1 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-07-11
IT Security News Daily Summary 2026-07-11
40 posts were published in the last hour 20:4 : U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog 19:8 : Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices 19:7 : Hackers Weaponize…
U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities (KEV) catalog. The…
Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices
Binarly found six U-Boot flaws, including two that enable code execution during boot image verification, impacting 50+ releases. Binarly’s research team has found six vulnerabilities in U-Boot, the open-source bootloader that runs on home routers, smart cameras, server management controllers,…
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. “At Balochistan Police, the compromised assets included servers hosting web…
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux. Published on July 11, 2026, it needs no import and no CLI call.…
IT Security News Hourly Summary 2026-07-11 21h : 3 posts
3 posts were published in the last hour 18:32 : Meta Faces Privacy Questions After Employee Data Exposure Report 18:32 : Six U-Boot Vulnerabilities Could Enable Pre-Boot Code Execution and Persistent Firmware Attacks 18:31 : U.S. Security Expert Sentenced for…
Meta Faces Privacy Questions After Employee Data Exposure Report
After sensitive employee information was reportedly made available throughout the organization, Meta has suspended an internal employee monitoring initiative intended to assist in the development of artificial intelligence systems. Initially introduced in April, the Model Capability Initiative was intended…
Six U-Boot Vulnerabilities Could Enable Pre-Boot Code Execution and Persistent Firmware Attacks
Security researchers have identified six vulnerabilities in the widely deployed U-Boot bootloader that could allow attackers to execute malicious code during the earliest stages of a device’s startup process. If successfully exploited, the flaws could enable firmware-level attacks capable…
U.S. Security Expert Sentenced for Aiding BlackCat Ransomware Gang
A cybersecurity professional has become the third U.S. security expert sentenced to prison for aiding a ransomware gang, marking a significant escalation in insider threat cases involving incident response firms. Angelo Martino, a 41-year-old from Florida, pleaded guilty to…
New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents
A novel supply chain attack called “Ghostcommit” that conceals prompt-injection instructions within PNG images to bypass AI code reviewers and trick coding agents into leaking secrets such as .env files. The ASSET Research Group demonstrated that a pull request containing…
Microsoft Teams on macOS Screen Sharing Bug Causing Blank Screens
Microsoft has confirmed a known issue in Teams on macOS that causes screen sharing to fail, freeze, or show a blank black screen during meetings. The bug affects users running macOS versions older than macOS Tahoe 26.4, and Microsoft has…
Ghost Accounts Abuse GitHub API in Mass Recon Campaign
Multiple campaigns are using ghost accounts to map GitHub organizations, including their repositories and members. The post Ghost Accounts Abuse GitHub API in Mass Recon Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
IT Security News Hourly Summary 2026-07-11 18h : 2 posts
2 posts were published in the last hour 15:5 : Injective Labs GitHub Compromise Distributes Malicious npm Package Targeting Crypto Wallet Keys 15:5 : Hackers Target Industries in Japan, Attacks Share One Pattern
Injective Labs GitHub Compromise Distributes Malicious npm Package Targeting Crypto Wallet Keys
Cybersecurity researchers have detected a software supply chain attack in which threat actors compromised the Injective Labs SDK GitHub repository and utilized it to distribute a backdoored version of the npm package containing cryptocurrency wallet credentials stealing capabilities. Researchers…
Hackers Target Industries in Japan, Attacks Share One Pattern
Four big Japan cyberattacks point to a common trend: threat actors are getting access via third-party infrastructure and subsidiaries, not from corporate headquarters. While the attacks impacted companies from varying industries such as telecommunications, manufacturing, insurance, and brewing, the breaches…
Physicists finally build a quantum material predicted more than a decade ago
Researchers have achieved a major milestone by creating a long-sought two-dimensional quantum material and confirming its unusual conducting edge states. The ability to control these states through strain could make the material a promising platform for future room-temperature quantum electronics.…
SQL Injection Tutorial: From Basics to Blind SQLi (2026)
By HOC Team | Last updated: July 2026 | Read time: ~24 min SQL injection has been on the… The post SQL Injection Tutorial: From Basics to Blind SQLi (2026) appeared first on Hackers Online Club. This article has been indexed…
Glendale Community College – 793,925 breached accounts
In June 2026, Glendale Community College was the target of a ShinyHunters “pay or leak” extortion campaign. Data allegedly obtained from Glendale was later published online and included almost 800k unique email addresses along with various other data fields, including…
AWS GovCloud Credential Leak Leads CISA to Share Critical Cyber Incident Lessons
The Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of an internal security incident involving exposed AWS GovCloud credentials, offering a transparent account of its own incident response to help other organizations strengthen their defenses. On Friday, May 15,…
AI Found a Root Bug in Linux That Everyone Missed for 15 Years
Plus: The Pentagon is training amateurs to become part of its hacker army, a Flock license plate reader error led to cops surrounding a car reviewer, and more. This article has been indexed from Security Latest Read the original article:…
Hackers Infect C++ and C# Project Files to Spread Multi-Stage Windows Backdoor
A sophisticated Windows Trojan that compromises software development projects to distribute a multi-stage backdoor, data stealer, clipboard hijacker, cryptominer, and file infector. Documented by Doctor Web researchers and first observed in the final quarter of 2025, the malware has continued…
IT Security News Hourly Summary 2026-07-11 12h : 2 posts
2 posts were published in the last hour 9:31 : Wireshark 4.6.7 Released, (Sat, Jul 11th) 9:6 : Zimbra Releases Security Patch for Stored XSS Vulnerability in Classic Web Client
Wireshark 4.6.7 Released, (Sat, Jul 11th)
Wireshark release 4.6.7 fixes 12 vulnerabilities and 16 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.6.7 Released, (Sat, Jul 11th)