hacker News","link":"https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html"}]}