<?xml version="1.0" encoding="UTF-8" standalone="no"?><?xml-stylesheet href="http://www.blogger.com/styles/atom.css" type="text/css"?><feed xmlns="http://www.w3.org/2005/Atom" xmlns:blogger="http://schemas.google.com/blogger/2008" xmlns:gd="http://schemas.google.com/g/2005" xmlns:georss="http://www.georss.org/georss" xmlns:openSearch="http://a9.com/-/spec/opensearchrss/1.0/" xmlns:thr="http://purl.org/syndication/thread/1.0"><id>tag:blogger.com,1999:blog-4802841478634147276</id><updated>2026-07-09T22:57:28.086+05:30</updated><title type="text">The Hacker News</title><subtitle type="html">The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers</subtitle><link href="https://thehackernews.com/feeds/posts/default" rel="http://schemas.google.com/g/2005#feed" type="application/atom+xml"/><link href="https://thehackernews.com/feeds/posts/default?redirect=false" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/" rel="alternate" type="text/html"/><link href="http://pubsubhubbub.appspot.com/" rel="hub"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default?start-index=26&amp;max-results=25&amp;redirect=false" rel="next" type="application/atom+xml"/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><generator uri="http://www.blogger.com" version="7.00">Blogger</generator><openSearch:totalResults>16736</openSearch:totalResults><openSearch:startIndex>1</openSearch:startIndex><openSearch:itemsPerPage>25</openSearch:itemsPerPage><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-7896238659840514204</id><published>2026-07-09T22:19:02.957+05:30</published><updated>2026-07-09T22:19:02.957+05:30</updated><title type="text">npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk</title><summary type="html">
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).

The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in&amp;nbsp;-


  allowScripts defaults to off, meaning </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/7896238659840514204" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/7896238659840514204" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/npm-12-disables-install-scripts-by.html" rel="alternate" title="npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbP2w2lzNWbB041oSXvx2Nb1uOJaf81XNUBioDv_3K73S-JnzIU4OnUHfwG3Q3RLbf_p2wJBpHC0m2M4cQhCMfcSRRx1MY9n2vCVSNI4ddai3uJ3eE2Kb-d_ryU_HSEx_R2Rjoxz2D3TBcZCgLRWf-rOBf9k73Vi1Q04aWNG9Ux-A5AOf-v1HjSGD3YZcg/s260-e100/npm-security.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-5012378610157594389</id><published>2026-07-09T20:39:28.014+05:30</published><updated>2026-07-09T20:39:28.014+05:30</updated><title type="text">ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories</title><summary type="html">
Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch&amp;nbsp;it.

This week is full of that kind of damage. Not loud. Not clever. Just small gaps doing big jobs. The worst part is how normal it all looks until the bill arrives.

The full ThreatsDay list is below.





  

  
  
    Global </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5012378610157594389" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5012378610157594389" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/threatsday-cloud-bucket-hijacking.html" rel="alternate" title="ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAXvG0n7eiC50jtfO-3MYOPx-Z0iWiucBfHqzY2QNH-5fUyfWcGu3NME0yERr2qWKcAeg6rIYMtP_VEeRInpeghztHmnjDa4QyuXSbaktcOdHHK9sx8lurd2RmejcmBjSZIznBl0zKQ-mk4dcCsVdL29g4XPEwUdrlQgj5-GgxvVnolSJJfCJW7g4vosLe/s260-e100/ThreatsDay-main.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-2547139630713912191</id><published>2026-07-09T17:56:58.960+05:30</published><updated>2026-07-09T17:56:58.964+05:30</updated><title type="text">AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up</title><summary type="html">
AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write tailored bait, pick targets, test what lands, and jump to the next host before your team clears the first alert.

