π ALERT - A VPN is supposed to hide your traffic. A new study says many free #Android VPN apps do not.
Researchers tested 281 popular apps with 2.4B+ installs:
β 29 leak traffic, including visited sites
β 246 contact ad/tracking servers
β 5 could let a same-Wi-Fi attacker hijack the tunnel
The app still says βconnected.β
Check whether yours is listed: https://thehackernews.com/2026/07/study-of-281-free-android-vpn-apps.html
Researchers tested 281 popular apps with 2.4B+ installs:
β 29 leak traffic, including visited sites
β 246 contact ad/tracking servers
β 5 could let a same-Wi-Fi attacker hijack the tunnel
The app still says βconnected.β
Check whether yours is listed: https://thehackernews.com/2026/07/study-of-281-free-android-vpn-apps.html
π11π₯6β‘2π1
π¨ They hacked thousands of sites. Then forgot to lock their own front door.
For 3 weeks, this crew left its server wide open, spilling the whole operation: WP-SHELLSTORM. Inside were 27 known plugin bugs, target lists over 1.4M domains, and thousands of backdoors planted.
Some may still be open on your site.
See what to patch: https://thehackernews.com/2026/07/exposed-hacker-server-reveals-wp.html
For 3 weeks, this crew left its server wide open, spilling the whole operation: WP-SHELLSTORM. Inside were 27 known plugin bugs, target lists over 1.4M domains, and thousands of backdoors planted.
Some may still be open on your site.
See what to patch: https://thehackernews.com/2026/07/exposed-hacker-server-reveals-wp.html
π7π€―7β‘2π₯2
This media is not supported in your browser
VIEW IN TELEGRAM
π¨ XRING has no patch or CVE.
This new unpatched #vulnerability can let a remote, unauthenticated client crash HTTP/3 servers built on Alibaba's XQUIC with about 260 bytes of legal QPACK traffic.
It affects every release through v1.9.4. A public PoC is available.
Read details on THN π https://thehackernews.com/2026/07/unpatched-xring-flaw-in-xquic-lets.html
This new unpatched #vulnerability can let a remote, unauthenticated client crash HTTP/3 servers built on Alibaba's XQUIC with about 260 bytes of legal QPACK traffic.
It affects every release through v1.9.4. A public PoC is available.
Read details on THN π https://thehackernews.com/2026/07/unpatched-xring-flaw-in-xquic-lets.html
π₯10π6
π¨ A Silver Fox-linked #malware distributor is selectively deploying a new backdoor called MODBEACON.
It uses encrypted gRPC streaming for command-and-control and loads additional plugins directly in memory.
Read the full story: https://thehackernews.com/2026/07/new-modbeacon-rat-uses-grpc-streaming.html
It uses encrypted gRPC streaming for command-and-control and loads additional plugins directly in memory.
Read the full story: https://thehackernews.com/2026/07/new-modbeacon-rat-uses-grpc-streaming.html
π₯7
Lumen thought it had 17,000 cyber assets. Then it found 500,000 devices. Today, it tracks about 1.1 million.
The lesson is simple: you cannot fix what you cannot see.
Read how Lumen rebuilt its asset inventory: https://thehackernews.com/2026/07/from-17000-to-11-million-assets-how.html
The lesson is simple: you cannot fix what you cannot see.
Read how Lumen rebuilt its asset inventory: https://thehackernews.com/2026/07/from-17000-to-11-million-assets-how.html
π₯5β‘1π€1
β‘ A researcher showed how three #OpenClaw flaws could have let an external #WhatsApp message trigger host code execution.
The bugs could also expose credentials or enable sandbox escape in vulnerable configurations.
Read the full story on THN π https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html
The bugs could also expose credentials or enable sandbox escape in vulnerable configurations.
Read the full story on THN π https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html
π11π₯4β‘1π1
β οΈ Not dramatic, just worth your attention!
A single laser pulse can reset a Tangem hardware wallet's password and let an attacker drain the funds, no old password or backup card needed.
It can't be patched, but the attack needs the physical card and a $250K lab, and it destroys the card to get in.
