<?xml version="1.0" encoding="UTF-8" standalone="no"?><rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" version="2.0"><channel><title>The Hacker News</title><link>https://thehackernews.com</link><description>Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com</description><language>en-us</language><lastBuildDate>Fri, 03 Jul 2026 06:07:24 +0530</lastBuildDate><sy:updatePeriod>hourly</sy:updatePeriod><sy:updateFrequency>1</sy:updateFrequency><atom:link href="https://feeds.feedburner.com/TheHackersNews" rel="self" type="application/rss+xml"/><item><title>Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices</title><description><![CDATA[Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic.

Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG)&nbsp;said this week&nbsp;it had reduced the network's pool of usable devices by millions.

Google identifies NetNut, also tracked as Popa, as a network spread across home]]></description><link>https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html</guid><pubDate>Fri, 03 Jul 2026 00:24:06 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAH6tBAe18U0FqA-i5kNNNQYeXjY_LBflzBqVD5rq81OAC6q9c8UsDBsQb5K2F7IAfof5_JZCBpS51DNp63jsXfk4qqwLkckDh4nq-z-Gj0zoRwQu5IZYiNHiBlpp3C-6OR84JeDfPmIr4VLTp2NN6uHRYl0qT273wrbpcnUmd5SbIJH07cPHQxMo6VgI/s1600/proxy.jpg"/></item><item><title>Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials</title><description><![CDATA[Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.

"Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral]]></description><link>https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html</guid><pubDate>Fri, 03 Jul 2026 00:00:33 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5gkjf1FwB4__nC6-pLZYnDv2rJA29UAL9mxfCv4BNSl1FxNpat9jD-OiMRLewjXJXyiSGvqiLYcewN_b1lLFHh0FhzKkrHFzu82jziSuOodYX87FkwjuCcXaqwzWRsiFdsBcd9mzDnak1rJpDu46F8TV206IEcD1pE7njojB8TcQEZ4Wa70KnK2vyeVKI/s1600/ransomwares.jpg"/></item><item><title>ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories</title><description><![CDATA[This week’s security news is mostly about weak spots.

Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through.

This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runs]]></description><link>https://thehackernews.com/2026/07/threatsday-ai-compute-hijacking-apple.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/threatsday-ai-compute-hijacking-apple.html</guid><pubDate>Thu, 02 Jul 2026 20:54:18 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMzwXbN53zy07KSkFJL7uOzty4Pj7VgKS6lSwWWGSCppX0wEX5eY0ZLur2NiFcs-ByBBhbd1WZ270Y4VMMGL6WkvOIZ5MhyphenhyphenkDX2B45wiQue-W88oiF_-RZs0HxvrvcxCHI8Zhhv1-fqHDgnX-VLWk00gt463rQhyKY7Mzcd5STMCYeCUcyVri3aBSUpl2t/s1600/threatsday-board.jpg"/></item><item><title>ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API</title><description><![CDATA[The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API.

"In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs," Kaspersky said in a detailed report published this week. "]]></description><link>https://thehackernews.com/2026/07/toddycat-linked-umbrij-malware-abuses.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/toddycat-linked-umbrij-malware-abuses.html</guid><pubDate>Thu, 02 Jul 2026 18:34:13 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMMnC-1ujLiZRcV1xgXbB3qFoIREcbSiGqLCFID8-G-z8GFI3YEY8VniprVEBW4b4TZKJUvoRDg27elntNJWL9S6JZUHMMe1Ie1JLf9w5Fzsgx2w9c94ja1NoED4m3G1pNngC2DDWOOQPgVGiKOd0uBpZkQSSpFOo60S2Tbl8j2VWKdhb70sIJzF8d93LM/s1600/gmail.jpg"/></item><item><title>Identity Lifecycle Management Wasn't Built for AI Agents </title><description><![CDATA[Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren't designed to detect. This guide covers where that model breaks, what it]]></description><link>https://thehackernews.com/2026/07/identity-lifecycle-management.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/identity-lifecycle-management.html</guid><pubDate>Thu, 02 Jul 2026 17:00:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwwp0Bf4s6Xp_L13nlIV5Pf2D0awJsA5cDdev6yCr9f7nLVbmJmzqJ01cmdJkO4K0E3KEvdHhK10ZDai_tXV6gZDmgJqhnsARjEhVScA9gsWHKL4zzt64aQSSgPBImpeYxLuMiORSByYXgQunRUhYhymV8AQfvYf6qsBieuh82794N44iaJ9lEl8IS8Z0/s1600/Identity-Lifecycle-Management.jpg"/></item><item><title>AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack</title><description><![CDATA[Security firm&nbsp;Sysdig&nbsp;says it has found what it believes is the first ransomware attack run from start to finish by an AI agent.

Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company's production database.

Ransomware has always]]></description><link>https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html</guid><pubDate>Thu, 02 Jul 2026 14:43:13 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirfJNnWRTyyKkXeatZdtLvMsQhba-L0J9yuyASwy4T-6nlbGWnkEl0FUBVO8wS6je9Hc9wPdu01JJ0TETOa1jOjQelGiJY3ZrvsJzFIqpr_gbEvv5F4lnQrJWxTHbpYM6ah6sPJbQ63XtdxlOcFy7KZ06S69LW2escSgSAM-ycKZCqttjAZEcHJ_sO9DdQ/s1600/ai-agent-ransomware.jpg"/></item><item><title>FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations</title><description><![CDATA[The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions.

