OpenAI’s GPT-5.6 Sol Ultra model independently constructed a complete, working exploit chain for Google Chrome, using nothing but publicly available security patch commits as its starting point. Researchers from Hacktron tasked three frontier AI models, GPT-5.6 Sol Medium, Sol Ultra,…
Windows 11 KB5101650 and KB5099414 Updates Released With Security Fixes and New Features
A cumulative update for Windows 11 based on Patch Tuesday July 2026 is now available, with KB5101650 for versions 25H2 and 24H2 and KB5099414 for version 23H2. As well as addressing 571 security vulnerabilities, the mandatory updates also improve…
Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems
LegacyHive PoC exposes a Windows Privilege Escalation flaw affecting fully patched Windows desktop and server systems. Just hours after Microsoft’s July 2026 Patch Tuesday, security researcher Nightmare Eclipse, also known as Chaotic Eclipse, published a new Windows zero-day proof-of-concept called…
Pentagon Pauses CMMC Phase Two Rollout for 60-Day Review of Cybersecurity Program
The US Department of Defense (DoD) has decided to suspend the implementation of the cybersecurity maturity model certification (CMMC) second phase on a temporary basis. The DoD will conduct a 60-day review before continuing with the implementation of the…
Researchers Find Claude for Chrome Flaws That Could Let Malicious Extensions Trigger Sensitive Google Tasks
Researchers at Manifold Security have disclosed two security weaknesses in Anthropic’s Claude for Chrome extension that could allow another browser extension with access to the Claude website to trigger predefined AI-powered actions involving a user’s Gmail, Google Docs and Google…
RabbitMQ Flaw Exposes OAuth Secrets, Risks Full Broker Takeover
A serious vulnerability in RabbitMQ is threatening enterprise messaging systems by allowing attackers to steal OAuth secrets and take full control of brokers. Tracked as CVE-2026-57219, the flaw has a CVSS score of 8.7 and affects popular RabbitMQ versions…
Fake Céline Dion Paris Tickets Sold on Facebook and Ticketmaster Clones
Group-IB says scammers are targeting Céline Dion fans through Facebook, duplicate digital tickets and fake websites impersonating Ticketmaster, AXS and the venue site. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
Turning threat intelligence into decisive action with Defender Experts
Security teams have never had more visibility, yet rarely have they felt more uncertain. Signal pours in from endpoints, identities, cloud workloads, and a sprawling mix of third-party tools. The post Turning threat intelligence into decisive action with Defender Experts…
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside…
Microsoft patches record number of security vulnerabilities, citing its use of AI
Microsoft’s monthly release of security fixes, dubbed Patch Tuesday, resolved a record 570 security vulnerabilities across the company’s product line, thanks to discoveries with AI. This article has been indexed from Security News | TechCrunch Read the original article: Microsoft…
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider
Moona Ederveen-Schneider is a cybersecurity expert (and Most Inspiring Woman in Cyber Award winner 2026) with more than 20 years of experience across financial services, risk and cyber resilience. She has held senior roles at Deutsche Bank, JPMorgan Chase, UBS, Nomura and…
Critical Cursor 0-Day Flaw Allows Malicious Git Repos to Trigger Automatic Windows Code Execution
A critical unpatched vulnerability in Cursor, the popular AI-powered code editor used by over 7 million developers, allows attackers to achieve arbitrary code execution on Windows systems. Simply opening a malicious repository is sufficient to trigger this execution path, requiring…
CISA warns that multiple vulnerabilities in SharePoint are under exploitation
Security researchers say additional flaws are being chained together and a patch will not be available until August. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CISA warns that multiple vulnerabilities in SharePoint…
IT Security News Hourly Summary 2026-07-15 18h : 5 posts
5 posts were published in the last hour 15:35 : CISA sounds alarm over trio of exploited SharePoint flaws 15:34 : US launches vulnerability clearinghouse amid AI-fueled surge in flaws 15:9 : Unpatched Cursor Vulnerability Exposes Users to Code Execution…
CISA sounds alarm over trio of exploited SharePoint flaws
Three bugs are under active attack, and two more critical holes could add to the pain This article has been indexed from www.theregister.com – Articles Read the original article: CISA sounds alarm over trio of exploited SharePoint flaws
US launches vulnerability clearinghouse amid AI-fueled surge in flaws
The Trump administration hopes the program will accelerate the discovery and fixing of serious technical problems before hackers exploit them. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: US launches vulnerability clearinghouse amid…
Unpatched Cursor Vulnerability Exposes Users to Code Execution
An attacker can create a malicious repository containing a git.exe in the project root, and Cursor executes it automatically. The post Unpatched Cursor Vulnerability Exposes Users to Code Execution appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
LabubaRAT malware infiltrates Windows systems while posing as NVIDIA software
LabubaRAT, a previously undocumented Rust-based remote access tool (RAT) masquerading as NVIDIA software that enables post-compromise operations on Windows systems, has been uncovered by Blackpoint Cyber. According to researchers, LabubaRAT creates “a reusable foothold for hands-on activity.” Once deployed, it…
Phishing Campaign Abuses eCards to Deploy RMM Tools
Six-month phishing campaign used seasonal eCard lures to plant legitimate RMM tools on victims This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Campaign Abuses eCards to Deploy RMM Tools
Lidl Data Breach Exposes Customer Details in Germany, Belgium, and the Netherlands
Lidl says attackers stole customer data in Germany, Belgium, and the Netherlands via a third-party provider, raising concerns about phishing and GDPR compliance. The post Lidl Data Breach Exposes Customer Details in Germany, Belgium, and the Netherlands appeared first on…
Apple Tests New iMessage Warning for Malicious Messages
Apple is testing an iOS 26.6 security alert that warns users about malicious iMessages and lets them report suspicious messages. The post Apple Tests New iMessage Warning for Malicious Messages appeared first on TechRepublic. This article has been indexed from…
US charges Russian ‘bulletproof’ web hosts over cyberattacks that netted $62M from cybercrime victims
The 2024 indictment, now unsealed, accuses three Russians and two web hosts of aiding hackers and profiting from cybercrime. This article has been indexed from Security News | TechCrunch Read the original article: US charges Russian ‘bulletproof’ web hosts over…
Claude for Chrome flaw could let rogue extensions access your Gmail
The ClaudeBleed vulnerability still lets malicious Chrome extensions abuse Claude for Chrome’s permissions. This article has been indexed from Malwarebytes Read the original article: Claude for Chrome flaw could let rogue extensions access your Gmail
CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities
Three vulnerabilities are actively exploited in attacks, including two that have been targeted as zero-days. The post CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…