π¨ New GoSerpent malware has targeted government and diplomatic entities across Southeast Asia since late 2025.
It gives attackers long-term access, steals credentials, collects sensitive files, and routes traffic through compromised hosts.
Inside the campaign: https://thehackernews.com/2026/07/new-goserpent-malware-targets-southeast.html
It gives attackers long-term access, steals credentials, collects sensitive files, and routes traffic through compromised hosts.
Inside the campaign: https://thehackernews.com/2026/07/new-goserpent-malware-targets-southeast.html
π5π₯1
π A single command pasted into Windows Run can give ACR Stealer your browser passwords, live session tokens, PDFs, and Microsoft 365 files.
One ClickFix chain hides its payload inside a JPEG and runs almost entirely in memory.
See how it gets in and what it steals: https://thehackernews.com/2026/07/acr-stealer-uses-clickfix-lures-to.html
One ClickFix chain hides its payload inside a JPEG and runs almost entirely in memory.
See how it gets in and what it steals: https://thehackernews.com/2026/07/acr-stealer-uses-clickfix-lures-to.html
π₯9π6
β‘ Armenia has detained a Russian tourist on a U.S. extradition request for a REvil #ransomware suspect with the same name.
His lawyers say authorities have the wrong man.
The wanted Ermakov reportedly cannot leave Russia and has checked in with the prison service every month since 2024.
Hereβs what happened: https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html
His lawyers say authorities have the wrong man.
The wanted Ermakov reportedly cannot leave Russia and has checked in with the prison service every month since 2024.
Hereβs what happened: https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html
π7π2π2π±2
π₯ European Union (EU) has ordered Google to open #Android features to rival AI assistants, including the camera, microphone, screen contents, locked-screen hotwords, and background app control.
Consent still applies. For six features, Google cannot require certification.
Here's what changes, and when - https://thehackernews.com/2026/07/eu-orders-google-to-open-android-mic.html
Consent still applies. For six features, Google cannot require certification.
Here's what changes, and when - https://thehackernews.com/2026/07/eu-orders-google-to-open-android-mic.html
π±6π€5π₯3π€―2π1
Military autonomy is not just a platform race. It is an information infrastructure challenge.
Drones, vessels, satellites, AI systems, and allies must exchange trusted mission data across platforms and security domains.
Why the future force depends on what connects it: https://thehackernews.com/2026/07/the-race-to-field-military-autonomy-is.html
Drones, vessels, satellites, AI systems, and allies must exchange trusted mission data across platforms and security domains.
Why the future force depends on what connects it: https://thehackernews.com/2026/07/the-race-to-field-military-autonomy-is.html
π3π₯2
π¨ A fake coding test can be the whole attack.
North Korea-linked hackers are hiding malware across ordinary-looking SVG flag images. Run the project, and it assembles an OtterCookie-aligned toolkit that steals browser credentials, crypto wallet data, files, and clipboard contents, then opens a SocketIO backdoor.
Read the full attack chain: https://thehackernews.com/2026/07/north-korea-linked-hackers-hide.html
North Korea-linked hackers are hiding malware across ordinary-looking SVG flag images. Run the project, and it assembles an OtterCookie-aligned toolkit that steals browser credentials, crypto wallet data, files, and clipboard contents, then opens a SocketIO backdoor.
Read the full attack chain: https://thehackernews.com/2026/07/north-korea-linked-hackers-hide.html
π₯8π€―5π4β‘3
This media is not supported in your browser
VIEW IN TELEGRAM
π¨ Attackers are targeting the datacenters that train, host, and serve AI, not just the AI models themselves.
Lava has released FORGE: The Top 10 Data Center & AI Infrastructure Security Risks: https://thn.news/forge-framework
Built with security leaders and practitioners across neoclouds, HPC, and enterprise security β open, free, and made to evolve.
Lava has released FORGE: The Top 10 Data Center & AI Infrastructure Security Risks: https://thn.news/forge-framework
Built with security leaders and practitioners across neoclouds, HPC, and enterprise security β open, free, and made to evolve.
π12π₯1
π¨ CylindricalCanine breached two DigiCert support workstations with a fake screenshot ZIP.
The group obtained EV code-signing certificates to sign Zhong Stealer. DigiCert revoked 60, including 27 linked to the group.
Read how the support chat breach led to signed malware: https://thehackernews.com/2026/07/goldeneyedog-subgroup-linked-to.html
The group obtained EV code-signing certificates to sign Zhong Stealer. DigiCert revoked 60, including 27 linked to the group.
Read how the support chat breach led to signed malware: https://thehackernews.com/2026/07/goldeneyedog-subgroup-linked-to.html
π₯6
π New NadMesh botnet malware hunts exposed AI services for AWS keys and Kubernetes tokens.
It targets ComfyUI, Ollama, n8n, Gradio, and MCP deployments, pulling cloud credentials, Docker configs, and model access from compromised hosts.
How the botnet works and survives removal: https://thehackernews.com/2026/07/new-nadmesh-botnet-hunts-exposed-ai.html
It targets ComfyUI, Ollama, n8n, Gradio, and MCP deployments, pulling cloud credentials, Docker configs, and model access from compromised hosts.
How the botnet works and survives removal: https://thehackernews.com/2026/07/new-nadmesh-botnet-hunts-exposed-ai.html
π₯3π1
β οΈ Seven malicious npm packages are targeting Vite developers.
They stay quiet during installation. Import one, and it starts a RAT delivery chain that can steal credentials, exfiltrate files, and open a reverse shell.
The attacker stores the delivery path in public blockchain transactions.
See the affected packages and full attack chain: https://thehackernews.com/2026/07/seven-malicious-vite-npm-packages-use.html
They stay quiet during installation. Import one, and it starts a RAT delivery chain that can steal credentials, exfiltrate files, and open a reverse shell.
The attacker stores the delivery path in public blockchain transactions.
See the affected packages and full attack chain: https://thehackernews.com/2026/07/seven-malicious-vite-npm-packages-use.html
π₯2π1
π OpenSSL quietly fixed HollowByte, a flaw where an 11-byte TLS request can reserve up to 131 KB of server memory per connection.
On the glibc systems researchers tested, that memory remained frozen until restart.
Full details: https://thehackernews.com/2026/07/openssl-hollowbyte-flaw-could-freeze.html
On the glibc systems researchers tested, that memory remained frozen until restart.
Full details: https://thehackernews.com/2026/07/openssl-hollowbyte-flaw-could-freeze.html
π₯6
π URGENT - A single anonymous HTTP request can run code on an unpatched #WordPress 6.9 or 7.0 site, even on a default install with zero plugins.
The new wp2shell flaw sits in core and still has no CVE for scanners to match.
Affected releases and mitigations π https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html
The new wp2shell flaw sits in core and still has no CVE for scanners to match.
Affected releases and mitigations π https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html
π₯10π2