"An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment]]></description><link>https://thehackernews.com/2026/07/fortibleed-credential-theft-linked-to.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/fortibleed-credential-theft-linked-to.html</guid><pubDate>Thu, 02 Jul 2026 13:30:49 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcA80dQWiuszAlBgwcxzc3suImls2cKOwk_2nYMo7UY5MNSdlKNMgibekQNEhWRuxmX5s1JcLHCd_dsDZ3m9oy_FxN-livXwyMIqre86oK8WIOMKUSZwDBvoN7XQOaV63zVBAIKQCH77-RGxhyLNc0bnip4LoUd0P7HsWQx-bxBu8nHr7St5HKs6T1cS6Z/s1600/bleed-ransomware.jpg"/></item><item><title>New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos</title><description><![CDATA[Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs.

Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine.&nbsp;YesWeHack and]]></description><link>https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html</guid><pubDate>Thu, 02 Jul 2026 12:54:23 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd_BdKzn7-7TCZJfnsZBy25kGm8xiQTrJquj8vMVsjlRXf7LXqMiJLQs8ic-lNLRc51whJzP-B4Nv9OOzfgOSHKzmIjZFv0krEDBuSeuXXNj-OccwbpBBBBIofZFMBT4DaThqLeE2Bsx-Nkp8aZZfEs6tVB43kby1L5UbtPjauqfedlANNzOYGrNB7ec5o/s1600/fake.jpg"/></item><item><title>SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation</title><description><![CDATA[The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue]]></description><link>https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html</guid><pubDate>Thu, 02 Jul 2026 11:16:45 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMEHDpcGNoddFf8yfkJ1L21X61VSA66xZiVjYA5qdfJpZ8tyWxzRy7Il8fwcY59pRUm7mlNChrPHhjySmFLV-dHEIdZiOXj0ZDQ9Wv8yxgfU8qKm_ga3kYcNer9z85cj7KwtYkRuxGtPaNUL0ebiuM2SILSWMVr-fZtnVFejlJ24h48ECds-iMQBTW3vHb/s1600/cisa-ms.jpg"/></item><item><title>Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters</title><description><![CDATA[Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port.

Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers in]]></description><link>https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html</guid><pubDate>Thu, 02 Jul 2026 01:10:06 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9emdIsaMBcMQoyS0ot-ckXq8LWhMk6P2zAm3WdCVFBhRMNUqN6E1vZqllIq6qYHBvGm8WhCGi8C3PLUNOecmNYU4LLoWH5zRBadBejDgpbC5DihDwqiYAMLpZNsQBk2MsiN89nt-honwtPiQzjg4fDUp5w2aiCXWZBKk94qHwfG4yEHak6zoZuNmXKgY/s1600/argo-cd.jpg"/></item><item><title>19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges</title><description><![CDATA[A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice&nbsp;announced&nbsp;on July 1.

Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody.

Finnish police]]></description><link>https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html</guid><pubDate>Thu, 02 Jul 2026 00:58:07 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitCA6eGqIT2msGTmYh2Qr84lq5GYGvI4Y8FSzzNira0osd5SNIbnpLKZfLZLggblyWGxZ1ScIR_I06M-RoM5wM3he2KRkFCnwYxIKtGBDb9PA1JtoK1JM5f0vObSITDMGt4eeVV82LUF3DBNkYiHLhCTYNwnlOP3DlfCHYLkP6NfHjwRJDsHSMTHEGKAs/s1600/hacker-arrested.jpg"/></item><item><title>SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT</title><description><![CDATA[Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT.

Kaspersky said the activity is part of a "massive, multi-domain, multi-language" campaign that distributes malicious installer archives hosted on spoofed websites.

These installers masquerade as popular software like OBS Studio, DNS Jumper, DS4Windows, and Bandicam, among others.]]></description><link>https://thehackernews.com/2026/07/seo-poisoned-software-sites-abuse.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/seo-poisoned-software-sites-abuse.html</guid><pubDate>Wed, 01 Jul 2026 23:23:06 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbKfADFEhazeaRztmVJkTBhFqZxALUDBwsOV_25bWjZ6Qm3pCBoSSawssWOOJC2ZQ7M6hrUDRXLfR5gcpWRkkaSdNtSPCz-FLrG5Dy4-Y-IzEMt_souSqJuc3JK9FNQ9p2-dT7Ojf3ufzPkWBpLNyDAVeeuYS7Ya-BJWT4MmAHz7OjHvwjMSCfF5Jvahyphenhyphenj/s1600/SEO-MALWARE.jpg"/></item><item><title>VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer</title><description><![CDATA[Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs.

The activity has been codenamed VEIL#DROP by Securonix. It's suspected that the initial payloads are distributed either via spear-phishing or a drive-by compromise, which occurs when an unsuspecting user lands on]]></description><link>https://thehackernews.com/2026/07/veildrop-malware-chain-uses-blogger.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/veildrop-malware-chain-uses-blogger.html</guid><pubDate>Wed, 01 Jul 2026 22:48:50 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3OuCh7SjXAd7hG_0Q0p__EmpV5MwYh0fOfMZHc1wxRHpsCN9qlonLr93NB6-iJMWJd6nv8VoMqSt9hWW34H7R7tpoGuhkn1mkEL8UgsiUIfNxh9L1Bh0Qpvt0xrX9Pqq6rw1vb-0CEC3KLAT5N7fdlgEHWnYVDyeuUHt2pD59vugSKLaC9n8-LBLoqV0Y/s1600/blogger.jpg"/></item><item><title>Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures</title><description><![CDATA[A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal.&nbsp;Fortinet's FortiGuard Labs&nbsp;identified the campaign in May 2026.

