π¨ Nearby file sharing has a local blind spot.
Researchers found six flaws in AirDrop and Quick Share that can crash sharing services, bypass Samsung session checks, and trigger a crash in Googleβs Windows app.
Apple and Google have started fixes.
Read: https://thehackernews.com/2026/06/airdrop-and-quick-share-flaws-let.html
Researchers found six flaws in AirDrop and Quick Share that can crash sharing services, bypass Samsung session checks, and trigger a crash in Googleβs Windows app.
Apple and Google have started fixes.
Read: https://thehackernews.com/2026/06/airdrop-and-quick-share-flaws-let.html
π5π₯3π2
π SimpleHelp RMM CVE-2026-48558 exploited for OIDC authentication bypass.
Attackers gain technician sessions to deploy TaskWeaver and Djinn Stealer. Djinn Stealer targets cloud, code, AI tools, browsers, SSH, and wallets.
Read the full story: https://thehackernews.com/2026/06/attackers-exploit-simplehelp-cve-2026.html
Attackers gain technician sessions to deploy TaskWeaver and Djinn Stealer. Djinn Stealer targets cloud, code, AI tools, browsers, SSH, and wallets.
Read the full story: https://thehackernews.com/2026/06/attackers-exploit-simplehelp-cve-2026.html
π₯4π3
Fraud infrastructure for FIFA World Cup 2026 was already in place before June 11 kickoff.
Check Point saw 60x spike in fake sportsbook apps (64 samples) + large-scale travel/phishing domains, some with MX set for email interception.
Full report: https://thehackernews.com/2026/06/what-numbers-say-about-fifa-2026-cyber.html
Check Point saw 60x spike in fake sportsbook apps (64 samples) + large-scale travel/phishing domains, some with MX set for email interception.
Full report: https://thehackernews.com/2026/06/what-numbers-say-about-fifa-2026-cyber.html
π3π₯2
π A leaked AI key is not just a secret anymore.
It is a running bill.
Researchers tested 444 iOS AI chatbot apps. Over 250 exposed paid LLM access through network traffic.
> Plaintext keys
> Replayable tokens
> Open backend proxies with no auth
Read the THN report: https://thehackernews.com/2026/06/282-ios-apps-found-leaking-llm-api-keys.html
It is a running bill.
Researchers tested 444 iOS AI chatbot apps. Over 250 exposed paid LLM access through network traffic.
> Plaintext keys
> Replayable tokens
> Open backend proxies with no auth
Read the THN report: https://thehackernews.com/2026/06/282-ios-apps-found-leaking-llm-api-keys.html
π€6π₯3
π Old shell tricks didnβt die. They found a new target π AI coding agents.
Researchers shows how Bash parsing can slip past weak text-based command guards, letting r''m become rm before execution.
GuardFall bypass worked on 10 of 11 open-source agents tested.
Read how it works: https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html
Researchers shows how Bash parsing can slip past weak text-based command guards, letting r''m become rm before execution.
GuardFall bypass worked on 10 of 11 open-source agents tested.
Read how it works: https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html
π6
β οΈ A fake βGoogle Notesβ extension is swapping #cryptocurrency wallet addresses inside Chromium browsers.
Experts call it "Silent Swap"
Unsigned .NET and Golang installers inject the extension, alter browser preference files, and use EtherHiding to rotate C2.
Details here β https://thehackernews.com/2026/06/silent-swap-crypto-clipper-uses-fake.html
Experts call it "Silent Swap"
Unsigned .NET and Golang installers inject the extension, alter browser preference files, and use EtherHiding to rotate C2.
Details here β https://thehackernews.com/2026/06/silent-swap-crypto-clipper-uses-fake.html
π6π€―6π₯5
π¨ CVE-2026-33017 is being exploited against Langflow.
Attackers abuse an unauthenticated API endpoint to run Python code, drop Lambsys, and launch a Monero miner.
Lambsys can spread via reused SSH keys.
Langflow attack chain: https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html
Attackers abuse an unauthenticated API endpoint to run Python code, drop Lambsys, and launch a Monero miner.
