The Hacker News
βœ”
162K subscribers
3.29K photos
21 videos
4 files
9.25K links
⭐ Official THN Telegram Channel β€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.

πŸ“¨ Contact: admin@thehackernews.com

🌐 Website: https://thehackernews.com
Download Telegram
⚠️ Microsoft is warning about a new way AI agents can be manipulated through MCP tools.

The issue is not a broken rule or a software bug.

A malicious tool description can hide instructions that make an agent collect company data, such as unpaid invoices, and send it out through a normal-looking tool call.

Details here: https://thehackernews.com/2026/06/microsoft-warns-poisoned-mcp-tool.html
πŸ”₯11
⚠️ Citrix patched six NetScaler ADC and Gateway flaws, including an unauthenticated arbitrary file read.

Other bugs can trigger memory overread or DoS in specific SAML, Gateway, AAA, DNS, Oracle LB, TCP Profile, and HTTP/2 setups.

Details here: https://thehackernews.com/2026/07/citrix-patches-six-netscaler-flaws.html
⚑6πŸ”₯3
🚨 ClickFix is no longer just a fake CAPTCHA trick.

A researcher analyzed roughly 3,000 live payloads and found API-driven servers generating fresh obfuscated commands on request.

A newer Downloads-folder method keeps the bad code out of the clipboard to slip past AMSI.

Read: https://thehackernews.com/2026/07/researcher-analyzes-3000-live-clickfix.html
πŸ‘6πŸ”₯2
⚠️ 81M+ Azure CLI login attempts. At least 78 Microsoft accounts compromised.

The June 12-26 campaign used old breached passwords and the deprecated ROPC OAuth flow.

MFA was enabled in many cases, but Azure CLI sign-ins were still exposed.

Details here: https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html
πŸ”₯6😁3
πŸ”₯ Anthropic is putting #Claude Fable 5 back online worldwide.

The U.S. lifted June 12 export controls tied to an Amazon-reported jailbreak that surfaced vulnerability-finding and exploit-code behavior.

Fable 5 returns July 1 across Claude platforms.

#Anthropic says its new classifier blocks the method in 99%+ of tries.

Read: https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html
πŸ”₯21πŸ€”6
πŸ›‘ "Phantom squatting" is already in the wild.

AI models invent domains. Attackers register them first. Users can get the bad link from the AI itself.

Researchers found roughly 250,000 unowned AI-invented domains.

Details here: https://thehackernews.com/2026/07/phantom-squatting-uses-ai-hallucinated.html
πŸ”₯6
⚑ Microsoft now has a 2029 target for post-quantum cryptography.

The company says quantum advances have shifted the risk timeline.

Its roadmap brings PQC into SFI and focuses on TLS 1.3, crypto-agility, and trust chains for signing, certificates, keys, and updates.

Why Microsoft moved the timeline: https://thehackernews.com/2026/07/microsoft-accelerates-post-quantum.html
πŸ”₯5πŸ€”3
55.2% of breached respondents said they were told to keep quiet.

Bitdefender's 2026 survey of 1,200 IT and security pros shows where teams are still struggling: Shadow AI visibility, attack surface reduction, LOTL awareness, and breach transparency.

Details here: https://thehackernews.com/2026/07/2026-cybersecurity-assessment-gap.html
πŸ”₯6πŸ‘2
πŸ›‘ The Most Dangerous Code in Your Stack Is Code You Never Wrote.

Open-source dependencies are trusted by default, but one compromised package can put every downstream project at risk.

Supply chain security now means looking beyond known CVEs and watching how code behaves at runtime.

See how defenders are adapting: https://awards.thehackernews.com/blog/the-danger-in-your-dependencies/
😁3πŸ”₯2
🚨 Chromium File System Access API turns browser permission into #ransomware access on Windows and Android.

AI-generated sample shows files can be encrypted after user-granted folder access.

No native payload required.

Details here πŸ ’ https://thehackernews.com/2026/07/ai-generated-browser-ransomware-abuses.html
πŸ”₯4πŸ‘2
🚨 ALERT - Attackers are trying to exploit CVE-2026-8037 in Progress Kemp LoadMaster.

The CVSS 9.6 flaw enables unauthenticated OS command injection and arbitrary code execution on vulnerable appliances.

eSentire says the attempts it saw failed, but PoC details are now public.

Read: https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html
πŸ”₯3😁3
πŸ›‘ Two Cursor vulnerabilities could let hidden prompt-injection instructions escape the editor’s terminal sandbox and run commands on a developer’s machine.

Tracked as CVE-2026-50548 and CVE-2026-50549, they affect versions before 3.0.

See how it works: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html
😱6
🚨 Adobe patched 9 flaws in ColdFusion and Campaign Classic, 7 rated CVSS 10.0.

ColdFusion issues enable RCE, privilege escalation, file read, and bypass.

Campaign Classic CVE-2026-48286 impacts on-prem ACC v7 only.

Read: https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html
πŸ”₯3πŸ€”3
πŸ›‘ Ousaban hides a ZIP payload inside an image after a fake β€œcorrupted” PDF screens victims in Spain and Portugal.

The Windows banking trojan watches 24+ banks and can log keys, grab screenshots, tamper with the clipboard, and enable remote control.

How the fake PDF turns into Ousaban: https://thehackernews.com/2026/07/ousaban-banking-trojan-targets-iberian.html
πŸ”₯3😁1
πŸ“’ WEBINAR - The developer who built the automation may have left months ago, but the access token hasn’t.

That AI agent is still running with standing privileges and no current human owner.

SailPoint experts show how to find every orphaned one and map it back to a real person.

πŸ”— See how here: https://thehacker.news/securing-ai-use
😁2
PureLogs Stealer now hides behind Blogger pages and a fake PDF JavaScript file.

Experts say VEIL#DROP uses PowerShell, dynamic Blogspot URLs, fileless .NET loading, and #Microsoft-signed LOLBins to evade detection.

How the chain unfolds: https://thehackernews.com/2026/07/veildrop-malware-chain-uses-blogger.html
πŸ‘2πŸ”₯2🀯2😁1
90+ spoofed software domains are pushing AsyncRAT through ScreenConnect.

Kaspersky says the sites mimic OBS Studio, Bandicam, DNS Jumper, and DS4Windows, then use SEO to surface in Google and Bing.

How the fake installers turn ScreenConnect into RAT access: https://thehackernews.com/2026/07/seo-poisoned-software-sites-abuse.html
πŸ”₯4
πŸ”₯ Scattered Spider now has another accused member in U.S. custody.

Peter Stokes, 19-years-old, was extradited from Finland after prosecutors tied β€œBouquet” to at least four alleged intrusions.

One included an $8M crypto demand.

Read - https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html
πŸ‘3😱2
⚑ Argo CD repo-server has an UNPATCHED code execution flaw (no CVE).

Experts say unauthenticated gRPC access can execute commands on the service.

With default Helm installs, a single compromised pod can reach it if network policies are off. That path extends to Redis cache poisoning and cluster takeover.

Repo-server attack flow explained: https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html
🀯4πŸ‘2
⚠️ CISA added CVE-2026-45659 to KEV following active exploitation.

The SharePoint Server RCE was patched in May 2026.

Microsoft says an authenticated Site Member can execute code remotely β€” no admin rights required.

FCEB agencies have until July 4 to patch.

Details: https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html
πŸ›‘ Fake GitHub PoC repos are being used to infect vulnerability researchers with ChocoPoC RAT.

The PoC may look clean. The #malware hides in Python dependencies like frint and skytext, then steals saved passwords, cookies, browser data, and files.

How the trap works: https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html