It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really in Spain or Portugal, and hides its real payload inside an image.

The goal is the usual one: steal banking logins and take]]></description><link>https://thehackernews.com/2026/07/ousaban-banking-trojan-targets-iberian.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/ousaban-banking-trojan-targets-iberian.html</guid><pubDate>Wed, 01 Jul 2026 20:56:55 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3GnjevIMTqO1nAZ7LWeRKAz2NCKGTKCC2ldSx5dsd2SShjh4pWcmddVJse4MP4QLhA_DOP1K_RajPwe8YR7rc57CqPUO0i9RDYoZQA0yRAokZt1r2hyphenhyphenccOjcFh2SgUTnyUjj-M-y7WUUXVF0rpSrcxTrjb5nPOnpnIP5YvdxzUaLXkubSTXFaj0RzxEvH/s1600/windows-trojan.jpg"/></item><item><title>Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic</title><description><![CDATA[Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic.

The ColdFusion updates "resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escalation, arbitrary file system read, and security feature bypass," Adobe said in an alert released Tuesday.

The vulnerabilities are listed]]></description><link>https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html</guid><pubDate>Wed, 01 Jul 2026 20:55:46 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2LpF3s-oL3WaiHtAZ9N33J120bvGnWDoQ39eE1fyToERHmJgkAtMzarRyW9-gOG0N4U1_nOEQmwg-3krYIZDcXXB6JYpurMezefSiM5-ygJd9CuuS1sS-gHNjoKgBRayO0wBow5GB1yaanR55TW2fwus6MQXwlqeXDJ2Xu7z2fiOGbPXo4qio4LpXZPO/s1600/adobe.jpg"/></item><item><title>Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands</title><description><![CDATA[Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore.

Cato AI Labs&nbsp;found the pair and named them DuneSlide. They are tracked as&nbsp;CVE-2026-50548&nbsp;and&nbsp;CVE-2026-50549, both rated 9.8 out of 10 (or 9.3]]></description><link>https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html</guid><pubDate>Wed, 01 Jul 2026 20:12:54 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjItlLuWZZxw3YcKcnCVEsKn7HKF0QcPnXqFNjor23XT93Xp49dvLt4tZFYIbUApP4eABXQZ3pwnoidAp5GW1wm7ZfBA6vXRlX7i0Lbzw4KWlSkxayxjZQeoxg3TEAQWmLdGP9DePsYjoC1p07KGommOwATsJOHhRQ2zZatOaFRzHoKHVHcQW8K9s-Hd5w/s1600/cato.jpg"/></item><item><title>Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts</title><description><![CDATA[A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU).

The Canadian cybersecurity company said it identified exploitation attempts targeting CVE-2026-8037 (CVSS score: 9.6), an operating system (OS) command injection flaw that could be exploited to achieve]]></description><link>https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html</guid><pubDate>Wed, 01 Jul 2026 19:26:18 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghMOqrFNgwfokWIpvUBFpDUO-So-0focm0a7d9mhocEHiwdB2cHmPQ9q4STjyCr-gVUPK67TYluInMr0_v1omCJVWbd9OVOg6AqVROoxZb44b5BOpxdBb2GECjFw77NhlCf6nWC5oJF3x3KvE3EyDV2pUR3lvROAWjaFs9SOyvzM3qRB6MzEUCFYuVAoCb/s1600/pro-exploit.jpg"/></item><item><title>AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android</title><description><![CDATA[Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both Windows and Android devices.

"This is the first documented case where a frontier AI model]]></description><link>https://thehackernews.com/2026/07/ai-generated-browser-ransomware-abuses.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/ai-generated-browser-ransomware-abuses.html</guid><pubDate>Wed, 01 Jul 2026 18:29:19 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4BJdHYquuxXoz8n0LhMEmm9KPcWcMC57w4LnqbMNCPXMAFdS95ys3zE6F5jZOvSKwsVWp6t3z8pVImRJ3Nvxgkr4QiPI5O06zJywlL5uuBIU2G0ZtPucYq80Z_G-PnVzjYfChzbnpLxGyD2PpbH8VdLWjIuNLt0RoAe5Q8mVulX2s_4Ueg7XR0pxZVwKn/s1600/chrome-ransomware.jpg"/></item><item><title>2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience</title><description><![CDATA[Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a series of surprising contradictions.

Here are a few examples, based on the independent survey of 1,200 IT and cybersecurity professionals]]></description><link>https://thehackernews.com/2026/07/2026-cybersecurity-assessment-gap.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/2026-cybersecurity-assessment-gap.html</guid><pubDate>Wed, 01 Jul 2026 17:00:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP1ozclOI3O1fTjKYLZrt0RCp54Fr-6NPYAifKy5c1fYwj4ceFq9U62ra9eoBq4Qw7qAh3qXE7ttfy6239qiAwK3SFyQxg316fl8BNxeeZ6IRDJFbjl09AE-gHC9Qa2V3nFljMblCovx6MgP66ZxMfawWVnAWEPNX9YS_FATZFtC69nlKhTvQQeOD58_I/s1600/Assessment.jpg"/></item><item><title>Microsoft Accelerates Post-Quantum Cryptography Shift to 2029</title><description><![CDATA[Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encryption standards sooner than previously expected.

