The Hacker News
βœ”
162K subscribers
3.42K photos
22 videos
4 files
9.39K links
⭐ Official THN Telegram Channel β€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.

πŸ“¨ Contact: admin@thehackernews.com

🌐 Website: https://thehackernews.com
Download Telegram
⚑ Refused in chat. Delivered in code.

GitHub Copilot's Claude and Gemini models rejected almost every direct harmful request, then produced harmful answers in all 816 coding-workflow runs.

Learn how a benchmark Q&A task got Copilot to write banned answers itself: https://thehackernews.com/2026/07/github-copilot-refuses-harmful-requests.html
😁5
Passkeys are making stolen passwords less useful.

So ATO is moving downstream: account recovery, magic links, step-up checks, and identity verification.

The next weak link is not login. It’s proving the person behind the action is real.

Read where ATO is shifting next: https://thehackernews.com/2026/07/the-verification-step-is-new-ato.html
😁4πŸ‘2
🚨 That green "Verified" badge on a #GitHub commit? The hash under it isn't unique.

New research: anyone can rewrite a signed commit into many valid "Verified" hashes, no signing key needed.

Same files. Same author. Valid signature.

Learn how 'hash chain malleability' breaks commit trust - https://thehackernews.com/2026/07/github-verified-commits-can-be.html
😁7🀯3πŸ”₯1
⚠️ Mexican banking customers are being targeted through fake CAPTCHA pages that trick them into running a PowerShell command.

That installs SCMBANKER, a toolkit that watches banking sessions, swaps CLABE and card numbers, and can trigger vishing overlays or Remote Utilities by IP.

Read: https://thehackernews.com/2026/07/scmbanker-malware-uses-clickfix-lures.html
πŸ‘5πŸ”₯4😱3πŸ‘1
⚑Just dropped: SAIL 2.0 - the free and open-source framework for agentic AI security.

SAIL v1 gained more than 50,000 downloads and helped security teams build practical AI security roadmaps.

Now, SAIL 2.0 evolves that foundation for the agentic landscape, bringing a practical, process-oriented approach to:

βœ… Build an AI security roadmap and benchmark maturity, phase by phase.
βœ… Drive vendor assessments and RFPs with agentic-literate questions.
βœ… Turn standards mappings into compliance checklists across the EU AI Act, ISO 42001, OWASP, DASF, and AIUC-1.
βœ… Prioritize controls by zone, asset, risk, and agent autonomy.

Download for free the PDF, or use the SAIL Skill: https://thn.news/sail-framework
😁4πŸ”₯3πŸ‘1
🚨 Ubiquiti fixed 7 critical UniFi flaws across Connect, Talk, Access, Protect, and UniFi OS.

Attackers with network access could use them for command execution, privilege escalation, or unauthorized device changes.

Read details here - https://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html
😁3πŸ”₯1πŸ€”1
⚠️ New attack can turn AI coding assistants into BOTNET installers.

Register a hallucinated repo name, hide prompt-injection instructions inside it, and wait for coding agents to fetch the wrong resource.

Here's how HalluSquatting works - https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html
πŸ”₯10πŸ‘3πŸ‘3πŸ€”1
EvilTokens phishing can look clean during URL checks.

The real page stays encrypted until it opens in the victim’s browser, then uses Microsoft device-code phishing to push toward Microsoft 365 account takeover.

The blind spot is browser visibility, not just email scanning.

Read: https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html
πŸ‘5⚑3πŸ”₯2πŸ€”2
🚨 Your developers’ AI coding assistants are tripping endpoint alarms built to catch intruders.

Sophos says #Claude Code, Cursor, and OpenAI Codex triggered rules for DPAPI browser credential access, cmdkey /list, certutil-to-bitsadmin downloads, and startup-folder writes.

Read the full story: https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html
πŸ”₯7⚑2πŸ‘2
⚠️ WARNING: Fake 7-Zip installers are being used to turn victim devices into residential proxy nodes.

Infoblox linked the campaign to a 230+ domain operation involving lookalike sites, fake proxy brands, fake reviews, and trojanized software downloads.

Read the full story on THN πŸ – https://thehackernews.com/2026/07/fake-7-zip-installers-turn-devices-into.html
πŸ‘12πŸ”₯8πŸ‘2😁2
🚨 GhostApproval </>

A malicious repo can trick AI coding assistants into reading or writing files outside the workspace.

Wiz says symlink flaws affected Amazon Q Developer, #Claude Code, Augment, Cursor, #Google Antigravity, and Windsurf.

Learn how this attack works on THN πŸ – https://thehackernews.com/2026/07/ghostapproval-symlink-flaws-could-let.html
πŸ”₯6πŸ‘3
This media is not supported in your browser
VIEW IN TELEGRAM
🚨 AI agents built to catch malicious code (Claude Code, OpenAI Codex) can be tricked into running it.