That is the gap, and it is not your fault. The tools and runbooks most teams run on were built for attackers who work at human speed. AI-driven </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/2547139630713912191" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/2547139630713912191" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/ai-attacks-move-in-minutes-join-this.html" rel="alternate" title="AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up" type="text/html"/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVBCdd1YLOTAhXs53MgUBJHfid7uAH-uFr4vzULJu6BL5H7TDiBbZUDxS9RTwC1FH7q2HhEiI2BHLlymHQ7btIBDidvIohoiVJ2XH2uvQcan7Lio_iIh3Ku3J3LoM8SgaHrlAnyFeVLo77qE93hFykG4CJZUj1IsJb75jFMjAK9Q1V-akTkdagA_NLm4A/s260-e100/thn-webinar.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-5927560582477801179</id><published>2026-07-09T16:30:00.000+05:30</published><updated>2026-07-09T20:19:04.742+05:30</updated><title type="text">Summer of Clearinghouses</title><summary type="html">
Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it — built quietly months earlier, heads down, taking findings and shipping fixes, because customers kept asking us to. We only announced it now because everyone else started announcing theirs,</summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5927560582477801179" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5927560582477801179" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/summer-of-clearinghouses.html" rel="alternate" title="Summer of Clearinghouses" type="text/html"/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMHNzR9Jii9NFEb6X2orsYvbxp5mJF4-z71vuQ1EHw94Tkym9ifxqrNmOtYQd9nmpe8rR7ZBZMdGEZb_S-ZKoKpXAFO3Aged7ApVnn_Pip_iI0p389k6ebIxpgwsw4OsyCKhE8KiqzdxmKDr_0ee_XaMKKPngnAcDJ5uQ_Pq8HOmX0ZUpz45pWxQID5Ec/s260-e100/Chainguard-main.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-8952800076701913134</id><published>2026-07-09T16:13:09.110+05:30</published><updated>2026-07-09T16:13:09.110+05:30</updated><title type="text">GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses</title><summary type="html">
Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy.

According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first publicly spotted in the wild on May 21, 2026. It's assessed to be a rebrand of the Beast ransomware, </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/8952800076701913134" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/8952800076701913134" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/goddamn-ransomware-uses-poisonx-driver.html" rel="alternate" title="GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge_nKJNwSt3ZRkzfZ2qH61_1WFg5hyphenhyphenMSrC3-JM4AOXRKO-IVsJXFNiM926QnG25eTply3DRF57t61wi5Ucy4yxald1RpH1TRbItw83RqQ-K6UM670vpR76-kBl2xcntaDE7lxxNwurseG5iRM4sMhYK8Npb9COGNM_XjbwBLthnJjBfwqV7m96VKOnWb3Q/s260-e100/endpoint-ransomware.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-3484530884773130717</id><published>2026-07-09T14:18:48.440+05:30</published><updated>2026-07-09T14:18:48.441+05:30</updated><title type="text">Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges</title><summary type="html">
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public.

The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/3484530884773130717" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/3484530884773130717" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/microsoft-patches-rogueplanet-defender.html" rel="alternate" title="Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuqwSaoB3zc0bIhf1aBmcHsVVAsGnRDBc681vhmlgHYy0xx5VSxyS2jqjmk-mq27QrSKPN3yorL3A7DffJYp3iMO7CY_8owm-Cn8r7IFuvqeGHTPSyiFM0KVTMTE8W0Qon84tCbzsLVNqoS5nLq1aX8_RNKg0sxa2ke4Su_p5qy9dAlFdakwYcjueBGNhD/s260-e100/windows.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-4093662771606449930</id><published>2026-07-09T12:51:06.744+05:30</published><updated>2026-07-09T13:22:22.216+05:30</updated><title type="text">Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images</title><summary type="html">
Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it's enabled by default.

"You can also @-mention Instagram accounts in the Meta AI app to bring specific Instagram profiles right into your images," the social media giant said in a post.

"Whether you want to design a custom event invitation</summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/4093662771606449930" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/4093662771606449930" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/metas-new-ai-image-tool-lets-others-use.html" rel="alternate" title="Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsjiT58V2lRqaqYwo2AHkilx81c58T9dBHa_W5KiHgom4-UgZqV18Ax-zQb8_fN7p_OQpqi0b4nTzt4SpDnHW-RozKjIcgs-B8KN8HI_QnCMzIjDMmcg2grJEyP7r1ZNd_SRB5R1MDw-vo-jQ4v198ZDhMsWaBpFnXmShkouRZvXIXpu-32FQ_30h4HQrq/s260-e100/metaai.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-160387887108592229</id><published>2026-07-09T10:45:02.853+05:30</published><updated>2026-07-09T10:47:00.275+05:30</updated><title type="text">Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It</title><summary type="html">
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead.