"Advances in quantum research and development have shifted the risk horizon," Mark Russinovich, chief technology officer of Microsoft Azure, said. "We believe]]></description><link>https://thehackernews.com/2026/07/microsoft-accelerates-post-quantum.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/microsoft-accelerates-post-quantum.html</guid><pubDate>Wed, 01 Jul 2026 16:11:36 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyPq-iy_BsDM3LGWIEtwydOynDIApb_bokv6EuarUGUbyIw8tFnntySLPL5FuN0Qw1PIGNzlabEaSq00S9ojIShTnbJyM0kWKUbCcIEOH3eEbdLOpgOumlnXHVvrsn2o9A75a2R3_8vjpTB18P45qaK7CtSuggZyGAb2uA8SGGXp_bUV7mqY4aGNlYGXwM/s1600/Microsoft-Encryption.jpg"/></item><item><title>Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware</title><description><![CDATA[Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way.

Palo Alto Networks'&nbsp;Unit 42&nbsp;calls the trick phantom squatting, and its new research shows it is already happening in the wild.

The reason it matters is]]></description><link>https://thehackernews.com/2026/07/phantom-squatting-uses-ai-hallucinated.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/phantom-squatting-uses-ai-hallucinated.html</guid><pubDate>Wed, 01 Jul 2026 12:50:51 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX2IWQhpupx-U0U70hWTg9afsBb41pslrGP733mXXdBKValODZrPoYD3UQqGVq1j9fSgmgf9rqDyxEAx1iKzblSnc_AcfO_CzQ-CA4G24vKEO5YC9P1vC_K_K01RfbMAvN1eaqgRjJUYRIyWZVLQjxYVleEsgcgD_Ifm04sjBCp08xk6W7QjbX4Rgm2vXp/s1600/ai-domains.jpg"/></item><item><title>Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls</title><description><![CDATA[Anthropic is putting Claude Fable 5 back online worldwide. On&nbsp;June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier.

Fable 5 returns to users on Wednesday, July 1, across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork.

Export controls restrict who can]]></description><link>https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html</guid><pubDate>Wed, 01 Jul 2026 12:16:17 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2AmA92QCIqSJfXqC3z9I1jjdJGEkIvN4k-Oc5MlWZb4yZLPg5clokead6q8yXUfeI4DbdsKVn4qbd1sufvo47zyIy-Wcr15xK9oJJyet1vlFGiOKOU0ylMhgXWI0Duuztk7W_YURPKwdgfOyFsm2k3Rj1Db5tEVB9jzNi3xeYD0R_wfOaRKranmNj6kOy/s1600/claude-fable-5.jpg"/></item><item><title>Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts</title><description><![CDATA[Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process.

The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider LSHIY LLC (AS32167).

"Between June 12 and June 26, the threat]]></description><link>https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html</guid><pubDate>Wed, 01 Jul 2026 11:16:03 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlhMdp0ML_DO3inv2zhyphenhyphenoZ9CmB1ESRBbVh_YHPol3serW7D4zTsXPGVjF62GhEcvamH6fmTs0ZLguVOM72ynrL6ebpPxBgpCv3XeUJNCb4un1Ue4o1V5BjB4r9pEnW_t717d8d49ZdH4OPavLgNkov9VNaJDMruqwG65QoBkxpzFx8q7QofYHuH9gDie-O/s1600/login.jpg"/></item><item><title>Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery</title><description><![CDATA[ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office.

New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same malware in a different disguise. The same research also turned up a new delivery method built to slip past Windows' script scanning.]]></description><link>https://thehackernews.com/2026/07/researcher-analyzes-3000-live-clickfix.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/researcher-analyzes-3000-live-clickfix.html</guid><pubDate>Wed, 01 Jul 2026 11:02:12 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXEaR4unJmt3rBY1LzI0Gq_veoF7Qzi-yPQNUcoR2oNV802lQ4MZAviyeq7bBh73PLAyp1quTozDq0ki_zm_9qsJIIfAUTaG8jFTv5dpxvuDUPJZA2BU4Zo11wIVyysWeMROXv8z2XOZoPOoJPVqMEJEhCI_OE1mM5wnSCFHJ1sgjl5411fZ4srklq5Fbs/s1600/clickfix-payloads.jpg"/></item><item><title>Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service</title><description><![CDATA[Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition.

The vulnerabilities are listed below -


  CVE-2026-8451 (CVSS score: 8.8) - An insufficient input validation]]></description><link>https://thehackernews.com/2026/07/citrix-patches-six-netscaler-flaws.html</link><guid isPermaLink="false">https://thehackernews.com/2026/07/citrix-patches-six-netscaler-flaws.html</guid><pubDate>Wed, 01 Jul 2026 09:24:22 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkaU5jHNUkuBuH0Obx-gU_L4wSKOWP9bPwZeyD8tY1hIHShQozXYO2UckRTb2z5SwreXgHxLzePWkBfixNzYWsJ6eXioRllicv96TA8QvXBerGAguD3uA2T1DcMaURdi5BdMcNlY4DF_DPk-kdNXvIZfz8QMnrekgc-Hjksqf5OCHy11j0zcT668GgBhnc/s1600/citrix.jpg"/></item><item><title>Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data</title><description><![CDATA[New Microsoft&nbsp;research&nbsp;shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider.

