AssuranceAmerica, a U.S. provider of auto and renters insurance, has confirmed a significant data breach that exposed the personal information and driver’s license data of approximately 6.99 million people. This incident marks the largest known leak of Americans’ driver’s license…
GitHub Copilot Refuses Harmful Chat Prompts But Writes Them Inside Code Workflows
GitHub Copilot can refuse harmful prompts in chat while still generating the same harmful content inside code workflows when the request is decomposed across a multi-step IDE session. Researchers Abhishek Kumar and Carsten Maple from the Alan Turing Institute analyzed…
QR Codes Are the New Security Blindspots That Steal Your Card Details and Deliver Malware
A small pixelated square. You’ve scanned hundreds of them at coffee shops, parking meters, airport lounges, and restaurant tables. It feels instant. It feels safe. It feels routine. That’s exactly what cybercriminals are counting on. QR codes have become one…
Meta’s Muse AI Tool Lets Users Create Images Using Public Instagram Photos
Meta has launched Muse Image, its first image generation model built by Meta Superintelligence Labs, and the release has already triggered a privacy backlash because it lets users pull public Instagram photos into AI-generated visuals without notifying the account owner.…
New HalluSquatting Attack Allows Hackers to Poison AI Coding Assistants Into Installing Botnet Malware
A newly disclosed attack technique dubbed “HalluSquatting” is raising serious concerns in the cybersecurity community after researchers demonstrated how AI coding assistants can be manipulated into installing botnet malware through hallucinated resources. The research, conducted by Aya Spira, Stav Cohen,…
GitLab Patches Eight Security Vulnerabilities Across Community and Enterprise Editions
GitLab has released critical security updates addressing eight vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE), urging users to upgrade immediately to mitigate potential risks. The latest patch versions 19.1.2, 19.0.4, and 18.11.7 were published on July 8,…
5,811 arrests, $293 million seized over social engineering scams
Criminals who pose as police officers, romantic partners, and business suppliers have built fraud operations that reach across continents. A four-month enforcement campaign against these schemes wrapped up, and police in 97 countries and territories took part. Thousands of arrests…
RedHook Abuses Accessibility Service to Enable Developer Options and Wireless Debugging
RedHook, an Android Remote Access Trojan (RAT) first profiled in July 2025, has resurfaced with a markedly more dangerous capability: autonomous abuse of Android’s ADB Wireless Debugging to acquire shell-level privileges (uid 2000). While its baseline toolkit screen streaming, keylogging,…
Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)
Microsoft fixed RoguePlanet (CVE-2026-50656), a Defender flaw allowing local attackers to gain higher privileges through the Malware Protection Engine. Microsoft released security updates for RoguePlanet, a vulnerability tracked as CVE-2026-50656 (CVSS score of 7.8) affecting the Malware Protection Engine used…
The Language of AI Could Change How Humans Speak
Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was…
June 2026 Cyber Attacks Statistics Infographic
June 2026 saw 176 confirmed cyber attacks. Cyber Crime drove three in four incidents, Malware remained attackers’ weapon of choice, and Information & Communication infrastructure took the heaviest hit. This visual breakdown charts the month’s motivations, attack vectors, initial access…
June 2026 Cyber Attacks Statistics
June 2026 saw 176 confirmed cyber attacks. Cyber Crime drove three in four incidents, Malware remained attackers’ weapon of choice, and Information & Communication infrastructure took the heaviest hit. This visual breakdown charts the month’s motivations, attack vectors, initial access…
Your coding agent says no in chat and yes in the code
Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own output across many turns. The safety testing that vets these agents still runs…
GhostApproval Flaw Hits Six Major AI Coding Assistants
Wiz discovered GhostApproval, a symlink flaw in six major AI coding assistants that bypasses approval This article has been indexed from www.infosecurity-magazine.com Read the original article: GhostApproval Flaw Hits Six Major AI Coding Assistants
Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign
A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data extortion. The threat actor begins by registering domains that include the term “passkey” (for example, assignpasskey[.]com, deploypasskey[.]com, passkeydeploy[.]com, passkeyadd[.]com,…
Foxit Patches Multiple Use-After-Free Flaws Leading to Remote Code Execution
Foxit has released critical security updates to address multiple use-after-free vulnerabilities that could lead to remote code execution (RCE) in its widely used PDF Reader and PDF Editor products. The vulnerabilities, disclosed in Foxit’s July 8, 2026 security bulletin, affect…
GhostApproval Attack Impacts Amazon Q, Claude Code, Cursor, Google Antigravity, and Windsurf
A newly disclosed vulnerability pattern known as “GhostApproval” is exposing significant flaws in the trust boundary of leading AI coding assistants, including Amazon Q Developer, Anthropic Claude Code, Cursor, Google Antigravity, Augment, and Windsurf. This issue demonstrates how attackers can…
Madison Square Garden Kept a List of Gay Celebrities
An MSG database tracked and categorized hundreds of celebs, famous Knicks superfans, and even some of Taylor Swift’s wedding guests. Labels included “LGBTQIA,” “DO NOT HOST,” and low to high “risk.” This article has been indexed from Security Latest Read…
Mount Royal University Confirms Data Stolen in Ransomware Attack
Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data. The post Mount Royal University Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Microsoft Patches Defender ‘RoguePlanet’ Vulnerability
The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update. The post Microsoft Patches Defender ‘RoguePlanet’ Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Microsoft…
Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection…
Google Chrome Update Patches 27 Security Vulnerabilities Including Critical Use-After-Free Flaws
Google has released a critical security update for Chrome, upgrading the Stable channel to version 150.0.7871.114/.115 on Windows and macOS, and to version 150.0.7871.114 on Linux. This update addresses 27 vulnerabilities, including several critical use-after-free flaws that could potentially enable…
GitLab Patches 8 Vulnerabilities Affecting CE and EE Installations
GitLab has released critical security updates to address eight vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE). Administrators are urged to upgrade immediately to versions 19.1.2, 19.0.4, or 18.11.7. The patch rollout on July 8, 2026, includes fixes…
Nike Alleged Breach: Threat Actors Claim Leak of Millions of Customer Records
A threat actor on a prominent cybercrime forum has claimed responsibility for leaking data allegedly belonging to Nike and Alcon, posting the purported datasets for download. The claims, currently unverified, suggest a significant breach affecting millions of records across both…