Lambsys can spread via reused SSH keys.
Langflow attack chain: https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html
π7π₯3
π A new RustDuck botnet is turning routers, cameras, Android boxes, and poorly secured servers into DDoS nodes.
It spreads through weak Telnet/SSH logins, exposed ADB, and old flaws, while its newer core is being rewritten in Rust.
Details π https://thehackernews.com/2026/06/rustduck-botnet-rebuilds-in-rust-to.html
It spreads through weak Telnet/SSH logins, exposed ADB, and old flaws, while its newer core is being rewritten in Rust.
Details π https://thehackernews.com/2026/06/rustduck-botnet-rebuilds-in-rust-to.html
π4π₯1π1
β οΈ Microsoft is warning about a new way AI agents can be manipulated through MCP tools.
The issue is not a broken rule or a software bug.
A malicious tool description can hide instructions that make an agent collect company data, such as unpaid invoices, and send it out through a normal-looking tool call.
Details here: https://thehackernews.com/2026/06/microsoft-warns-poisoned-mcp-tool.html
The issue is not a broken rule or a software bug.
A malicious tool description can hide instructions that make an agent collect company data, such as unpaid invoices, and send it out through a normal-looking tool call.
Details here: https://thehackernews.com/2026/06/microsoft-warns-poisoned-mcp-tool.html
π₯11
β οΈ Citrix patched six NetScaler ADC and Gateway flaws, including an unauthenticated arbitrary file read.
Other bugs can trigger memory overread or DoS in specific SAML, Gateway, AAA, DNS, Oracle LB, TCP Profile, and HTTP/2 setups.
Details here: https://thehackernews.com/2026/07/citrix-patches-six-netscaler-flaws.html
Other bugs can trigger memory overread or DoS in specific SAML, Gateway, AAA, DNS, Oracle LB, TCP Profile, and HTTP/2 setups.
Details here: https://thehackernews.com/2026/07/citrix-patches-six-netscaler-flaws.html
β‘6π₯3
π¨ ClickFix is no longer just a fake CAPTCHA trick.
A researcher analyzed roughly 3,000 live payloads and found API-driven servers generating fresh obfuscated commands on request.
A newer Downloads-folder method keeps the bad code out of the clipboard to slip past AMSI.
Read: https://thehackernews.com/2026/07/researcher-analyzes-3000-live-clickfix.html
A researcher analyzed roughly 3,000 live payloads and found API-driven servers generating fresh obfuscated commands on request.
A newer Downloads-folder method keeps the bad code out of the clipboard to slip past AMSI.
Read: https://thehackernews.com/2026/07/researcher-analyzes-3000-live-clickfix.html
π6π₯2
β οΈ 81M+ Azure CLI login attempts. At least 78 Microsoft accounts compromised.
The June 12-26 campaign used old breached passwords and the deprecated ROPC OAuth flow.
MFA was enabled in many cases, but Azure CLI sign-ins were still exposed.
Details here: https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html
The June 12-26 campaign used old breached passwords and the deprecated ROPC OAuth flow.
MFA was enabled in many cases, but Azure CLI sign-ins were still exposed.
Details here: https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html
π₯6π3
π₯ Anthropic is putting #Claude Fable 5 back online worldwide.
The U.S. lifted June 12 export controls tied to an Amazon-reported jailbreak that surfaced vulnerability-finding and exploit-code behavior.
Fable 5 returns July 1 across Claude platforms.
#Anthropic says its new classifier blocks the method in 99%+ of tries.
Read: https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html
The U.S. lifted June 12 export controls tied to an Amazon-reported jailbreak that surfaced vulnerability-finding and exploit-code behavior.
Fable 5 returns July 1 across Claude platforms.
#Anthropic says its new classifier blocks the method in 99%+ of tries.
Read: https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html
π₯21π€6
π "Phantom squatting" is already in the wild.
AI models invent domains. Attackers register them first. Users can get the bad link from the AI itself.
Researchers found roughly 250,000 unowned AI-invented domains.
Details here: https://thehackernews.com/2026/07/phantom-squatting-uses-ai-hallucinated.html
AI models invent domains. Attackers register them first. Users can get the bad link from the AI itself.