Read the full story π https://thehackernews.com/2026/07/laser-attack-resets-tangem-wallet.html
A single laser pulse can reset a Tangem hardware wallet's password and let an attacker drain the funds, no old password or backup card needed.
It can't be patched, but the attack needs the physical card and a $250K lab, and it destroys the card to get in.
Read the full story π https://thehackernews.com/2026/07/laser-attack-resets-tangem-wallet.html
π€―9π₯7π5
This media is not supported in your browser
VIEW IN TELEGRAM
π¨ Six new flaws in U-Boot, the software that boots everything from routers to servers.
A booby-trapped firmware image can crash the device, or on some, run the attacker's code, all before startup finishes and before anything checks the image is safe.
Read details here: https://thehackernews.com/2026/07/six-new-u-boot-flaws-could-let.html
A booby-trapped firmware image can crash the device, or on some, run the attacker's code, all before startup finishes and before anything checks the image is safe.
Read details here: https://thehackernews.com/2026/07/six-new-u-boot-flaws-could-let.html
π₯4π3β‘1
π¨ Attackers compromised Injective Labsβ #GitHub repo and published npm package 1.20.21 with code that sent crypto wallet private keys and seed phrases to an external server.
Users should update to 1.20.23 and rotate exposed secrets.
Read more: https://thehackernews.com/2026/07/injective-labs-github-compromise-pushes.html
Users should update to 1.20.23 and rotate exposed secrets.
Read more: https://thehackernews.com/2026/07/injective-labs-github-compromise-pushes.html
π₯7β‘2
π¨ URGENT SECURITY WARNING π Progress ordered ShareFile customers to shut down on-premises Storage Zone Controllers over a βcredible external security threat.β
Progress told THN it disabled accounts as a precaution and has no indication of unauthorized access.
Read what is known so far - https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html
Progress told THN it disabled accounts as a precaution and has no indication of unauthorized access.
Read what is known so far - https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html
π7π₯5π€2β‘1
π¨ Zimbra has fixed a critical stored XSS flaw in its Classic Web Client.
A crafted email could run malicious code when opened and expose mailbox information, session data, or account settings.
Read the full story on THN π https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html
Zimbra has not reported in-the-wild exploitation. Update to version 10.1.19.
A crafted email could run malicious code when opened and expose mailbox information, session data, or account settings.
Read the full story on THN π https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html
Zimbra has not reported in-the-wild exploitation. Update to version 10.1.19.
β‘5π₯1
UPDATE - Meta has removed the Muse Image feature that let users @-mention public #Instagram accounts.
The tool could use their posts, reels, or videos to create AI images.
Meta said it βmissed the markβ after backlash over abuse risks.
Read: https://thehackernews.com/2026/07/metas-new-ai-image-tool-lets-others-use.html
The tool could use their posts, reels, or videos to create AI images.
Meta said it βmissed the markβ after backlash over abuse risks.
Read: https://thehackernews.com/2026/07/metas-new-ai-image-tool-lets-others-use.html
π16π€7π4
π¨ Four malware clusters targeted Pakistani police with PlugX, ShadowPad, Remcos, and Cobalt Strike.
At Balochistan Police, attackers used a hacked complaint portal to deliver malware.
Read the full report: https://thehackernews.com/2026/07/hackers-weaponize-balochistan-police.html
At Balochistan Police, attackers used a hacked complaint portal to deliver malware.
Read the full report: https://thehackernews.com/2026/07/hackers-weaponize-balochistan-police.html
π₯10π3π±2
π ALERT - The official #jscrambler npm package has been compromised.
Version 8.14.0 drops a Rust infostealer during npm install, stealing cloud keys, crypto wallets, browser logins, and AI coding-tool and MCP credentials.
Read analysis and what to do: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html
Version 8.14.0 drops a Rust infostealer during npm install, stealing cloud keys, crypto wallets, browser logins, and AI coding-tool and MCP credentials.
Read analysis and what to do: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html
π10π€―8π2π₯1π€1
UPDATE: jscrambler npm compromise hit five versions, not one.