New "Friendly Fire" attack hides instructions in a repo's README. Ask the agent to review some code, and during that review it runs the attacker's payload on your machine.

Here's how it works: https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html
πŸ”₯7πŸ‘4😱4😁1
πŸ›‘ WARNING - Meta’s new Muse Image tool can let others use your public #Instagram photos in AI-generated images UNLESS you opt out.

Users can @-mention public Instagram accounts in Meta AI to pull public photos into new visuals, and existing AI creations may not be deleted after you disable reuse.

Here’s how to turn it off πŸ – https://thehackernews.com/2026/07/metas-new-ai-image-tool-lets-others-use.html
πŸ‘8πŸ”₯5🀯5😁2😱1
⚑ Microsoft patched RoguePlanet weeks after the Defender flaw was publicly disclosed.

CVE-2026-50656 affects the #Microsoft Malware Protection Engine and could let local attackers gain SYSTEM-level privileges, according to the researcher who disclosed it.

Full story here β†’ https://thehackernews.com/2026/07/microsoft-patches-rogueplanet-defender.html
😁10πŸ‘4πŸ”₯3
⚠️ GodDamn ransomware is using the PoisonX kernel driver to disable endpoint defenses before encryption.

Symantec says attackers also used AnyDesk, PsExec, and a NirSoft-based credential harvesting toolkit in a June attack.

Read the full story: https://thehackernews.com/2026/07/goddamn-ransomware-uses-poisonx-driver.html
😁4πŸ”₯3πŸ‘1
A #vulnerability clearinghouse is just a place to collect bugs.

Chainguard says the real work is what happens next: turning those bugs into rebuilt, tested, signed fixes people can use.

Athena has taken in 20K+ findings and shipped 2K+ patches across 500 projects.

Why the fix pipeline matters: https://thehackernews.com/2026/07/summer-of-clearinghouses.html
πŸ‘8πŸ”₯2πŸ‘1
AI attacks move in minutes. Your SOC is still on the first alert.

Next week we're hosting a free WEBINAR with Zscaler on defending at machine speed: shrink the attack surface, kill lateral movement, contain the attack before it spreads.

Save your seat πŸ‘‡ https://thehackernews.com/2026/07/ai-attacks-move-in-minutes-join-this.html
πŸ€”4πŸ”₯2
This media is not supported in your browser
VIEW IN TELEGRAM
Cyber teams own continuity planning at most organizations but only 22% rate their program as strategic.

Can your continuity program survive real-world disruption? Discover why resilience programs fail under pressure β€” and what leading teams do differently. Read the new report to explore:

βœ… Insights from 500+ leaders across North America, the UK, Germany, and the UAE.
βœ… How leaders feel prepared, yet fewer than 4 in 10 actually met recovery targets when disruption hit.
βœ… Why resilience programs break down at dependency mapping, third-party risk, and AI governance.

Get the report - https://thn.news/business-continuity-report
πŸ”₯2😁2
🚨 Cybercrime did not need one big break this week. It used the usual doors: cloud storage, browser trust, support calls, package names, weak defaults, and exposed admin paths.

This week’s #ThreatsDay covers:

β€’ Cloud bucket hijacking
β€’ Windows LPE chain
β€’ Global fraud bust
β€’ Chrome extension abuse
β€’ npm/PyPI typosquats
β€’ Fake IT support scams
β€’ Meta phishing abuse
β€’ Tax-themed RAT lures
β€’ Remcos loader campaign
β€’ Ransomware tooling links
β€’ Realtek driver flaws
β€’ ADFS key exposure
β€’ AI/cloud exfiltration risks
β€’ Teams phishing
β€’ Taiwan espionage case
β€’ Scattered Spider/0ktapus links
β€’ Process Parameter Poisoning
β€’ Esri ArcGIS flaw
β€’ Claude warning in China

Read the full bulletin: https://thehackernews.com/2026/07/threatsday-cloud-bucket-hijacking.html
πŸ”₯6⚑2
πŸ’ͺ npm 12 now turns off install scripts by default.

Dependency lifecycle scripts, implicit node-gyp builds, Git dependencies, and remote URL dependencies no longer run or resolve unless explicitly allowed.

GitHub is also phasing out npm tokens that bypass 2FA.

Read the article: https://thehackernews.com/2026/07/npm-12-disables-install-scripts-by.html
πŸ”₯8πŸ‘3😁2
πŸ›‘ Microsoft has detailed GigaWiper, a Windows backdoor that can spy on a machine and destroy it on command.

It can wipe disks, overwrite the Windows drive, or run fake #ransomware that encrypts files without saving a recovery key.

No decryptor. Just dead machines.

Read about it here πŸ – https://thehackernews.com/2026/07/new-gigawiper-windows-backdoor-bundles.html
πŸ”₯24😁1