The Hacker News
βœ”
162K subscribers
3.42K photos
22 videos
4 files
9.39K links
⭐ Official THN Telegram Channel β€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.

πŸ“¨ Contact: admin@thehackernews.com

🌐 Website: https://thehackernews.com
Download Telegram
This media is not supported in your browser
VIEW IN TELEGRAM
🚨 Six new flaws in U-Boot, the software that boots everything from routers to servers.

A booby-trapped firmware image can crash the device, or on some, run the attacker's code, all before startup finishes and before anything checks the image is safe.

Read details here: https://thehackernews.com/2026/07/six-new-u-boot-flaws-could-let.html
πŸ”₯4😁3⚑1
🚨 Attackers compromised Injective Labs’ #GitHub repo and published npm package 1.20.21 with code that sent crypto wallet private keys and seed phrases to an external server.

Users should update to 1.20.23 and rotate exposed secrets.

Read more: https://thehackernews.com/2026/07/injective-labs-github-compromise-pushes.html
πŸ”₯7⚑2
🚨 URGENT SECURITY WARNING πŸ ’ Progress ordered ShareFile customers to shut down on-premises Storage Zone Controllers over a β€œcredible external security threat.”

Progress told THN it disabled accounts as a precaution and has no indication of unauthorized access.

Read what is known so far - https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html
πŸ‘7πŸ”₯5πŸ€”2⚑1
🚨 Zimbra has fixed a critical stored XSS flaw in its Classic Web Client.

A crafted email could run malicious code when opened and expose mailbox information, session data, or account settings.

Read the full story on THN πŸ – https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html

Zimbra has not reported in-the-wild exploitation. Update to version 10.1.19.
⚑5πŸ”₯1
UPDATE - Meta has removed the Muse Image feature that let users @-mention public #Instagram accounts.

The tool could use their posts, reels, or videos to create AI images.

Meta said it β€œmissed the mark” after backlash over abuse risks.

Read: https://thehackernews.com/2026/07/metas-new-ai-image-tool-lets-others-use.html
😁16πŸ€”7πŸ‘4
🚨 Four malware clusters targeted Pakistani police with PlugX, ShadowPad, Remcos, and Cobalt Strike.

At Balochistan Police, attackers used a hacked complaint portal to deliver malware.

Read the full report: https://thehackernews.com/2026/07/hackers-weaponize-balochistan-police.html
πŸ”₯10😁3😱2
πŸ›‘ ALERT - The official #jscrambler npm package has been compromised.

Version 8.14.0 drops a Rust infostealer during npm install, stealing cloud keys, crypto wallets, browser logins, and AI coding-tool and MCP credentials.

Read analysis and what to do: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html
😁10🀯8πŸ‘2πŸ”₯1πŸ€”1
UPDATE: jscrambler npm compromise hit five versions, not one.

Socket links 8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.0 to the same actor. Jscrambler says a stolen publishing credential was used.

Later versions moved beyond preinstall, so --ignore-scripts would not block them. Upgrade to 8.22.0 and audit affected systems.

Read: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html
πŸ‘9⚑2πŸ”₯2
🚨 Joomla sites running iCagenda or Balbooa Forms face two exploited CVSS 10.0 flaws now in CISA’s KEV catalog.

Both allow attackers to upload PHP files and execute code on affected servers.

What the attacks looked like and what admins should check: https://thehackernews.com/2026/07/icagenda-and-balbooa-forms-joomla-flaws.html
πŸ”₯8πŸ‘4
πŸ›‘ One open directory exposed three Microsoft 365 phishing operations.

The operations used two paths into #Microsoft 365: Evilginx session theft and device code phishing. One campaign logged 218 captured accounts across 12 countries, 94% of them corporate mailboxes.

Read the full investigation: http://thehackernews.com/2026/07/misconfigured-server-reveals-three.html
πŸ‘6😁4πŸ”₯2πŸ‘2
⚠️ An attacker used compromised credentials to access a domain-joined Windows Server over RDP, then ran a suspected AI-generated PowerShell script to map Active Directory.

The script was noisy, aggressive, and oddly helpful.