That is the finding in a&amp;nbsp;proof-of-concept published Wednesday&amp;nbsp;by the AI Now Institute, an attack it calls "Friendly Fire." It works against Anthropic's Claude Code and OpenAI's Codex when either is running in an autonomous mode that approves its own </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/160387887108592229" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/160387887108592229" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html" rel="alternate" title="Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgynXsBDNXYgGgYPWB6cmy9zuZDStl-XaVvlwMQsqa6AxvNCvi7qI9Xq3h1vdk30Tv1u-fOAtB_OZ_Q-i5O0z5D0KL1Eh0joKyFmuhIoH4-7Z16ubplbIcNQpXJ7P7Sl2xju-z6ZvbhSeJbGKiL1gzx-I151GVMAp5jpCS27zvn791sC2WYQllTRT8ye-0/s260-e100/Friendly-Fire-AI-demo.gif" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-8631684563446929431</id><published>2026-07-09T09:57:18.947+05:30</published><updated>2026-07-09T09:57:18.947+05:30</updated><title type="text">GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents</title><summary type="html">
Researchers at&amp;nbsp;Wiz&amp;nbsp;found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead.

The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/8631684563446929431" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/8631684563446929431" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/ghostapproval-symlink-flaws-could-let.html" rel="alternate" title="GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijymBd057efx1JbDRjjqh0RBYH7RA2pE75UYG8DDd7Vl2UyXMsMjXtgEaxoPyHt5wz8s0fT6B43ovQskxZBchyiYI9G34t7YjyC6_T0xwzs_0SOJaHnHI7vXfMTOqtDn1R6up52ol5UH_uT86b1dRjaJ-Bw6pa_lAX6igS_pFLV_z_0kRhyXuNo8Q2rFU/s260-e100/wiz-ai.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-926973913104598108</id><published>2026-07-09T09:31:49.016+05:30</published><updated>2026-07-09T09:31:49.017+05:30</updated><title type="text">Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes</title><summary type="html">
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains.

The activity dates back to at least August 2022, according to DNS threat intelligence firm Infoblox. Once such campaign, observed earlier this year, involved the</summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/926973913104598108" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/926973913104598108" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/fake-7-zip-installers-turn-devices-into.html" rel="alternate" title="Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0R7K2HuXIaXAr6VokIBdoRH5Zk8L2jJMM5abiDPtiOsT3DsQnI-FRSuTO02mekKGj2Cup9RBBYgAhyo92KHjyCTsMuctH8lYgwysOxpLpHp9uIuL7xBEuojc83nmWH7pcA1KRlu8W9-7b1caaoQMaNX2qATV_7e-CwoPSFk08VwjbRx2M-fgfMcjN3KeW/s260-e100/7-zip-malware.png" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-5352845209761797974</id><published>2026-07-08T22:32:12.371+05:30</published><updated>2026-07-08T22:32:12.371+05:30</updated><title type="text">AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers</title><summary type="html">
Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders.

The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like an attack.

Decrypting browser credentials, listing what sits in Windows' credential store, </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5352845209761797974" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5352845209761797974" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html" rel="alternate" title="AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEtVOCcf8-6_z0F4FVoPlTMQRFJ4CfHCbl-GvhT9EbRrfZgTJsNbBkzAq72212RbMT1Knk5GJsYDY8p5W7YO8x29vQ782QW6CRorl_oKVyAgOmS46Y9HyTPcdZOmMjOPtWjpAHH3C91EPVk4dnHqaAEX8QoaSvGzCbjMy0YhF7lJaIR6-T9Dq5jzZycIc/s260-e100/alarm.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-5658009933086139180</id><published>2026-07-08T20:37:24.934+05:30</published><updated>2026-07-08T20:49:08.326+05:30</updated><title type="text">New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware</title><summary type="html">
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist.

New research, which its authors call&amp;nbsp;HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register them first, and wait for the assistant to fetch your trap on a user's </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5658009933086139180" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5658009933086139180" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html" rel="alternate" title="New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFLRfTvakP4spTkbT8iiV9ndUR4EwlHOmGkZrO4JdBl3QsmWS5zA_sx081fvr3R11VEnZcjHOFcirZAQ5eaqB3n8sFJQ7m64edzVHNONHsD9j9Obds8E_Z9VC08y42TCyJV_3zpWam1LTHhiZBLX5WCLNp-4tdR-AwYzlyoifh1Seu-ND4OKbnZOEhMks/s260-e100/ai-botnet.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-5658085878675471671</id><published>2026-07-08T20:08:05.879+05:30</published><updated>2026-07-08T20:08:05.879+05:30</updated><title type="text">Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS</title><summary type="html">
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.