Researchers found roughly 250,000 unowned AI-invented domains.
Details here: https://thehackernews.com/2026/07/phantom-squatting-uses-ai-hallucinated.html
π₯7
β‘ Microsoft now has a 2029 target for post-quantum cryptography.
The company says quantum advances have shifted the risk timeline.
Its roadmap brings PQC into SFI and focuses on TLS 1.3, crypto-agility, and trust chains for signing, certificates, keys, and updates.
Why Microsoft moved the timeline: https://thehackernews.com/2026/07/microsoft-accelerates-post-quantum.html
The company says quantum advances have shifted the risk timeline.
Its roadmap brings PQC into SFI and focuses on TLS 1.3, crypto-agility, and trust chains for signing, certificates, keys, and updates.
Why Microsoft moved the timeline: https://thehackernews.com/2026/07/microsoft-accelerates-post-quantum.html
π₯5π€4
55.2% of breached respondents said they were told to keep quiet.
Bitdefender's 2026 survey of 1,200 IT and security pros shows where teams are still struggling: Shadow AI visibility, attack surface reduction, LOTL awareness, and breach transparency.
Details here: https://thehackernews.com/2026/07/2026-cybersecurity-assessment-gap.html
Bitdefender's 2026 survey of 1,200 IT and security pros shows where teams are still struggling: Shadow AI visibility, attack surface reduction, LOTL awareness, and breach transparency.
Details here: https://thehackernews.com/2026/07/2026-cybersecurity-assessment-gap.html
π₯6π2
π The Most Dangerous Code in Your Stack Is Code You Never Wrote.
Open-source dependencies are trusted by default, but one compromised package can put every downstream project at risk.
Supply chain security now means looking beyond known CVEs and watching how code behaves at runtime.
See how defenders are adapting: https://awards.thehackernews.com/blog/the-danger-in-your-dependencies/
Open-source dependencies are trusted by default, but one compromised package can put every downstream project at risk.
Supply chain security now means looking beyond known CVEs and watching how code behaves at runtime.
See how defenders are adapting: https://awards.thehackernews.com/blog/the-danger-in-your-dependencies/
π4π₯2
π¨ Chromium File System Access API turns browser permission into #ransomware access on Windows and Android.
AI-generated sample shows files can be encrypted after user-granted folder access.
No native payload required.
Details here π https://thehackernews.com/2026/07/ai-generated-browser-ransomware-abuses.html
AI-generated sample shows files can be encrypted after user-granted folder access.
No native payload required.
Details here π https://thehackernews.com/2026/07/ai-generated-browser-ransomware-abuses.html
π₯5π2
π¨ ALERT - Attackers are trying to exploit CVE-2026-8037 in Progress Kemp LoadMaster.
The CVSS 9.6 flaw enables unauthenticated OS command injection and arbitrary code execution on vulnerable appliances.
eSentire says the attempts it saw failed, but PoC details are now public.
Read: https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html
The CVSS 9.6 flaw enables unauthenticated OS command injection and arbitrary code execution on vulnerable appliances.
eSentire says the attempts it saw failed, but PoC details are now public.
Read: https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html
π₯4π3
π Two Cursor vulnerabilities could let hidden prompt-injection instructions escape the editorβs terminal sandbox and run commands on a developerβs machine.
Tracked as CVE-2026-50548 and CVE-2026-50549, they affect versions before 3.0.
See how it works: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html
Tracked as CVE-2026-50548 and CVE-2026-50549, they affect versions before 3.0.
See how it works: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html
π±7
π¨ Adobe patched 9 flaws in ColdFusion and Campaign Classic, 7 rated CVSS 10.0.
ColdFusion issues enable RCE, privilege escalation, file read, and bypass.
Campaign Classic CVE-2026-48286 impacts on-prem ACC v7 only.
Read: https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html
ColdFusion issues enable RCE, privilege escalation, file read, and bypass.
Campaign Classic CVE-2026-48286 impacts on-prem ACC v7 only.
Read: https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html
π₯4π€4