β οΈ 81M+ Azure CLI login attempts. At least 78 Microsoft accounts compromised.
The June 12-26 campaign used old breached passwords and the deprecated ROPC OAuth flow.
MFA was enabled in many cases, but Azure CLI sign-ins were still exposed.
Details here: https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html
The June 12-26 campaign used old breached passwords and the deprecated ROPC OAuth flow.
MFA was enabled in many cases, but Azure CLI sign-ins were still exposed.
Details here: https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html
π₯6π3
π₯ Anthropic is putting #Claude Fable 5 back online worldwide.
The U.S. lifted June 12 export controls tied to an Amazon-reported jailbreak that surfaced vulnerability-finding and exploit-code behavior.
Fable 5 returns July 1 across Claude platforms.
#Anthropic says its new classifier blocks the method in 99%+ of tries.
Read: https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html
The U.S. lifted June 12 export controls tied to an Amazon-reported jailbreak that surfaced vulnerability-finding and exploit-code behavior.
Fable 5 returns July 1 across Claude platforms.
#Anthropic says its new classifier blocks the method in 99%+ of tries.
Read: https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html
π₯21π€6
π "Phantom squatting" is already in the wild.
AI models invent domains. Attackers register them first. Users can get the bad link from the AI itself.
Researchers found roughly 250,000 unowned AI-invented domains.
Details here: https://thehackernews.com/2026/07/phantom-squatting-uses-ai-hallucinated.html
AI models invent domains. Attackers register them first. Users can get the bad link from the AI itself.
Researchers found roughly 250,000 unowned AI-invented domains.
Details here: https://thehackernews.com/2026/07/phantom-squatting-uses-ai-hallucinated.html
π₯6
β‘ Microsoft now has a 2029 target for post-quantum cryptography.
The company says quantum advances have shifted the risk timeline.
Its roadmap brings PQC into SFI and focuses on TLS 1.3, crypto-agility, and trust chains for signing, certificates, keys, and updates.
Why Microsoft moved the timeline: https://thehackernews.com/2026/07/microsoft-accelerates-post-quantum.html
The company says quantum advances have shifted the risk timeline.
Its roadmap brings PQC into SFI and focuses on TLS 1.3, crypto-agility, and trust chains for signing, certificates, keys, and updates.
Why Microsoft moved the timeline: https://thehackernews.com/2026/07/microsoft-accelerates-post-quantum.html
π₯5π€2
55.2% of breached respondents said they were told to keep quiet.
Bitdefender's 2026 survey of 1,200 IT and security pros shows where teams are still struggling: Shadow AI visibility, attack surface reduction, LOTL awareness, and breach transparency.
Details here: https://thehackernews.com/2026/07/2026-cybersecurity-assessment-gap.html
Bitdefender's 2026 survey of 1,200 IT and security pros shows where teams are still struggling: Shadow AI visibility, attack surface reduction, LOTL awareness, and breach transparency.
Details here: https://thehackernews.com/2026/07/2026-cybersecurity-assessment-gap.html
π₯5π2
π The Most Dangerous Code in Your Stack Is Code You Never Wrote.
Open-source dependencies are trusted by default, but one compromised package can put every downstream project at risk.
Supply chain security now means looking beyond known CVEs and watching how code behaves at runtime.
See how defenders are adapting: https://awards.thehackernews.com/blog/the-danger-in-your-dependencies/
Open-source dependencies are trusted by default, but one compromised package can put every downstream project at risk.
Supply chain security now means looking beyond known CVEs and watching how code behaves at runtime.
See how defenders are adapting: https://awards.thehackernews.com/blog/the-danger-in-your-dependencies/
π3π₯1
π¨ Chromium File System Access API turns browser permission into #ransomware access on Windows and Android.
AI-generated sample shows files can be encrypted after user-granted folder access.
No native payload required.
Details here π https://thehackernews.com/2026/07/ai-generated-browser-ransomware-abuses.html
AI-generated sample shows files can be encrypted after user-granted folder access.
No native payload required.
Details here π https://thehackernews.com/2026/07/ai-generated-browser-ransomware-abuses.html
π₯3π2
π¨ ALERT - Attackers are trying to exploit CVE-2026-8037 in Progress Kemp LoadMaster.
The CVSS 9.6 flaw enables unauthenticated OS command injection and arbitrary code execution on vulnerable appliances.
eSentire says the attempts it saw failed, but PoC details are now public.