The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire.

The work comes from Microsoft Incident Response and its]]></description><link>https://thehackernews.com/2026/06/microsoft-warns-poisoned-mcp-tool.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/microsoft-warns-poisoned-mcp-tool.html</guid><pubDate>Tue, 30 Jun 2026 23:16:07 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbjfrraZ05p0kN5CedcQSOZYouoHGrdpCvi9TGxEZM_9zlXc_juWZ1F8VsvjV9c-iD7Ejgj0V6b0uYwOb9mLpb7ALcOVk53m2ppmg6mDI3qwANc8KZFMt3X7H7fT_Eym3OJijFmr0CZS6yJNTtf4kef0gOYtbx6A3LYa15PNzpzJuOg-nd6orLosZzfQ8/s1600/ms-ai.jpg"/></item><item><title>RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS</title><description><![CDATA[A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline.

Researchers at QiAnXin's&nbsp;XLab&nbsp;have tracked it since February 2026, and say the real story is not how big it is today, but how fast it is changing.

The end goal is a]]></description><link>https://thehackernews.com/2026/06/rustduck-botnet-rebuilds-in-rust-to.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/rustduck-botnet-rebuilds-in-rust-to.html</guid><pubDate>Tue, 30 Jun 2026 23:15:25 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2XzOOqoX4E_CfxUMxd0YAH9MRjvZ8-kBBiVhd2VvCvbie3zla8PA80fO2xZ4Ux3_gmreVKG7ANFrSGpDk1lsURfQZuVVapjqi565oGmkqImmFdiQsQFL5z7V9s7TTkH4KgmGbEFnpdAQz94DrXip4q8Qa-ec9K1B1cmeL3szEBWUq9nX-MWppatyug3A/s1600/RustDuck.jpg"/></item><item><title>Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints</title><description><![CDATA[Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.

The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)]]></description><link>https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html</guid><pubDate>Tue, 30 Jun 2026 21:17:20 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA2GvsvmPnHZF-e1GDbhOVW4DxQZr79HzSMLp7-YKaA9DC-V2fVo6cmBig0bxUxWjK0Kz1mTm2Cmg6CrjaKgNhxC7xE6SsBxRx8DW5ljkMWPuJ0-7WUzxYbSrRWFdix8Nks8tobGkIY5cpNjczspeiKYyXYVSgoVct-7u1SFpWXB0mEi8AB5X-Wcp59Vca/s1600/Langflow.jpg"/></item><item><title>Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses</title><description><![CDATA[Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction.

The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs.

"The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that]]></description><link>https://thehackernews.com/2026/06/silent-swap-crypto-clipper-uses-fake.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/silent-swap-crypto-clipper-uses-fake.html</guid><pubDate>Tue, 30 Jun 2026 21:10:18 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfz8WYO9wONzogh2V8g9VorZ8Ab_nAUZMD7rOM9xrVUhg3cbKGA5zc73PGQiAkbsNgY-qbm2AFAUjBdeMcpemGmDNWrvnpyjzKiqU8iJHMetkW68d20V_U-96mHOaHF6fff7VKBREN2v6fz1R_ahyIklq-Fd7ILYKxXck5ahL1BoFWC_CDQFrQZqQqg3hm/s1600/chrome-wallet.jpg"/></item><item><title>GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks</title><description><![CDATA[The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades.

New research from&nbsp;Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and computer-use agents the firm tested. Only one, "Continue," was built to]]></description><link>https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html</guid><pubDate>Tue, 30 Jun 2026 19:56:15 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR59EidY6iMYv3s9bikjIxpj6_YTaUIesrZ3MyD9OqUbOk262aDW7bCArqr-IjT9CUQUSzE2F_knKKvs4bIJ2d9cuzZ-DKlmkW_Q3SO43HkA79kSVhCELVyKaStWliNZc9l1xxEGEFE5UmT1Abn6XMKTjk-rxBRTTtRAjb-jYDRKj-ODtIYy8dGQvbzDE/s1600/shell-ai.jpg"/></item><item><title>282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study</title><description><![CDATA[Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic.

In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no key at all.

Whoever grabs it can send model requests on the developer's account,]]></description><link>https://thehackernews.com/2026/06/282-ios-apps-found-leaking-llm-api-keys.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/282-ios-apps-found-leaking-llm-api-keys.html</guid><pubDate>Tue, 30 Jun 2026 19:19:34 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJ9nmTBu_vYBf5fRZV4Jc-qtFGPySofVDYHUd-9-ogdve-M4Qd4j7_CnH9Zmvln6O3nfXSsDqQiMoL3rDYBSXZSrXlkCnSWSQUdAYJX1PkRzmytlVaYAc2AyrFOCpo9doU58gO6Gl5fQ-0SZ5D3yGP2SspNgK0U4f5jViSBnY_PAMUOjr42Nt8OLrhnTsQ/s1600/llm-keys.jpg"/></item><item><title>What the Numbers Say About FIFA 2026 Cyber Risk</title><description><![CDATA[The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors and at least ten languages.

