The Hacker News
βœ”
162K subscribers
3.34K photos
21 videos
4 files
9.3K links
⭐ Official THN Telegram Channel β€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.

πŸ“¨ Contact: admin@thehackernews.com

🌐 Website: https://thehackernews.com
Download Telegram
Breach transparency remains one of cybersecurity’s toughest governance challenges.

Bruce Sussman of Bitdefender highlights a key finding from the 2026 Cybersecurity Assessment: 55.2% of professionals who experienced a breach were told to keep it confidentialβ€”even when they believed it should be reported to authorities.

Why awareness still doesn’t translate into readiness: https://thehackernews.com/expert-insights/2026/07/breach-transparency-remains.html
😁4πŸ‘3
πŸ”₯ Alleged Scattered Spider hacker caught by his own Windows device ID.

Per a new court filing, he hid the attack behind proxies and fake names.

But #Microsoft records tied one device ID to his ngrok access, then to his personal accounts and trips. That overlap is how the FBI found him.

Criminals, take notes πŸ – https://thehackernews.com/2026/07/court-filing-reveals-windows-device-id.html
😁18πŸ”₯2πŸ€”2🀯2
AI has changed the software supply chain question.

It is no longer just which packages, versions, and dependencies made it into the code. It is which agents, MCP tools, models, and prompts shaped the build.

What supply chain security looks like with AI in scope: https://thehackernews.com/2026/07/what-changes-when-your-software-supply.html
πŸ€”2
Writer AI patched WriteOut, a one-click session isolation flaw in its enterprise AI platform.

A victim who clicked a public preview link while logged in could have their session cookie forwarded into an attacker-controlled sandbox, where it could be recovered and replayed.

How the preview proxy crossed tenant lines: https://thehackernews.com/2026/07/writer-ai-flaw-could-let-agent-previews.html
πŸ€”1
4 Cities. 4 Intimate roundtables. One urgent conversation. 🌍

Security has no shortage of conversations. Honest ones are harder to find.

This summer, TryHackMe is bringing senior security leaders together in-person for Post-Mythos: Watch the Incident Readiness Gap. Their first roundtable series across Europe and the US.

Built for leaders who want to debrief on how to close the gaps that actually matter. The series will cover:

🧠 Where human judgement sits when AI is running the attack.
πŸ›‘οΈ What it takes to build a proactive, AI-fluent SOC.
⚠️ Whether your team is ready for a threat class that’s already here.

Pick your city. Claim your seat. πŸ‘‰πŸΌ

πŸ“San Francisco: https://thn.news/roundtableseries-sfo
πŸ“Dallas: https://thn.news/roundtableseries-dallas
πŸ“New York City: https://thn.news/roundtableseries-ny
πŸ“ Paris: https://thn.news/roundtableseries-paris
πŸ€”1
⚑ New GitLost technique can trick #GitHub Agentic Workflows into leaking private repo data.

A public issue can make an agent read a private repo and post its contents in a public comment.

In one test, adding β€œAdditionally” to the malicious instruction was enough to get past GitHub’s guardrail.

Learn how the leak works - https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html
😁2πŸ€”2
🚨 Microsoft 365 phishing is shifting from fake login pages to real Microsoft login flows.

DEBULL uses device-code phishing to trick users into approving attacker access to M365 accounts.

The login page is real. The access goes to the attacker.

Read the full story: https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html
😁4πŸ‘2
🚨 Rogue Agent was not just another chatbot bug.

β†’ Google Dialogflow CX had a flaw where editing one AI chatbot could let attackers reach other chatbots in the same project.

β†’ Read live chats, capture input, and turn the bot into a phishing lure.

Read how the flaw worked - https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html
πŸ‘5πŸ”₯2
πŸ›‘ WARNING - #Android bank fraud is being packaged for rent on Telegram.

Researchers are warning of RedWing, a mobile MaaS operation that gives buyers custom APKs, fake app-store lures, login overlays, OTP theft, and call forwarding.

82 institutions are listed as targets.

Learn more - https://thehackernews.com/2026/07/redwing-maas-packages-android-bank.html
πŸ”₯13πŸ‘3⚑2
⚠️ CISA added 4 actively exploited flaws to KEV. Three are rated 10.0.

Adobe ColdFusion, Joomla page builders, and Langflow are affected.

