The Hacker News
โœ”
162K subscribers
3.42K photos
22 videos
4 files
9.39K links
โญ Official THN Telegram Channel โ€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.

๐Ÿ“จ Contact: admin@thehackernews.com

๐ŸŒ Website: https://thehackernews.com
Download Telegram
๐Ÿšจ Cursor on Windows can silently run an attacker-supplied binary when a developer opens a cloned repository.

A repo-root git.exe is enough. No prompt, agent, approval, or prior access. It runs as the logged-in user.

Reported in December. Still unpatched.

How it works and what stops it: https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html
๐Ÿ˜ฑ3๐Ÿ˜2
One approved marketing tag can quietly load unvetted fourth-party code into your site.

Those scripts can access forms, checkout fields, and customer data long after the original vendor review.

How the approval gap forms: https://thehackernews.com/2026/07/new-webinar-closing-approval-gap-in-ai.html
๐Ÿ›‘ Right after #Microsoftโ€™s July Patch Tuesday, Chaotic Eclipse dropped a Windows 0-Day PoC that still works on every supported desktop and server release.

It is the latest turn in the researcherโ€™s months-long dispute with Microsoft.

Here's what LegacyHive exploit can do - https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html
๐Ÿ”ฅ9๐Ÿ˜6๐Ÿค”2
Traditional SASE sees the HTTPS connection to an LLM, not the intent inside it.

An AI agent can use MCP tools to pull proprietary code or internal documents while the proxy sees only valid encrypted traffic.

What changes at the point of interaction: https://thehackernews.com/2026/07/sase-has-ai-blind-spot-inspecting.html
๐Ÿ‘2
This media is not supported in your browser
VIEW IN TELEGRAM
AI-driven threats move daily, but most security programs still rely on week-old spreadsheets to report risk to the board.

Join next weekโ€™s Axonius webinar as Frederico Hakamine breaks down how to close this reporting gap with automated baselines and metrics that stand up to executive scrutiny.

Cyber Metrics That Matter in the Age of AI >> https://thn.news/cyber-metrics
๐Ÿšจ Public exploit code is available for two critical #Firefox flaws.

Google fixed 15 #Chrome bugs, #Adobe patched 88 vulnerabilities across ColdFusion, Commerce, Experience Manager, and Illustrator, and Broadcom closed a critical #VMware Avi authentication bypass.

Full patch roundup: https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html
๐Ÿ‘5๐Ÿ‘1
โš ๏ธ On an infected Windows PC, OkoBot can make a fake seed phrase request appear inside the real Ledger Live or Trezor Suite app.

The app looks genuine because it is genuine. The request is not.

It may even wait until you plug in the hardware wallet.

Here's how this trap works: https://thehackernews.com/2026/07/okobot-malware-framework-injects-seed.html
๐Ÿ˜ฑ7๐Ÿ˜4๐Ÿ”ฅ2๐Ÿ‘2
โš ๏ธ Researchers found raw LLM reasoning and an AI safety disclaimer left inside TuxBot v3 Evolution.

The unfinished IoT botnet packs 1,496 Telnet credential pairs and exploit code for more than 30 device families.

What already works: https://thehackernews.com/2026/07/tuxbot-v3-evolution-shows-signs-of-llm.html
๐Ÿ‘7๐Ÿ”ฅ3
๐Ÿšจ Zoom has patched a 9.8-rated Windows flaw that could let an unauthenticated attacker take over accounts via network access.

CVE-2026-53412 affects the Desktop Client, VDI Client, and Meeting SDK.

Affected versions and update details: https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html
๐Ÿ˜7๐Ÿ‘3๐Ÿ”ฅ1
A valid login is not always enough.

A password may let someone read an account, but not change payout details. OIDC AMR, ACR, and SAML AuthnContext help applications decide when stronger proof is required.

How each signal works: https://thehackernews.com/expert-insights/2026/07/authncontext-and-amr-we-remember-what.html
๐Ÿ”ฅ1
โšก OpenAI built an AI model to attack its own AI models.

GPT-Red develops prompt injections automatically. In one test, it got an AI vending machine to order a $100 item for $0.50 and cancel another customerโ€™s order.

Read more on GPT-Red ยป https://thehackernews.com/2026/07/openais-gpt-red-automates-prompt.html
๐Ÿ˜14๐Ÿ”ฅ1
๐Ÿ›‘ ALERT - Pull one certificate from a Shark robot vacuum, and it could run root commands on other Shark vacuums across the same AWS region.