Check Point Exposure Management published the FIFA World Cup 2026 Cyber Threat Report this month, covering]]></description><link>https://thehackernews.com/2026/06/what-numbers-say-about-fifa-2026-cyber.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/what-numbers-say-about-fifa-2026-cyber.html</guid><pubDate>Tue, 30 Jun 2026 17:00:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEZt1Yxw3eiMzyzPpblDGru8JlEmw-Rr1Lgn8hG9YCvxeCNDpKOCyn5_Evvmc_lB9tKDpcmBLfH3a6mHGkZBMDT8cr9Q39XpMpDhwCrqSieA2wG1BVYDBXTppmPkOJA2Sj8kakQExnh207X99wqRR1nOnYMcWPZ41BNKGhQHdOCkUzzgkRkMjzX-RdvyA/s1600/checkpoint-main.jpg"/></item><item><title>Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer</title><description><![CDATA[An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer.

The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated]]></description><link>https://thehackernews.com/2026/06/attackers-exploit-simplehelp-cve-2026.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/attackers-exploit-simplehelp-cve-2026.html</guid><pubDate>Tue, 30 Jun 2026 16:48:47 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEid1CxvsX2dPrKoA1VzJ6PUhwrXxvSC4ehRmgyaRRCJlP_MFSeOxvwrT2ODJSbQx3E-7bBwBG4YpP3CQGLzojfXEveOgwZgUlcCSf-trk_G0k0Q1_nz4rb1nbRfhXgijfZ9eLDT8v_ATsmqz5AnbNgBuGX7UIc3YwAw1hYZwvzp5Z0eopWNRqTs4W3bP3/s1600/help-hackers.jpg"/></item><item><title>AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks</title><description><![CDATA[Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network.

An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone, with no tap or prompt.

The same research found Quick Share flaws that]]></description><link>https://thehackernews.com/2026/06/airdrop-and-quick-share-flaws-let.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/airdrop-and-quick-share-flaws-let.html</guid><pubDate>Tue, 30 Jun 2026 14:57:58 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCyrr25-wXst4kOLIEi1-Q1d5XMVDCvWqUacEoSRsLn6C5CbKoXGLb4nzTB-DVr9cLOkyuIT5wyMrQICAVhQFlTsXrR_Ng9CBBXPZGeK_rLtOVXh5C8CsrZHaGyJ5WukGI3vTpMOw1S09_U9j_s5rzEFcYq55g7ZmOthGTPw5XxJJkALMH9VOxr0DjX8Vi/s1600/share-ai.jpg"/></item><item><title>New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials</title><description><![CDATA[Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind&nbsp;BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker.

The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension.

An]]></description><link>https://thehackernews.com/2026/06/new-bioshocking-attack-tricks-ai.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/new-bioshocking-attack-tricks-ai.html</guid><pubDate>Tue, 30 Jun 2026 14:07:19 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitNDarGF3uRKXTWC12cbM97uJW3DxiLuQwmplVLHEqdrUZJdzbkMz6Wc524z5Xu2GGSyNYhMT_m9kGqqGjRmIxDf0fy_ZXCx3f6G7JvvCFkcdga3PTnUR8XqfrPtIH_9_yrb9n7VaJZTqsLK4CznHRTcYZA1B84r2T_Jl5YYjnUbwUAvyGo4K05ckMnyYG/s1600/ai-prompt.jpg"/></item><item><title>Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth</title><description><![CDATA[A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API.

The flaw, tracked as&nbsp;CVE-2026-8037, carries a CVSS score of&nbsp;9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now.

Progress&nbsp;published its advisory on June]]></description><link>https://thehackernews.com/2026/06/progress-kemp-loadmaster-flaw-could-let.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/progress-kemp-loadmaster-flaw-could-let.html</guid><pubDate>Tue, 30 Jun 2026 13:08:07 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtFZGtJwnGA8dQHmNpd8Pzgx4p0wSq_e2hyphenhyphen2bZwWBQEDK8QPAi2CEOR_Nbns5jhRw9mMSPv6RBe2IqRO1c9fIMvMlUAV14B3VQE7-csMvfMQK6Qr3THGlxQY3C9HiYW_TYHGzok-TWFmMoMkto0OA8fNsQuvADEaJNFQYdIrXXzHGJEhyqpKRC2IFCaRM6/s1600/loadmaster.jpg"/></item><item><title>Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild</title><description><![CDATA[A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber.

The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances.

"Easily exploitable vulnerability allows]]></description><link>https://thehackernews.com/2026/06/oracle-e-business-suite-flaw-cve-2026.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/oracle-e-business-suite-flaw-cve-2026.html</guid><pubDate>Tue, 30 Jun 2026 10:34:06 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYwCBjb2uPzIs-8BNIxo90ae4xRgxzM1av-ijebBJ32Y2DEvRUvM-jMd6S535UdnbPKrLtFHxm0k9Lo7GJgVjCWCrH-0RNFZukDv7shdA02IkDs1Iqx8C-uH2hOCyfpJ01tmNVGhrvQ-6FGlmdjnCP0nXrq7zl5KVL3XZ84I9QTImD5DM8HYoJbA0A1P3w/s1600/oracle.jpg"/></item><item><title>WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private</title><description><![CDATA[WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform.