The list of vulnerabilities is as follows -


  CVE-2026-50746 (CVSS score: 10.0) - An improper access control vulnerability in UniFi Connect Application that an attacker</summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5658085878675471671" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/5658085878675471671" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html" rel="alternate" title="Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx2TRa1CP7yIs67Wa1bxiFVW5yq1S7vtAaQHf_htjuDbpAETKv8tfw7rchtVvME0FsA8YJ_uQzRp_ZAV-nPhLyRUQw_NNdgN0zhjyVR_L3wzt1ZX08PknwSF2FBLeieIUIx7t4hLMF1sDnsRuFCzllq8auoKriKlGMdllY8IYG04bID6cgGzty0e9mVhoM/s260-e100/uu.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-1619334933007070435</id><published>2026-07-08T18:30:00.000+05:30</published><updated>2026-07-08T18:30:00.129+05:30</updated><title type="text">New Ghost Phishing Wave Is Breaking Traditional Email Security</title><summary type="html">
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser.

For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft 365 access, sensitive data, and response time </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/1619334933007070435" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/1619334933007070435" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html" rel="alternate" title="New Ghost Phishing Wave Is Breaking Traditional Email Security" type="text/html"/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgl6gaxMQBH0Bjb1ZhuaOiM5gKEk-zuSf821eRfV33ogx6YWwENunjyOPF8VXHtgtHgIevENLfBV2O04QI4TtjtDe2PGGevWptQEEagmp6q-G4FqOankGokz70XzVtz7dmNbEZ5G7-pV0yINgd2-ima7ap8xeOxuhZBKw2WPoUo81wKmGrwsPxbzYkW5Wk/s260-e100/anyrun-main.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-4102783723793118911</id><published>2026-07-08T18:22:15.616+05:30</published><updated>2026-07-08T18:22:15.616+05:30</updated><title type="text">SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users</title><summary type="html">
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures.

The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbed</summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/4102783723793118911" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/4102783723793118911" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/scmbanker-malware-uses-clickfix-lures.html" rel="alternate" title="SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguw-rOR8Masg2W1UVlfj5rr1nTNdwmhHfXvKG-8rLXWxkwDjtEy-O2ZCb40GEca78DPql7PPEPIrRL_tYt9Ob51ZW7_L-i7w-Ej7DzX2NtNGBrRHuorMowS0d89GxVjQW492-J1LansFJY7SqZgVCtBvcwhyphenhyphenpOcveL_9rNcsgyJm-cRSwnbwvFXKQuLMA9/s260-e100/clickfix-banking.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-8152578427657885508</id><published>2026-07-08T17:21:24.977+05:30</published><updated>2026-07-08T17:21:24.977+05:30</updated><title type="text">GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures</title><summary type="html">
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps "Verified."

Everything a reviewer would check matches. The commit's hash does not. That matters </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/8152578427657885508" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/8152578427657885508" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/github-verified-commits-can-be.html" rel="alternate" title="GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifE8OSGx2cVUZ1jiVnMC-LHyladj2cJ1FWw2-t0wDJEK4Icxrhk_bFReZr8jCiNkmpamFxdBGLpgruMJh1g7c687TCf4R76GG8xJEzB9kzPLTXo18DUZkT9_T5LHeikWsoEDeBm-gapabqgRUl2sAyhaPeYOWIs7Re0-jr2CMoKVn5AzlXdU1W6oWIy6mv/s260-e100/git-hash.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-6239295733957261872</id><published>2026-07-08T17:00:00.000+05:30</published><updated>2026-07-08T17:00:00.123+05:30</updated><title type="text">The Verification Step Is the New ATO Battleground in 2026</title><summary type="html">
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood.

That era is ending. Not because attackers gave up, but because the front door finally got harder to kick in.

