The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. The post Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims appeared first on SecurityWeek.…
CrashStealer macOS Malware Uses Apple-Notarized App to Evade Security Checks
CrashStealer, a new macOS information-stealing malware named for Apple’s Mac operating system, bypasses built-in security protections by using an Apple notarized application, demonstrating a growing trend of malicious actors utilizing legitimate software verification mechanisms in order to target Apple users. …
Hackers Spoof 3.7 Million OAuth Client IDs to Stealthily Enumerate 2 Million Entra ID Users
Threat actors are increasingly exploiting spoofed OAuth client IDs to enumerate Microsoft Entra ID accounts and identify potentially valid credentials while evading traditional detection methods, according to recent research from Proofpoint. OAuth client IDs are globally unique identifiers assigned to…
Fortinet Patches Seven Vulnerabilities Across FortiOS, FortiProxy, FortiPAM, and FortiSandbox
Fortinet disclosed seven new security advisories on July 14, 2026, affecting FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The flaws range from low-severity header injection bugs to medium-severity buffer overflows and a notably concerning unauthenticated VNC exposure in FortiSandbox. While none carry…
Massive Microsoft Patch Tuesday Update: 570 Vulnerabilities Fixed, Including 3 Zero-Days
Microsoft’s July 2026 Patch Tuesday delivers fixes for approximately 570 vulnerabilities across its product ecosystem, following June’s record-breaking release of 206 flaws that also included three publicly disclosed zero-days. CVE ID Vulnerability Impact Severity Zero-Day Status CVE-2026-56164 Microsoft SharePoint Server…
How the Apple Copy-Paste Scam Can Give Attackers Remote Access to Your Mac
Apple users are being urged to exercise caution when following troubleshooting instructions found online after cybersecurity experts underlined a growing social engineering tactic that tricks victims into pasting malicious commands into the macOS Terminal application. Rather than exploiting a…
GoDaddy Challenges Indian Court Order Over Domain Privacy and Internet Governance Rules
A legal battle in India over online fraud could have major implications for privacy and regulation of the internet around the globe, as domain name registrar Go Daddy takes exception to a Delhi High Court ruling that would impose…
SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is urging customer organizations to upgrade to a fixed firmare version and search for evidence of potential compromise. If the outlined…
Upwind Finds Coordinated Supply Chain Campaign Compromising Multiple AsyncAPI npm Packages
Upwind links compromised AsyncAPI npm packages to a coordinated supply chain attack spanning repositories, publishing pipelines, and developer systems at risk. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
Adobe Patches Critical ColdFusion Vulnerabilities
The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges. The post Adobe Patches Critical ColdFusion Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Adobe Patches Critical…
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. “LabubaRAT creates a reusable foothold for hands-on activity,” Blackpoint Cyber researchers Sam Decker and Nevan Beal…
Tego AI Finds Claude Tag Slack Integration Can Trigger Unauthorized Enterprise Actions
Tel Aviv, Israel, 14th July 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Tego AI Finds Claude Tag Slack Integration Can Trigger Unauthorized Enterprise Actions
Miasma Turns Trusted npm Packages Into Persistent Backdoors for Developer Machines
Miasma has returned through software packages that many developers would normally trust. Four AsyncAPI packages on npm were altered to deliver a Miasma v3 payload, creating a route for long-term remote access. The campaign does not depend on malware running…
AsyncAPI npm Packages With 2M Weekly Downloads Compromised via GitHub Actions
A supply chain compromise has placed AsyncAPI npm packages at the center of a developer security incident. Five trojanized releases, with roughly 2.9 million combined weekly downloads, were published after an attacker gained access to an npm publishing token. The…
FortiSandbox Vulnerability Allows Attackers to Access VNC Servers of VMs
Fortinet has disclosed a high-severity vulnerability in FortiSandbox that could allow unauthenticated attackers to access the VNC servers of virtual machines used for malware scanning. Tracked as CVE-2026-59835, the flaw is classified as an Exposure of Resource to Wrong Sphere…
Claude for Chrome Vulnerability Lets Attackers Read Gmail, Docs, and Calendar Data
Anthropic’s Claude for Chrome browser extension has two unpatched flaws that allow attackers to read a victim’s Gmail, Google Docs, and Calendar data using just six lines of JavaScript, even after eight subsequent releases. Manifold researchers first reported the issues…
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking (virtually) at the Policy-Relevant Privacy Research Workshop in Calgary, Canada, on Monday, July 20, 2026. I’m speaking at Boston Leadership Exchange in Boston, Massachusetts,…
Welsh Doxbin admin jailed for egging on swatters from behind a screen
Callum Dare encouraged others to carry out dangerous hoaxes, made mini-movies from the footage This article has been indexed from www.theregister.com – Articles Read the original article: Welsh Doxbin admin jailed for egging on swatters from behind a screen
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says
The Iranian government exploited well-known flaws in cellphone networks to locate and then strike U.S. military personnel in the build-up and beginning of the war. This article has been indexed from Security News | TechCrunch Read the original article: Iran…
Healthcare sector faces persistent challenges with supply-chain security, identity management
A new report says doctors and nurses should train for cyberattacks the way firefighters train for major blazes — even if they expect them to be rare. This article has been indexed from Cybersecurity Dive – Latest News Read the…
Sharp rise in AI adoption for cyber defense exposes major governance gap
A report by the SANS Institute indicates a split between senior security leaders and frontline practitioners. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Sharp rise in AI adoption for cyber defense exposes…
IT Security News Hourly Summary 2026-07-14 18h : 8 posts
8 posts were published in the last hour 15:33 : Iran abused mobile networks’ vulnerabilities to locate U.S. military in the Middle East, report says 15:33 : 11-Year-Old Linux UEFI Shim Bootloaders Let Attackers Bypass Secure Boot 15:33 : One…
Iran abused mobile networks’ vulnerabilities to locate U.S. military in the Middle East, report says
The Iranian government exploited well-known flaws in cellphone networks to locate and then strike U.S. military personnel in the build-up and beginning of the war. This article has been indexed from Security News | TechCrunch Read the original article: Iran…
11-Year-Old Linux UEFI Shim Bootloaders Let Attackers Bypass Secure Boot
11-year-old Microsoft-signed UEFI shim bootloaders, some dating back over a decade, let attackers completely bypass UEFI Secure Boot on nearly any UEFI-based machine, regardless of the installed operating system. ESET researchers uncovered that the vulnerable shims, all at version 0.9 or…