By HOC Team | Last updated: July 2026 | Read time: ~22 min On 19 July 2024, a single… The post What is EDR (Endpoint Detection and Response)? How it Works in 2026 appeared first on Hackers Online Club. This article…
Week in review: High severity WordPress vulnerabilities, fake OAuth IDs bypass sign-in logs
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Two new high severity WordPress vulnerabilities, patch immediately! The 7.0.2 WordPress security release addresses one critical and one high severity security issue. Cynative: Open-source deep…
Network Segmentation Tutorial: How to Segment Your Corporate Network (2026)
By HOC Team | Last updated: July 2026 | Read time: ~24 min In May 2017, the WannaCry ransomware… The post Network Segmentation Tutorial: How to Segment Your Corporate Network (2026) appeared first on Hackers Online Club. This article has been…
IT Security News Hourly Summary 2026-07-19 09h : 1 posts
1 posts were published in the last hour 6:33 : Attackers Can Take Over WordPress Sites Using Newly Released wp2shell Exploits
Attackers Can Take Over WordPress Sites Using Newly Released wp2shell Exploits
Public exploits are now available for two critical WordPress flaws that attackers can chain to gain remote code execution without authentication. Public proof-of-concept exploits are now available for the critical wp2shell vulnerabilities affecting WordPress Core. The flaws, tracked as CVE-2026-63030…
NadMesh Uses Shodan to Find and Hijack Exposed AI and MCP Infrastructure
A sharp structural shift has been identified in the botnet landscape. Security researchers at XLab have uncovered NadMesh, a Go-based botnet that has been spreading rapidly since early July 2026. This malware marks a distinct evolution from opportunistic worm behavior…
IT Security News Hourly Summary 2026-07-19 03h : 1 posts
1 posts were published in the last hour 0:6 : Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core
Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core
TL;DR: A critical pre-authentication Remote Code Execution (RCE) vulnerability, dubbed “wp2shell” (CVE-2026-63030), has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions, such as plugins or specific configurations. Given that WordPress powers…
IT Security News Hourly Summary 2026-07-19 00h : 1 posts
1 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-07-18
IT Security News Daily Summary 2026-07-18
41 posts were published in the last hour 19:31 : OpenSSL Fixes HollowByte Memory Exhaustion Bug 19:8 : Hugging Face Confirms AI-Driven Breach: Attackers used Autonomous Agents, defenders countered with AI 19:5 : IT Security News Hourly Summary 2026-07-18 21h…
OpenSSL Fixes HollowByte Memory Exhaustion Bug
Okta disclosed HollowByte, an 11-byte OpenSSL flaw that lets remote attackers exhaust server memory and trigger denial-of-service attacks. Okta’s Red Team disclosed a denial-of-service vulnerability in OpenSSL they named HollowByte, and the attack payload is exactly 11 bytes. A remote,…
Hugging Face Confirms AI-Driven Breach: Attackers used Autonomous Agents, defenders countered with AI
Hugging Face disclosed this week that it detected and contained a production infrastructure intrusion, driven end-to-end by an autonomous AI agent system, and defended against it using its own AI-based forensic analysis. The attackers exploited two code-execution flaws in Hugging…
IT Security News Hourly Summary 2026-07-18 21h : 1 posts
1 posts were published in the last hour 18:34 : Abbott Investigates Two Cyber Incidents Following Extortion Claims
Abbott Investigates Two Cyber Incidents Following Extortion Claims
Two separate cybersecurity incidents are being investigated by Abbott Laboratories after threat actors reportedly gained access to the company’s systems and accessed sensitive information. While one incident has been linked to the ShinyHunters extortion group, the other involves claims…
IT Security News Hourly Summary 2026-07-18 18h : 5 posts
5 posts were published in the last hour 15:10 : Nearly 7 Million Driver’s License Numbers Exposed After AssuranceAmerica Data Breach 15:9 : AI Agent Runs First End-to-End Ransomware Attack 15:9 : AssuranceAmerica Data Breach Exposes Personal Information of Nearly…
Nearly 7 Million Driver’s License Numbers Exposed After AssuranceAmerica Data Breach
Nearly seven million people are being notified after a cyberattack on Atlanta-based auto insurer AssuranceAmerica exposed highly sensitive personal information, including driver’s license numbers, Social Security numbers and insurance records, raising concerns about long-term identity theft risks. According to…
AI Agent Runs First End-to-End Ransomware Attack
Security researchers have long warned that AI would lower the barrier to cybercrime, but the latest case makes that threat tangible. In the operation described by Sysdig and covered by Forbes, an autonomous agent carried out the technical steps…
AssuranceAmerica Data Breach Exposes Personal Information of Nearly 7 Million Individuals
Auto insurance company AssuranceAmerica is notifying almost 6.99 million people of the possible exposure of their private information after experiencing a data breach. The company appeared on the state attorney generals earlier this month to reveal the cyberattack occurred…
Group-IB Uncovers ClickLock macOS Malware Targeting Passwords and Crypto Wallets
An aggressive social engineering technique has been used by ClickLock, an information-stealing macOS malware, to obtain victims’ information about their system login passwords. Security researchers at Group-IB report that the malware disables normal system functionality, leaving users with little interaction…
Two new high severity WordPress vulnerabilities, patch immediately!
The 7.0.2 WordPress security release addresses one critical and one high severity security issue. The vulnerabilities reported to the WordPress security team include: CVE-2026-60137 – A facilitated SQL injection issue reported as a team by TF1T, dtro, and haongo CVE-2026-60137…
GigaWiper
When Malware Doesn’t Have to Choose Between Espionage and Destruction This article has been indexed from CyberMaterial Read the original article: GigaWiper
Daxin: 13-Year-Old China-Linked Malware Found Still Active on Manufacturer’s Network
Researchers found China’s Daxin rootkit and a new Stupig backdoor on a Taiwan firm’s network, suggesting a stealthy intrusion dating back to 2013. Symantec’s Threat Hunter Team found Daxin running on a compromised host at a Taiwan-based subsidiary of a…
IT Security News Hourly Summary 2026-07-18 15h : 2 posts
2 posts were published in the last hour 13:4 : New Spirals Ransomware Uses IIS Web Shell and PsExec to Encrypt IT Firm in Under 24 Hours 12:8 : U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its…
New Spirals Ransomware Uses IIS Web Shell and PsExec to Encrypt IT Firm in Under 24 Hours
A previously unseen ransomware family dubbed “Spirals” struck an IT services company in South Asia in June 2026. Symantec’s Threat Hunter Team reports that the attackers moved from the initial breach to full network encryption in under 24 hours. The…