Read how researchers traced it: https://thehackernews.com/2026/07/attacker-uses-suspected-ai-generated.html
πŸ”₯6πŸ‘3πŸ€”2
AI SOCs do not fail because Claude or Codex are useless. They fail when teams use them for the wrong job.

Research cited in this article says 98% of alerts can be resolved autonomously, while less than 2% warrant human review.

The problem is where the human and agent judgment starts.

Learn more: https://thehackernews.com/2026/07/thinking-fast-and-slow-in-soc-case-for.html
πŸ‘5πŸ”₯3
⚑ Meta just filed a patent for an Artificial Intelligence (AI) that listens through your day and logs how you're feeling.

Not a mood check here and there, but a timestamped record of your emotions, keyed to where you are and what you're doing.

And it doesn't stop at your voice.

What else it reads, and whether Meta is actually building it: https://thehackernews.com/2026/07/meta-files-patent-for-ai-that-can.html
🀯17😱8πŸ€”6πŸ”₯3πŸ‘2
🚨 Forg365 targets Microsoft 365 with device code and AitM phishing.

This $400/month service can use a legitimate Microsoft sign-in to authorize an attacker-controlled session, with tools for post-compromise mailbox operations.

How the attack works: https://thehackernews.com/2026/07/forg365-phaas-targets-microsoft-365.html
😁4πŸ”₯2
πŸ›‘ [New] One email could rewrite what an inbox-reading AI assistant remembers about you.

MemGhost adds false information to an AI agent’s memory and changes what it says later. In #OpenClaw lab tests, the change could stay hidden from the user.

How it works, and what limits it: https://thehackernews.com/2026/07/new-memghost-attack-plants-persistent.html
⚑3πŸ”₯2😁2
Media is too big
VIEW IN TELEGRAM
"AI changed both sides of this fight.” Stephen Sims is keynoting AND teaching at Network Security 2026, bringing offensive security expertise straight into the classroom. Caesars Palace, Vegas | Sept 21–26.

His code SIMS777 = $777 off any course πŸ‘‰ https://thn.news/cyber-training-sans
πŸ‘3πŸ”₯1😁1
⚑ THN Recap: Before you start the week, know what's out there:

β–ͺ️ ShareFile servers pulled offline
β–ͺ️ npm package hijacked to drop infostealer
β–ͺ️ Critical Zimbra email flaw patched
β–ͺ️ GigaWiper backdoor wipes disks
β–ͺ️ 1.4M WordPress sites targeted
β–ͺ️ Citrix Bleed 2 leads to ransomware
β–ͺ️ AI coding assistants tricked into malware
β–ͺ️ Django flaw actively exploited
β–ͺ️ Fake VPN installer drops RAT
β–ͺ️ Helix crew hits SharePoint data

Full recap β†’ https://thehackernews.com/2026/07/weekly-recap-sharefile-threat-citrix.html
⚑4πŸ”₯1πŸ‘1πŸ€”1
🚨 Google and Microsoft pulled ModHeader after researchers found a dormant browsing-history collector inside its genuine store build.

The extension had roughly 1.6 million installs across Chrome and Edge, with most of the collection pipeline already in place.

Here's how it stayed hidden - https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html
πŸ”₯7
CrashStealer uses a signed and Apple-notarized macOS dropper to pass Gatekeeper checks.

Once launched, it can steal browser credentials, wallet data, password manager records, files, and keychain material.

How the attack chain works: https://thehackernews.com/2026/07/crashstealer-macos-malware-uses.html
πŸ‘6πŸ”₯2
🚨 Hackers spent a year stealing data from #Salesforce environments without exploiting a single platform flaw.

#Microsoft mapped the ShinyHunters-linked activity to trusted OAuth apps, stolen vendor tokens, and misconfigured guest access while sign-in monitoring stayed quiet.

How the three attack paths worked: https://thehackernews.com/2026/07/microsoft-maps-year-long-shinyhunters.html
🀯14πŸ”₯4πŸ€”4😁2
🚨 148 npm packages disguised as student web proxies turned visitors’ browsers into a DDoS botnet.

The code never ran at install time. It waited inside working proxy sites, beyond scanners focused on install-time behavior.

Here's how the campaign worked: https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html
πŸ‘7πŸ”₯7😁2