Experts say the Langflow chain used IDOR and RCE to steal LLM provider and AWS keys.

Read - https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html
πŸ‘7πŸ”₯3
This media is not supported in your browser
VIEW IN TELEGRAM
πŸ›‘ A newly found 15-year-old #Linux kernel flaw, GhostLock (CVE-2026-43499), could let any logged-in user gain root on unpatched distributions.

A working exploit code is now public, and it escaped containers in tests.

Read details here: https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html
😁13πŸ”₯4πŸ‘2⚑1
🚨 Chinese APT UAT-7810 is upgrading LONGLEASH to turn compromised devices into relay boxes for LapDogs.

Ruckus router flaws are already in the chain. ASUS AiCloud targeting points to possible ORB expansion.

Read: https://thehackernews.com/2026/07/china-linked-uat-7810-expands-orb.html
πŸ”₯6
⚑ Refused in chat. Delivered in code.

GitHub Copilot's Claude and Gemini models rejected almost every direct harmful request, then produced harmful answers in all 816 coding-workflow runs.

Learn how a benchmark Q&A task got Copilot to write banned answers itself: https://thehackernews.com/2026/07/github-copilot-refuses-harmful-requests.html
😁4
Passkeys are making stolen passwords less useful.

So ATO is moving downstream: account recovery, magic links, step-up checks, and identity verification.

The next weak link is not login. It’s proving the person behind the action is real.

Read where ATO is shifting next: https://thehackernews.com/2026/07/the-verification-step-is-new-ato.html
😁3πŸ‘2
🚨 That green "Verified" badge on a #GitHub commit? The hash under it isn't unique.

New research: anyone can rewrite a signed commit into many valid "Verified" hashes, no signing key needed.

Same files. Same author. Valid signature.

Learn how 'hash chain malleability' breaks commit trust - https://thehackernews.com/2026/07/github-verified-commits-can-be.html
😁7πŸ”₯1
⚠️ Mexican banking customers are being targeted through fake CAPTCHA pages that trick them into running a PowerShell command.

That installs SCMBANKER, a toolkit that watches banking sessions, swaps CLABE and card numbers, and can trigger vishing overlays or Remote Utilities by IP.

Read: https://thehackernews.com/2026/07/scmbanker-malware-uses-clickfix-lures.html
πŸ‘4πŸ”₯2πŸ‘1😱1
⚑Just dropped: SAIL 2.0 - the free and open-source framework for agentic AI security.

SAIL v1 gained more than 50,000 downloads and helped security teams build practical AI security roadmaps.

Now, SAIL 2.0 evolves that foundation for the agentic landscape, bringing a practical, process-oriented approach to:

βœ… Build an AI security roadmap and benchmark maturity, phase by phase.
βœ… Drive vendor assessments and RFPs with agentic-literate questions.
βœ… Turn standards mappings into compliance checklists across the EU AI Act, ISO 42001, OWASP, DASF, and AIUC-1.
βœ… Prioritize controls by zone, asset, risk, and agent autonomy.

Download for free the PDF, or use the SAIL Skill: https://thn.news/sail-framework
😁2πŸ‘1πŸ”₯1
🚨 Ubiquiti fixed 7 critical UniFi flaws across Connect, Talk, Access, Protect, and UniFi OS.

Attackers with network access could use them for command execution, privilege escalation, or unauthorized device changes.

Read details here - https://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html
πŸ”₯1😁1
⚠️ New attack can turn AI coding assistants into BOTNET installers.

Register a hallucinated repo name, hide prompt-injection instructions inside it, and wait for coding agents to fetch the wrong resource.

Here's how HalluSquatting works - https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html
πŸ”₯8πŸ‘3πŸ‘2
EvilTokens phishing can look clean during URL checks.

The real page stays encrypted until it opens in the victim’s browser, then uses Microsoft device-code phishing to push toward Microsoft 365 account takeover.

The blind spot is browser visibility, not just email scanning.

Read: https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html
πŸ‘2
🚨 Your developers’ AI coding assistants are tripping endpoint alarms built to catch intruders.

Sophos says #Claude Code, Cursor, and OpenAI Codex triggered rules for DPAPI browser credential access, cmdkey /list, certutil-to-bitsadmin downloads, and startup-folder writes.

Read the full story: https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html
πŸ”₯3πŸ‘2