Socket links 8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.0 to the same actor. Jscrambler says a stolen publishing credential was used.
Later versions moved beyond preinstall, so --ignore-scripts would not block them. Upgrade to 8.22.0 and audit affected systems.
Read: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html
Socket links 8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.0 to the same actor. Jscrambler says a stolen publishing credential was used.
Later versions moved beyond preinstall, so --ignore-scripts would not block them. Upgrade to 8.22.0 and audit affected systems.
Read: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html
π9β‘2π₯2
π¨ Joomla sites running iCagenda or Balbooa Forms face two exploited CVSS 10.0 flaws now in CISAβs KEV catalog.
Both allow attackers to upload PHP files and execute code on affected servers.
What the attacks looked like and what admins should check: https://thehackernews.com/2026/07/icagenda-and-balbooa-forms-joomla-flaws.html
Both allow attackers to upload PHP files and execute code on affected servers.
What the attacks looked like and what admins should check: https://thehackernews.com/2026/07/icagenda-and-balbooa-forms-joomla-flaws.html
π₯8π4
π One open directory exposed three Microsoft 365 phishing operations.
The operations used two paths into #Microsoft 365: Evilginx session theft and device code phishing. One campaign logged 218 captured accounts across 12 countries, 94% of them corporate mailboxes.
Read the full investigation: http://thehackernews.com/2026/07/misconfigured-server-reveals-three.html
The operations used two paths into #Microsoft 365: Evilginx session theft and device code phishing. One campaign logged 218 captured accounts across 12 countries, 94% of them corporate mailboxes.
Read the full investigation: http://thehackernews.com/2026/07/misconfigured-server-reveals-three.html
π6π4π₯2π2
β οΈ An attacker used compromised credentials to access a domain-joined Windows Server over RDP, then ran a suspected AI-generated PowerShell script to map Active Directory.
The script was noisy, aggressive, and oddly helpful.
Read how researchers traced it: https://thehackernews.com/2026/07/attacker-uses-suspected-ai-generated.html
The script was noisy, aggressive, and oddly helpful.
Read how researchers traced it: https://thehackernews.com/2026/07/attacker-uses-suspected-ai-generated.html
π₯6π3π€2
AI SOCs do not fail because Claude or Codex are useless. They fail when teams use them for the wrong job.
Research cited in this article says 98% of alerts can be resolved autonomously, while less than 2% warrant human review.
The problem is where the human and agent judgment starts.
Learn more: https://thehackernews.com/2026/07/thinking-fast-and-slow-in-soc-case-for.html
Research cited in this article says 98% of alerts can be resolved autonomously, while less than 2% warrant human review.
The problem is where the human and agent judgment starts.
Learn more: https://thehackernews.com/2026/07/thinking-fast-and-slow-in-soc-case-for.html
π5π₯3
β‘ Meta just filed a patent for an Artificial Intelligence (AI) that listens through your day and logs how you're feeling.
Not a mood check here and there, but a timestamped record of your emotions, keyed to where you are and what you're doing.
And it doesn't stop at your voice.
What else it reads, and whether Meta is actually building it: https://thehackernews.com/2026/07/meta-files-patent-for-ai-that-can.html
Not a mood check here and there, but a timestamped record of your emotions, keyed to where you are and what you're doing.
And it doesn't stop at your voice.
What else it reads, and whether Meta is actually building it: https://thehackernews.com/2026/07/meta-files-patent-for-ai-that-can.html
π€―17π±8π€6π₯3π2
π¨ Forg365 targets Microsoft 365 with device code and AitM phishing.
This $400/month service can use a legitimate Microsoft sign-in to authorize an attacker-controlled session, with tools for post-compromise mailbox operations.
How the attack works: https://thehackernews.com/2026/07/forg365-phaas-targets-microsoft-365.html
This $400/month service can use a legitimate Microsoft sign-in to authorize an attacker-controlled session, with tools for post-compromise mailbox operations.
How the attack works: https://thehackernews.com/2026/07/forg365-phaas-targets-microsoft-365.html
π4π₯2