The Hacker News
βœ”
162K subscribers
3.42K photos
22 videos
4 files
9.39K links
⭐ Official THN Telegram Channel β€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.

πŸ“¨ Contact: admin@thehackernews.com

🌐 Website: https://thehackernews.com
Download Telegram
⚠️ A RabbitMQ flaw can leak an OAuth client secret in one unauthenticated request, potentially giving attackers full broker control in affected setups.

A second bug lets logged-in users read queue and exchange metadata beyond their permissions.

Details: https://thehackernews.com/2026/07/rabbitmq-flaws-could-leak-oauth-secrets.html
😁5
⚑ Pentera’s MCP Server gives AI assistants validated attack paths, not just scanner scores.

A critical finding may be unreachable, while a medium-severity flaw may be the one that leads to privileged access.

How validation changes the workflow: https://thehackernews.com/2026/07/how-pentera-turns-ai-security-workflows.html
πŸ‘4😁3
UPDATE: Progress has restored ShareFile Storage Zone Controllers.

Progress Software told The Hacker News it patched a high-severity flaw in versions 5.x and 6.x. It found no evidence of account or data access and no active threat.

No CVE or actor was named.

Read: https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html
πŸ”₯1
⚠️ LabubaRAT masquerades as NVIDIA software on Windows.

The Rust-based RAT profiles 12 security products and can run commands, move files, capture screenshots, and proxy traffic through the infected host.

Here's how it stays connected: https://thehackernews.com/2026/07/labubarat-masquerades-as-nvidia.html
πŸ”₯6
πŸ›‘ Claude for Chrome still lets another extension running on claude[.]ai trigger tasks that read Gmail, Docs, and Calendar.

One approval click remains by default. With β€œAct without asking” enabled, the same task runs silently.

Eight releases later, the path is still open.

How it works: https://thehackernews.com/2026/07/claude-for-chrome-flaw-lets-other.html
πŸ”₯4
SAP patched a CVSS 9.9 NetWeaver ABAP flaw that could let an authenticated attacker access or modify data, or knock systems offline.

The same update fixes a Commerce Cloud issue tied to publicly documented sample OAuth credentials left unchanged in production.

Read : https://thehackernews.com/2026/07/sap-patches-cvss-99-netweaver-abap-flaw.html
πŸ”₯1
πŸ”₯ Microsoft patched a record 622 CVEs, including two exploited zero-days in SharePoint Server and AD FS.

The SharePoint flaw allows remote, unauthenticated privilege escalation. The AD FS bug lets authenticated attackers elevate privileges locally.

Here's what to patch first: https://thehackernews.com/2026/07/microsoft-patches-record-622-flaws.html
πŸ”₯5πŸ€”5πŸ‘2😁1
πŸ›‘ Two SonicWall SMA 1000 zero-days are under active attack, the company says.

One could let authenticated attackers run OS commands as administrator. The other is a CVSS 10.0 SSRF flaw.

What to patch and check: https://thehackernews.com/2026/07/two-sonicwall-sma-1000-zero-days.html
😁6🀯2
🚨 Five poisoned versions of four AsyncAPI npm packages shipped a multi-stage botnet loader.

They carried valid provenance attestations, and the malware ran when affected modules were loaded, not at install time.

How trusted releases carried the malware: https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html
⚑2
🚨 Cursor on Windows can silently run an attacker-supplied binary when a developer opens a cloned repository.

A repo-root git.exe is enough. No prompt, agent, approval, or prior access. It runs as the logged-in user.

Reported in December. Still unpatched.

How it works and what stops it: https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html
😱3😁2
One approved marketing tag can quietly load unvetted fourth-party code into your site.

Those scripts can access forms, checkout fields, and customer data long after the original vendor review.

How the approval gap forms: https://thehackernews.com/2026/07/new-webinar-closing-approval-gap-in-ai.html
πŸ›‘ Right after #Microsoft’s July Patch Tuesday, Chaotic Eclipse dropped a Windows 0-Day PoC that still works on every supported desktop and server release.

It is the latest turn in the researcher’s months-long dispute with Microsoft.

Here's what LegacyHive exploit can do - https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html
πŸ”₯9😁6πŸ€”2
Traditional SASE sees the HTTPS connection to an LLM, not the intent inside it.

An AI agent can use MCP tools to pull proprietary code or internal documents while the proxy sees only valid encrypted traffic.

What changes at the point of interaction: https://thehackernews.com/2026/07/sase-has-ai-blind-spot-inspecting.html
πŸ‘2
This media is not supported in your browser
VIEW IN TELEGRAM
AI-driven threats move daily, but most security programs still rely on week-old spreadsheets to report risk to the board.

Join next week’s Axonius webinar as Frederico Hakamine breaks down how to close this reporting gap with automated baselines and metrics that stand up to executive scrutiny.

Cyber Metrics That Matter in the Age of AI >> https://thn.news/cyber-metrics
🚨 Public exploit code is available for two critical #Firefox flaws.

Google fixed 15 #Chrome bugs, #Adobe patched 88 vulnerabilities across ColdFusion, Commerce, Experience Manager, and Illustrator, and Broadcom closed a critical #VMware Avi authentication bypass.

Full patch roundup: https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html
πŸ‘5πŸ‘1
⚠️ On an infected Windows PC, OkoBot can make a fake seed phrase request appear inside the real Ledger Live or Trezor Suite app.

The app looks genuine because it is genuine. The request is not.

It may even wait until you plug in the hardware wallet.

Here's how this trap works: https://thehackernews.com/2026/07/okobot-malware-framework-injects-seed.html
😱7😁4πŸ”₯2πŸ‘2
⚠️ Researchers found raw LLM reasoning and an AI safety disclaimer left inside TuxBot v3 Evolution.

The unfinished IoT botnet packs 1,496 Telnet credential pairs and exploit code for more than 30 device families.

What already works: https://thehackernews.com/2026/07/tuxbot-v3-evolution-shows-signs-of-llm.html
πŸ‘7πŸ”₯3
🚨 Zoom has patched a 9.8-rated Windows flaw that could let an unauthenticated attacker take over accounts via network access.

CVE-2026-53412 affects the Desktop Client, VDI Client, and Meeting SDK.

Affected versions and update details: https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html
😁7πŸ‘2πŸ”₯1
A valid login is not always enough.

A password may let someone read an account, but not change payout details. OIDC AMR, ACR, and SAML AuthnContext help applications decide when stronger proof is required.

How each signal works: https://thehackernews.com/expert-insights/2026/07/authncontext-and-amr-we-remember-what.html
πŸ”₯1
⚑ OpenAI built an AI model to attack its own AI models.

GPT-Red develops prompt injections automatically. In one test, it got an AI vending machine to order a $100 item for $0.50 and cancel another customer’s order.

Read more on GPT-Red Β» https://thehackernews.com/2026/07/openais-gpt-red-automates-prompt.html
😁14πŸ”₯1
πŸ›‘ ALERT - Pull one certificate from a Shark robot vacuum, and it could run root commands on other Shark vacuums across the same AWS region.

In 24 hours, a researcher saw 673,816 devices return Exec_Response, which he treats as confirmation that they support the command handler.

Read how it worked - https://thehackernews.com/2026/07/unpatched-shark-vacuum-flaw-could-let.html
πŸ”₯6πŸ‘5