Passkeys are now mainstream. </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/6239295733957261872" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/6239295733957261872" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/the-verification-step-is-new-ato.html" rel="alternate" title="The Verification Step Is the New ATO Battleground in 2026" type="text/html"/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaJMgdxAojXQ55Emgp0cdpY7ibLUdpF2qw_6WRHLpgdFhT82J_HFoOeqj69x1MNb7EqqMLp23NxnAsbzCeH0rg5cOrrM6bdDFNWlvvXbNZ9-QGzCYyX0q9AqYAGKwXVOb35u2lE91pm27dzyikSEF7zzfmNG-asRkTjhR30sdWgmf7TsZj8tqieCYUnTY/s260-e100/main-veriff.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-6505979813339502197</id><published>2026-07-08T16:51:07.752+05:30</published><updated>2026-07-08T16:51:07.752+05:30</updated><title type="text">GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code</title><summary type="html">
An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a&amp;nbsp;new study of GitHub Copilot&amp;nbsp;by researchers Abhishek Kumar and Carsten Maple.

The models they tested through Copilot, Claude from Anthropic, and Gemini from Google, refused </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/6505979813339502197" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/6505979813339502197" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/github-copilot-refuses-harmful-requests.html" rel="alternate" title="GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO3sdn3FMdKySUzvuf2007OIkov1V6r7gOe6npkdpODZqGK0avIBUu4fc4XVYsccnBD3ij71TroVDezuYTjSmXj6le7luxRFK-S1q3itvZHcIwPaY2NzDYjEUH-hnBbOBa_GZSq7-Es2DG4v-6vlbqeZWvYohveEleH8n8eWD6GxafIJIvanFGzsLarQY/s260-e100/copilot-prompts.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-4755591314668810664</id><published>2026-07-08T14:34:33.686+05:30</published><updated>2026-07-08T14:34:33.687+05:30</updated><title type="text">China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware</title><summary type="html">
A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices.

According to findings from Cisco Talos, UAT-7810 is an advanced persistent threat (APT) actor that's responsible for maintaining and proliferating LapDogs, an ORB network that first came to light in June 2025.
</summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/4755591314668810664" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/4755591314668810664" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/china-linked-uat-7810-expands-orb.html" rel="alternate" title="China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXpYmSnXODMABymw2qCiVS3p13OIwfJ45yIZq-o8wXfgtWXxOPjPbsGjdgEExUsWcvkKhtyPBhGsc6mSIzg8fzwrVJE_GIIm0k3qbzMd7BSjUcAjRFznnsXjv-dnG-Zq671G-_PYcHe88J4yTpy0FBc_pReVfNVrwGvGceEvAbLqA_roMRNI2DjbwohEqK/s260-e100/routers.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-3505072647186232202</id><published>2026-07-08T11:46:44.175+05:30</published><updated>2026-07-08T11:46:44.175+05:30</updated><title type="text">15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros</title><summary type="html">
Researchers at&amp;nbsp;Nebula Security&amp;nbsp;have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full&amp;nbsp;root&amp;nbsp;control of a machine that has not been patched.

The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no network </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/3505072647186232202" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/3505072647186232202" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html" rel="alternate" title="15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEid8ZRwAprNDN6zAPixm22IlrKWp03FJdQF0TxCV5v_jxckPLkOHRSzHQERbDNw_FZdnyluuhyphenhyphenGZ7pSX51cjBl-S8PrqhgARlAe8VfWPabk7t4hAy37ZSrRu6oXfRYlXP7s1x1OBYW9WHmgWobGS0wiC0mrO42xHWHrSI3ICLM5OFzsOA3tVCcs4_N1yPU/s260-e100/linux-root.gif" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-684436930188045640</id><published>2026-07-08T11:03:12.031+05:30</published><updated>2026-07-09T15:52:33.015+05:30</updated><title type="text">CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV</title><summary type="html">
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerabilities are listed below -


  CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of the </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/684436930188045640" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/684436930188045640" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html" rel="alternate" title="CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZn36WwWfaOwK7XCU9aKjVPS7QAyrnBKsKMXtVRyYbD2X30HI-ojl5F8ttD9VcbXB36anuKWq-JGEhzPq1fjwnEhKPKMjkPDMPAFe8OqR85N1dc0QZoZ7JCN9ziqGuQ8M4irelfxa_zca62EV-s9qBO9WI47ECtzM8Zi2X8T-MFfuRRbJQ8u48Y2RRt3UT/s260-e100/cisa-main.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-877530884167204631</id><published>2026-07-07T22:40:15.719+05:30</published><updated>2026-07-07T22:40:15.719+05:30</updated><title type="text">RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service</title><summary type="html">
A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim's phone, steal their banking logins, and capture the one-time codes that protect their accounts.

