This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 6th, 2026…
Go-Based Gentlemen Ransomware Uses PsExec, WMIC, and PowerShell Remoting for Network Propagation
Gentlemen, a Go-based ransomware-as-a-service (RaaS) active since mid-2025, has distinguished itself with a potent combination of modern cryptography, aggressive worm-like propagation, and a broad toolkit for remote execution. Operators offer the platform to affiliates, and recent recruitment ties to major…
Why schools are easy prey for hackers — and why they struggle to fight back
Power plants and gas pipelines might receive more attention, but schools are arguably more vulnerable. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Why schools are easy prey for hackers — and why…
Critical fast-mcp-telegram Vulnerability Lets Attackers Access Telegram Session Without Token
A critical vulnerability in fast-mcp-telegram (CVE-2026-52830, GHSA-rxw2-pc8j-vxwm) allows attackers to access a Telegram MCP session over HTTP without a valid bearer token by abusing a path-traversal flaw in how session files are resolved on disk. This breaks the intended high-entropy…
Critical Opera GX Vulnerability Lets Attackers Inject CSS Across Every Webpage
A critical security vulnerability in Opera GX has been disclosed, revealing that attackers could exploit the browser’s GX Mods feature to inject malicious CSS across every webpage visited by a victim. This could enable cross-site data exfiltration and have a…
It Might Feel Like We’ve Been Here Before, But We Haven’t
As artificial intelligence (AI) adoption surges and organisations move from the ‘should we?’ phase to the ‘how do we?’ phase, it’s natural to evaluate the likelihood of positive returns on AI investments. … The post It Might Feel Like We’ve…
Gaslight macOS Malware Uses Prompt Injection to Evade AI Security Analysis
A fresh piece of Mac malware has surfaced, and it comes with a twist that security teams have not seen before. Written in Rust and tied to North Korean hacking groups, this malware does not just steal data quietly. It…
Agent Skill Malware Targets Claude Code and OpenAI Codex With Scanner-Evasion Techniques
A new class of malicious software is quietly slipping past the security tools meant to protect popular AI coding assistants. Researchers have found that malware hidden inside “agent skills,” small add-on packages used by tools like Claude Code and OpenAI…
15-Year-Old Arrested Over Bandai Channel Cyberattack Using a ChatGPT-Assisted Tool
Japanese police have arrested a 15-year-old high school student from Tokorozawa City, Saitama Prefecture, on suspicion of fraudulent obstruction of business after he allegedly used a ChatGPT-assisted program to launch a sustained cyberattack against Bandai Channel, a popular anime and…
Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments
Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web. The post Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments appeared first on SecurityWeek. This article has been indexed…
SilverFox Campaign Turns ValleyRAT Into Multi-Stage Malware With Rootkit Capabilities
The SilverFox advanced persistent threat (APT) group has escalated its offensive toolkit by transforming ValleyRAT from a conventional remote access trojan into an eight-stage malware chain culminating in a kernel-mode rootkit. This evolution marks a significant shift in post-exploitation persistence,…
Seven Bugs in FatFs Put IoT and Embedded Devices at Risk
runZero found 7 flaws in FatFs, a filesystem used in IoT and embedded devices. Bugs can cause memory corruption, crashes, or data leaks via crafted storage. Cybersecurity firm runZero has disclosed seven vulnerabilities in FatFs, a compact open-source library that…
France to Stop Certifying Non-Quantum-Safe Encryption
France is accelerating its transition to post-quantum encryption: France’s cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older…
Moody Bible Institute breach leaves 2.3M accounts needing salvation, says cyber expert
ShinyHunters leaks names, addresses, DOBs, and more after Christian college discloses cyberattack This article has been indexed from www.theregister.com – Articles Read the original article: Moody Bible Institute breach leaves 2.3M accounts needing salvation, says cyber expert
Google Tests Hand Gesture Verification CAPTCHA That Uses Webcam Biometrics, Already Bypassed With Stock Photos
Google is exploring a new verification method for reCAPTCHA called hand gesture verification (HGV), according to Google Cloud documentation. Thank you for being a Ghacks reader. The post Google Tests Hand Gesture Verification CAPTCHA That Uses Webcam Biometrics, Already Bypassed…
AI Can Forge Documents in Minutes – “Looks Right” Is No Longer Enough
Generative AI is making document fraud faster and harder to spot, pushing security teams to verify provenance, signatures and file integrity at intake securely. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
ICE’s Internal Watchdog Is Now Investigating Online Critics
The Office of Professional Responsibility has opened more than 100 cases over what ICE officials call “incidents of doxing and threats” against ICE employees. This article has been indexed from Security Latest Read the original article: ICE’s Internal Watchdog Is…
Microsoft Warns Windows 11 Enterprise Devices May Boot to Black Screen After Updates
Microsoft has issued a warning to enterprise administrators about a critical issue affecting Windows 11 systems. This problem may cause devices to boot to a black screen or experience severe shell failures following recent cumulative updates. The issue, documented under…
FIFA World Cup Phishing Scam Uses Fake Reward Pages to Steal Credit Card Data
A sophisticated email phishing campaign exploiting the global excitement around the 2026 FIFA World Cup is deceiving fans with counterfeit reward pages designed to harvest credit card information rather than deliver promised prizes. Security researchers have identified a multi-stage attack…
Hackers Abuse OpenAI Org Invites to Harvest Sensitive Prompts and API Activity
Hackers are actively abusing OpenAI’s organization invitation feature to launch a new form of “poisoned tenant” attack, allowing them to harvest sensitive prompts, API activity, and potentially corporate data from unsuspecting users. According to research disclosed by Push Security, attackers…
New TrojPix Attack Lets Attackers Access Air-gapped Computers From 208 Meters
A novel electromagnetic (EM) covert-channel attack, dubbed TrojPix, can steal sensitive data from already-compromised air-gapped computers over distances of up to 208 meters, even through concrete walls, by exploiting only the pixels displayed on a victim’s screen. The technique was…
Opera GX 0-Click Vulnerability Lets Attackers Exfiltrate User Data via Malicious Website
A newly disclosed vulnerability in Opera GX allowed attackers to silently exfiltrate sensitive user data with no interaction required, simply by luring victims to a malicious website. The issue, documented in recent research titled “One trigram at a time: XSLeak…
IT Security News Hourly Summary 2026-07-06 12h : 10 posts
10 posts were published in the last hour 9:36 : PHP TLS Flaw Lets Remote Server Trigger DoS and Crash Entire FPM Process 9:35 : IBM WebSphere Application Server Hit by Critical XSS and Path Traversal Vulnerabilities 9:35 : When…
PHP TLS Flaw Lets Remote Server Trigger DoS and Crash Entire FPM Process
A newly disclosed high-severity vulnerability in PHP, tracked as CVE-2026-12184, poses a significant risk to web applications by allowing a remotely triggerable denial-of-service (DoS) condition. This vulnerability can cause entire PHP-FPM process pools to crash. Details of the issue are…