The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 25 min 20 sek zpět

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

15 Červenec, 2026 - 20:43
Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results. "While the AI complied with their request to generate botnet code, it included a safety disclaimer that the developer failed Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

15 Červenec, 2026 - 17:30
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet's own desktop software. Sometimes it waits until you plug the device in first. The page is malicious. The app around it is the real one you installed, and Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

15 Červenec, 2026 - 15:18
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719, a site isolation in the DOM: Navigation component "We are aware that exploit code for this is public, however we are not aware of Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

15 Červenec, 2026 - 13:50
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned browser extensions, and autonomous agents. Employees routinely paste intellectual property into The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

15 Červenec, 2026 - 13:07
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a core system component that manages user accounts and environments. "The PoC requiresRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Webinar: Closing the Approval Gap in AI-Era Ad Tech

15 Červenec, 2026 - 13:06
A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages. This on-demand webinar reveals how this Approval Gap forms, and gives your team the blueprint to close it before an auditor, regulator, or attacker finds it first. The Reality of the Approval Gap It's a pattern every The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

15 Červenec, 2026 - 12:55
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open. No prompt Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

15 Červenec, 2026 - 11:16
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below - @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) "The Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

15 Červenec, 2026 - 07:30
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 (CVSS score: 10.0) - A Server-side request forgery (SSRF) vulnerability that a remote unauthenticated attacker could exploit to Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

14 Červenec, 2026 - 22:25
Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft's own CVEs by its Security Update Guide count, more than triple June's previous high of around 200. Those two live bugs are the ones to grab first. Microsoft credits incident responders for both. Both are Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

14 Červenec, 2026 - 20:17
SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

14 Červenec, 2026 - 19:27
Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai; the difference is scope. Anthropic restricted the arbitrary-prompt path in May as part of its response to the Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

14 Červenec, 2026 - 18:52
Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. "LabubaRAT creates a reusable foothold for hands-on activity," Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today. "Once deployed, it can profile the host, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

14 Červenec, 2026 - 15:48
Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo's security team, which discovered and reported the flaws, said one "leaks the broker's confidential OAuth Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

14 Červenec, 2026 - 14:46
Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware," Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

14 Červenec, 2026 - 13:55
Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How Pentera Turns AI Security Workflows into Validation Engines

14 Červenec, 2026 - 13:30
AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data. That fragmentation matters because attackers do not move through environments one [email protected]
Kategorie: Hacking & Security

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

14 Červenec, 2026 - 13:21
At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad actors have begun Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

14 Červenec, 2026 - 11:02
xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

14 Červenec, 2026 - 10:02
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security