The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations will start rolling out starting today,]]></description><link>https://thehackernews.com/2026/06/whatsapp-is-finally-getting-usernames.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/whatsapp-is-finally-getting-usernames.html</guid><pubDate>Mon, 29 Jun 2026 21:39:21 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio-ZtaOMuibm1cwTHj1YFNRqRbs2GdaipPSXv1pzX9qcUI2VS6MGjpxEcNnhU0zniwOokUFL530mntMPSO2X8CjA3ybwYDXEwsJb9sV7nP9QWiDHLTiYV6Yf10B9qHNTdqsU3hn-ac8mzmzghyphenhyphenrhvgSJQBEgP723mfcyNA4y1ck5wKPBY1ELzb_xpQhB_s/s1600/whatsapp-usernames.jpg"/></item><item><title>Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input</title><description><![CDATA[Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results.

Microsoft says Google removed it from the store after responsible disclosure. The extension was called "]]></description><link>https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html</guid><pubDate>Mon, 29 Jun 2026 21:10:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOcObOpyIQZzuiNoFu6Lv4jCDh64o1WYrC3stGdk58mMRg69RT56svVrXVwu618f6szk2lj_Tqbt6b7Rg25yV0cauxIDTbMAI8cbftKVYibIt5SMeaOT2zE3oeuu-RLI7M1mkEV3zirqDiO-nLMikX7QixM2EpVIdKQERGc7I_0p58L4J-s5mBjSCpgHc/s1600/pp-ai.jpg"/></item><item><title>Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs</title><description><![CDATA[Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security.

The WebKit vulnerabilities are listed below -


  CVE-2026-43707 - A memory corruption issue that could result in an]]></description><link>https://thehackernews.com/2026/06/apple-patches-30-ios-macos-safari-flaws.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/apple-patches-30-ios-macos-safari-flaws.html</guid><pubDate>Mon, 29 Jun 2026 21:00:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgEWbrJH-z_uAL6GFaOqplYF1ewSOBvFpaKD24W74VEBaSO-pW3sy0I0e57Bmc9yBKV4vb6zWYaVjd-oTSy2sSQNSubgQHcmFav_bp3HnySXcSGR-ocRiUfYcXgUXm44XZyrdNnIq2JqJxZQG5bnbui12eVoG3GPgVnGy9AE6vfDp3km5TTtf6rjPv6FZV/s1600/apple-updates-ai.jpg"/></item><item><title>Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks</title><description><![CDATA[The China-aligned espionage group&nbsp;Mustang Panda&nbsp;is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel.

Acronis Threat Research Unit&nbsp;found active compromises inside Indian government networks, including machines used by senior administrative staff, and worked with&nbsp;]]></description><link>https://thehackernews.com/2026/06/mustang-panda-uses-zoho-workdrive-as.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/mustang-panda-uses-zoho-workdrive-as.html</guid><pubDate>Mon, 29 Jun 2026 20:33:40 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4479X60pqma2HNkNzrVQuQlGImd-48w4eYTTW-wylTLfK7XfLPtmNOMi79oy48LNiFg-4a_vqF378ZobR2Dy6VTO38VxbsFc_l8xQypwe-V43txSB7f73JS142E4uBXjrLKx0lcS-UOUMZ45kLeYgaqCjg2Je2TElLosoBvARIQpzam5q3ckk5CVXsoAF/s1600/india-china.jpg"/></item><item><title>⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More</title><description><![CDATA[This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open.

The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cleanup waiting.

Here’s the full Monday recap.

⚡ Threat of the Week

New DirtyClone Linux Kernel Flaw Lets Local]]></description><link>https://thehackernews.com/2026/06/weekly-recap-linux-kernel-flaws-ai.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/weekly-recap-linux-kernel-flaws-ai.html</guid><pubDate>Mon, 29 Jun 2026 20:11:07 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFXmUW2VYnBd5oSyq6V328rZOIdanacqm-k4Wae2x53iAvPb7YvO7rqDcfWTklR_skhgLDVTThASQvf4UATgFVoVy1iHddO0Nxp9zkhuVEROXkqDAEyyWZZWzMZLNy1apXbCj1xttx9kYI_jPbLmV5hmUHJEkS_Efo9GiFAg5snM_JNwWKDDbMW5wuvwyl/s1600/thn-recap-main.jpg"/></item><item><title>236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers</title><description><![CDATA[New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App.

The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation]]></description><link>https://thehackernews.com/2026/06/236000-dcloud-uni-app-sites-used-in.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/236000-dcloud-uni-app-sites-used-in.html</guid><pubDate>Mon, 29 Jun 2026 17:27:40 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhK82zgZh0edVIi1z4Rs0V9v_8tn_Mh_X6_H5TQYnFwEtbrE1dhjw5Z-9U99Lojet5RdcrIgwJK0bZusY4u22qKVFBzpCuHihAzXd4RNuJQGSxEfdNlBH4GFZYedXXohyQdbfNYIxr9LV6KFgUyX3CWVjfsOiIQRq3JEXmGRrR9afqsfMoeR-BH_kZmTCKd/s1600/phish-uni.jpg"/></item><item><title>Why Post-Quantum Cryptography Starts With Credentials</title><description><![CDATA[Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured by]]></description><link>https://thehackernews.com/2026/06/why-post-quantum-cryptography-starts.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/why-post-quantum-cryptography-starts.html</guid><pubDate>Mon, 29 Jun 2026 17:12:16 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgufw7UrtG2RgRTMvdhUaNVywdIBuSIRFLngtWMIY_3fzq7gzTZnlL7KMi_kzPhfpdny4vP5Rd9QVLpkX9xR5Vpk0cVvDV8Xsy4wljRyA5TjKvojsoBsYJt7yhhk1VK46OegGewBgqi-c41Z5mX5Ivos1PMrgrrmgLZKUJ8hqb4xl8o85sB7jQJLvI3gj0/s1600/keeper.jpg"/></item><item><title>Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse</title><description><![CDATA[A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025.

Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the year. Primary targets of these]]></description><link>https://thehackernews.com/2026/06/gamaredon-expands-ukraine-attacks-with.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/gamaredon-expands-ukraine-attacks-with.html</guid><pubDate>Mon, 29 Jun 2026 17:10:24 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijvTMs5lEwRQ2ndqc7YNsz1eNQK0XuR_q4uSjl8tLZ8Nh8vA4WRKZsQhyphenhyphenUx1O0gR-QJtdvAj8LDEUaGscAEXAlA9_e9c0LNtEeV-6NJzdqEdGt0gb7mDEUBNmlMNI2L05YQ8lPXA6kNBFL4s7BsjiJSPD72fyhQq2fmYJwZBPQhyHI4PN_zvSrnxtRbRtI/s1600/uk.jpg"/></item><item><title>Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts</title><description><![CDATA[Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud.

The company calls it&nbsp;StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021.]]></description><link>https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html</guid><pubDate>Mon, 29 Jun 2026 14:02:31 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmbNHaJMqOcEeoUkaQeIZC_ilbUt8RpG-kyweNVY_fJ_3BQk19-pmJQXV_soXqZiHleBISNTwcYSqew2nzpc3eBEDULz52KaY1RNrJTb7u87f2oEtpJuTtmi4OL6Lc_HXP9WQcMDRco_w4U5mklzQ1QJj8ndNiBYVQRRUsevzc1P6hZe2N26_lyAhkQbsP/s1600/edge.jpg"/></item><item><title>Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw</title><description><![CDATA[A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2.

libssh2 is a client-side SSH library, not a server.]]></description><link>https://thehackernews.com/2026/06/public-poc-released-for-critical.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/public-poc-released-for-critical.html</guid><pubDate>Mon, 29 Jun 2026 12:36:34 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhD9yQyR_bCP0-I73R6EpwLjJtptGUvzeJD90oYzZvFZXVnM99EIvHFtIJlhZ2f4NSZkAyO7JWjJOy6Zd3lAtPz1Bbk2vmj7Ls8aMIZsFqiIVtIArSjypgJRIHJzlDN5BykKcZziAicpJiNE02Wg3Aheu5BIF1SvY3Pn09WYcdLtvWAT5giGf9mC_uY9GkG/s1600/ssh.jpg"/></item><item><title>Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer</title><description><![CDATA[Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts.

"This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings," JFrog said in a]]></description><link>https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html</guid><pubDate>Mon, 29 Jun 2026 11:06:06 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBjmO4haWCgXfALMAtSHKJXRWIlLfYqulkKflfK-3BSYON-8A4MjUNoZRxOyaLGc-4Bsj1eIfGDhdpJuKZrJORz4HZHx5iM7lj0-VlehqqZ6kaq5_ZWP08MviAchtNF1XORD_Fps-IWderGKNM18TT-Jgh_0LRFULqdMeOfv_FKDd8oWmHmv-iR1-_7XZP/s1600/gogo.jpg"/></item><item><title>Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials</title><description><![CDATA[The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S.

The systematic cyber attacks aimed at stealing sensitive]]></description><link>https://thehackernews.com/2026/06/ukraine-says-russian-intelligence-used.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/ukraine-says-russian-intelligence-used.html</guid><pubDate>Sat, 27 Jun 2026 22:57:11 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL9wu_kGShq1lDTiDFjL3VdxF51l9aXdtW8vfE6Z0f3nLKXnr3WctY8jw3INV7FcO0FmLzv_EVCkfmsC4AmEaPih-SD_c24f8R_MJjjNT8OBdd6SuwVECGV3VdxnMDBs7ULHaVBFPPGkZZcruUhMcbmYE-RQu-QTZfn7rEWltSSSdFLhJeZKIZy4jZzl7L/s1600/cyberattack.jpg"/></item><item><title>OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards</title><description><![CDATA[OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government.

While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficiency and power, and Luna is fine-tuned for speed and affordability.

"GPT‑5.6 Sol launches with our most]]></description><link>https://thehackernews.com/2026/06/openai-limits-gpt-56-rollout-as-sol.html</link><guid isPermaLink="false">https://thehackernews.com/2026/06/openai-limits-gpt-56-rollout-as-sol.html</guid><pubDate>Sat, 27 Jun 2026 17:49:37 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiweorWxmIvPG8uskOe44fLur9F5OJvqVdFLV1ejFqQozXruk70nzMhRaY58n4BuMhW1sbsdSvhTrlSxM8U5SLwPdaeRWNi4eQMUjEsFgmGV-37gTdnqk1NXLT4Ixadu4sq_pm0l_HVzuGHaIgcDnV_y092aZ1gCKkZ6lh2bp24PUBUfgsCSgvjlZiKRLMH/s1600/gpt.jpg"/></item></channel></rss>