In 24 hours, a researcher saw 673,816 devices return Exec_Response, which he treats as confirmation that they support the command handler.

Read how it worked - https://thehackernews.com/2026/07/unpatched-shark-vacuum-flaw-could-let.html
๐Ÿ”ฅ6๐Ÿ‘5
AI can generate polished vulnerability reports, payloads, and severity scores in seconds.

That does not prove the bug is reachable, exploitable, or even real. Without validation, faster testing becomes faster noise.

Why offensive security still runs on proof: https://thehackernews.com/2026/07/ai-can-find-bugs-but-human-knowledge.html
๐Ÿ‘3๐Ÿ”ฅ2๐Ÿค”1
โš ๏ธ Stupig can run SYSTEM commands from the Windows logon screen before anyone signs in.

The previously unreported backdoor surfaced alongside Daxin on a #Taiwan manufacturerโ€™s host, where the intrusion may have gone unnoticed for 13 years.

How it hides inside Windows logon: https://thehackernews.com/2026/07/daxin-resurfaces-in-taiwan-alongside.html
๐Ÿ”ฅ5๐Ÿคฏ4๐Ÿ‘1๐Ÿ˜1
๐Ÿ›‘ Claude Code, Codex, Gemini CLI, and three browser agents were vulnerable to an attack that makes forged data look trusted.

It could lead to wrong clicks or running an attackerโ€™s command, even when the user is asked to approve the action.

Why current defenses miss it: https://thehackernews.com/2026/07/new-agent-data-injection-attack-can.html
๐Ÿค”2๐Ÿ”ฅ1
๐Ÿ›‘ ClickLock Stealer turns a Mac into a password trap.

Cancel its fake prompt, and at the next login it kills Finder, Terminal, Activity Monitor, and major browsers every 210 milliseconds until a valid password is entered.

The desktop comes back. One implant stays.

How the trap works: https://thehackernews.com/2026/07/new-clicklock-macos-stealer-kills-apps.html
๐Ÿ”ฅ4
๐Ÿ”ฅ Hidden Infrastructure Exposed: ANY.RUN Reveals Hijacked Gov Websites Delivering Malware.

ANY.RUN's latest threat investigation uncovered previously undocumented backdoors and relationships behind the active PhantomEnigma campaign.

By connecting hundreds of seemingly unrelated sandbox sessions, the analysts exposed the full scope of attacks targeting banks and public agencies.

Read the exclusive report โ†“ https://thehackernews.com/2026/07/20-hijacked-government-websites.html
๐Ÿ”ฅ3
๐Ÿšจ ClickFix now delivers TELEPUZ, a new modular Windows malware.

Paste the command behind a fake browser fix, and it can steal browser cookies, log keystrokes, capture screenshots, and run operator commands.

How the attack chain gets there: https://thehackernews.com/2026/07/new-telepuz-malware-spreads-via.html
๐Ÿ”ฅ3
Phishing pages aren't the attack. They're the last step.

Before that there's a funnel: search ads, social content, fake storefronts, AI creative. Built like real marketing, because it is real marketing. Just pointed at fraud instead of conversions.

Bolster AI's CEO Rod Schultz and Lead Security Analyst Lauren Barer break down how these funnels work and what to catch before fraud spreads in our webinar.

Register for the webinar here: https://thn.news/mythos-webcast
๐Ÿ‘5๐Ÿ”ฅ2
โšก A flaw in #n8nโ€™s Enterprise token exchange could let a valid JWT from one trusted issuer log its holder into an account tied to another.

The token is valid. The account is not theirs. The victimโ€™s password never enters the picture.

Here's how the identity check failed: https://thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html
๐Ÿ˜4
๐ŸŽฎ Game-cheat spyware
๐Ÿงฉ Fake installer RATs
โฑ๏ธ Network encrypted in under 24 hours

Also this week:
โ–ธ 290 fake GitHub repos
โ–ธ Chrome Sync stalking
โ–ธ OAuth phishing
โ–ธ Windows EDR bypasses
โ–ธ Major fraud busts
โ–ธ 3,900 threat servers mapped

Read the full ThreatsDay Bulletin: https://thehackernews.com/2026/07/threatsday-game-cheat-spyware-24-hour.html
๐Ÿ‘2