Read: https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html
The CVSS 9.6 flaw enables unauthenticated OS command injection and arbitrary code execution on vulnerable appliances.
eSentire says the attempts it saw failed, but PoC details are now public.
Read: https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html
π₯3π3
π Two Cursor vulnerabilities could let hidden prompt-injection instructions escape the editorβs terminal sandbox and run commands on a developerβs machine.
Tracked as CVE-2026-50548 and CVE-2026-50549, they affect versions before 3.0.
See how it works: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html
Tracked as CVE-2026-50548 and CVE-2026-50549, they affect versions before 3.0.
See how it works: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html
π±6
π¨ Adobe patched 9 flaws in ColdFusion and Campaign Classic, 7 rated CVSS 10.0.
ColdFusion issues enable RCE, privilege escalation, file read, and bypass.
Campaign Classic CVE-2026-48286 impacts on-prem ACC v7 only.
Read: https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html
ColdFusion issues enable RCE, privilege escalation, file read, and bypass.
Campaign Classic CVE-2026-48286 impacts on-prem ACC v7 only.
Read: https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html
π₯3π€3
π Ousaban hides a ZIP payload inside an image after a fake βcorruptedβ PDF screens victims in Spain and Portugal.
The Windows banking trojan watches 24+ banks and can log keys, grab screenshots, tamper with the clipboard, and enable remote control.
How the fake PDF turns into Ousaban: https://thehackernews.com/2026/07/ousaban-banking-trojan-targets-iberian.html
The Windows banking trojan watches 24+ banks and can log keys, grab screenshots, tamper with the clipboard, and enable remote control.
How the fake PDF turns into Ousaban: https://thehackernews.com/2026/07/ousaban-banking-trojan-targets-iberian.html
π₯3π1
π’ WEBINAR - The developer who built the automation may have left months ago, but the access token hasnβt.
That AI agent is still running with standing privileges and no current human owner.
SailPoint experts show how to find every orphaned one and map it back to a real person.
π See how here: https://thehacker.news/securing-ai-use
That AI agent is still running with standing privileges and no current human owner.
SailPoint experts show how to find every orphaned one and map it back to a real person.
π See how here: https://thehacker.news/securing-ai-use
π2
PureLogs Stealer now hides behind Blogger pages and a fake PDF JavaScript file.
Experts say VEIL#DROP uses PowerShell, dynamic Blogspot URLs, fileless .NET loading, and #Microsoft-signed LOLBins to evade detection.
How the chain unfolds: https://thehackernews.com/2026/07/veildrop-malware-chain-uses-blogger.html
Experts say VEIL#DROP uses PowerShell, dynamic Blogspot URLs, fileless .NET loading, and #Microsoft-signed LOLBins to evade detection.
How the chain unfolds: https://thehackernews.com/2026/07/veildrop-malware-chain-uses-blogger.html
π2π₯2π€―2π1
90+ spoofed software domains are pushing AsyncRAT through ScreenConnect.
Kaspersky says the sites mimic OBS Studio, Bandicam, DNS Jumper, and DS4Windows, then use SEO to surface in Google and Bing.
How the fake installers turn ScreenConnect into RAT access: https://thehackernews.com/2026/07/seo-poisoned-software-sites-abuse.html
Kaspersky says the sites mimic OBS Studio, Bandicam, DNS Jumper, and DS4Windows, then use SEO to surface in Google and Bing.
How the fake installers turn ScreenConnect into RAT access: https://thehackernews.com/2026/07/seo-poisoned-software-sites-abuse.html
π₯4
π₯ Scattered Spider now has another accused member in U.S. custody.
Peter Stokes, 19-years-old, was extradited from Finland after prosecutors tied βBouquetβ to at least four alleged intrusions.
One included an $8M crypto demand.
Read - https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html
Peter Stokes, 19-years-old, was extradited from Finland after prosecutors tied βBouquetβ to at least four alleged intrusions.
One included an $8M crypto demand.
Read - https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html
π3π±2
β‘ Argo CD repo-server has an UNPATCHED code execution flaw (no CVE).
Experts say unauthenticated gRPC access can execute commands on the service.
With default Helm installs, a single compromised pod can reach it if network policies are off. That path extends to Redis cache poisoning and cluster takeover.
Repo-server attack flow explained: https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html
Experts say unauthenticated gRPC access can execute commands on the service.
With default Helm installs, a single compromised pod can reach it if network policies are off. That path extends to Redis cache poisoning and cluster takeover.
Repo-server attack flow explained: https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html
π€―4π2