Zimperium's zLabs, which found the operation, says it looks like a new variant of Oblivion, a $300-a-month rent-a-malware tool </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/877530884167204631" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/877530884167204631" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/redwing-maas-packages-android-bank.html" rel="alternate" title="RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdqPEGRKkKA7pjGNpR8hijHzJLPvyPD1g1C8bTt91eLUOFdu6Jw99i8LFybvHG9SP3syQ8shdXpC6EhinlQoB9aTgBMtejiCWAzVhhTi0o3nCTKZeKNnwDY0J_Lbf9LGN-KIQIoJ7-GW2op-JUcBg64uz5Actwh7TsFEstwNx9fXnLj4SODskUpnX9TPE/s260-e100/android-trojan-telegram.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-7895056142295715366</id><published>2026-07-07T22:07:33.816+05:30</published><updated>2026-07-07T22:32:12.245+05:30</updated><title type="text">Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots</title><summary type="html">
A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project.

From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password.

Security firm Varonis found it </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/7895056142295715366" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/7895056142295715366" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html" rel="alternate" title="Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9i8xIVWZcplpj-QuKnJKGAJjGi0Xq-q2R_luyy-HYXWkpsAPTYASmVbm2w2DoNOQkA81fyu0OQsbflhLykcYQpv66UDBeRxU1v5-xq7kQDQMS0cmvsCFmZI36jfyGxh6xrroU4hNhH_8_nOyXV_WG07om2t4riI-HP4wzE3HJr2KJ3-sUnKxbTNhV84k/s260-e100/google-chatbots.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-7004608490887542020</id><published>2026-07-07T20:44:14.321+05:30</published><updated>2026-07-08T19:42:04.980+05:30</updated><title type="text">DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts</title><summary type="html">
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC.

"The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the legitimate Microsoft device login experience,</summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/7004608490887542020" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/7004608490887542020" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html" rel="alternate" title="DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts" type="text/html"/><author><name>Ravie Lakshmanan</name><uri>http://www.blogger.com/profile/09767675513435997467</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg__v7vicSomxW52wnr8HsJgQKf0vg3kdjUicmIUCMCDexaBZ68pLZzXKVSJxNEeBuBuEzueOldcd5GhtGQI-8eMqd9j0QWMqGScmbZpqBS9RFkXxXSfOZYhBSGqD8BBDfVUEn4RN86sKhgkl9xkJtYMl-7a2zsIU6LCC5j_U2BkupJGr3JqP9_GZCHfHtl/s260-e100/ms-device-code.jpg" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-4802841478634147276.post-3579813284424972814</id><published>2026-07-07T19:34:50.548+05:30</published><updated>2026-07-07T19:37:26.370+05:30</updated><title type="text">Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data</title><summary type="html">


A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown.

The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones </summary><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/3579813284424972814" rel="edit" type="application/atom+xml"/><link href="http://www.blogger.com/feeds/4802841478634147276/posts/default/3579813284424972814" rel="self" type="application/atom+xml"/><link href="https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html" rel="alternate" title="Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data" type="text/html"/><author><name>Swati Khandelwal</name><uri>http://www.blogger.com/profile/06009796704238391750</uri><email>noreply@blogger.com</email><gd:image height="16" rel="http://schemas.google.com/g/2005#thumbnail" src="https://img1.blogblog.com/img/b16-rounded.gif" width="16"/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" height="72" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj35Nf4KvfpGfbhGpq7fhtkXFhxKtTqAEFF5dX23th60tiUCMEYsuOXfiH-kIq1PRUWrRBMo92M6SCtE8chA882l0wCOO2gs1skw-h_sOqfA9jOcED6IYr2RVWkVzKohekZdvzOTZ9QpPnGDtOtJI9jYjWlPiAgvc1dG4Yuy-J02v8GA9rkweGIF000-lA/s260-e100/githubs.jpg" width="72"/></entry></feed>