Nudge Security has announced new agentic capabilities to help security and IT teams find and remediate malicious and high-risk OAuth grants and browser extensions, two of the fastest-growing and hardest to manage attack surfaces in the enterprise. The new agents…
Spanish police dismantle €140 million cybercrime network
Spanish National Police have dismantled a cybercrime network accused of stealing and laundering about €140 million through fake investment platforms, CEO fraud, invoice fraud, and man-in-the-middle attacks. Four people were arrested as part of the operation: two in Portugal, one…
Progress Restores ShareFile Storage Zones Access After Vulnerability Exploit Concerns
Progress has restored access to its ShareFile Storage Zones Controller after a four-day suspension triggered by a credible external security threat This article has been indexed from www.infosecurity-magazine.com Read the original article: Progress Restores ShareFile Storage Zones Access After Vulnerability…
A Video Screen That Is Also a Camera
Amazing: Researchers from ETH Zurich in Switzerland, however, managed to create a new type of pixel that can simultaneously do both. This hypercharged pixel, called a Fourier pixel, can generate and sense arbitrary light fields and tap into a pixel’s…
Q&A: Cyber’s Headed Back to the CSIDES
Last year, CSIDES took place on The Grand Pier in Weston-super-Mare for the first time – a day filled with cyber talks, Cyber’s Got Talent, exceptional swag, its own theme song and – we are told – an extraordinary raffle. …
AI has crossed from assistant to operator, Check Point research warns
Check Point Research has published its second annual AI Security Report, documenting what it calls a decisive shift in how artificial intelligence is used in cyberattacks: AI is no longer simply accelerating existing techniques; it is now directly executing intrusions…
Black Duck Adds AI-Powered Triage and CRA-Ready Checks to Coverity Static Analysis
Black Duck has rolled out a set of AI-driven and compliance-focused updates to Coverity, its static application security testing (SAST) tool, as the application security vendor looks to align the two-decade-old product with both the rise of AI-assisted coding and…
Lidl Confirms Data Breach After Third-Party IT Provider Hack
Lidl has confirmed that a cyberattack on one of its third-party IT service providers exposed the personal data of online shop customers in Germany, Belgium and the Netherlands, the latest in a string of supply-chain breaches to hit major European…
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards
New research from Forescout has uncovered a sophisticated phishing campaign that uses fake seasonal eCard invitations to trick victims into installing legitimate remote management software, giving attackers long-term access to compromised devices. The campaign, dubbed SeasonalInvite by Forescout Research’s Vedere…
Chrome 150 Security Update Patches 15 Flaws, Including Two Critical Code Execution Ones
Google has rolled out Chrome version 150.0.7871.124/.125 for Windows and macOS, and version 150.0.7871.124 for Linux users. This Stable Channel update addresses 15 security vulnerabilities, including two critical memory safety issues in Ozone. The update will be released gradually and…
Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow
A critical security defect in the ServiceNow AI platform could allow remote attackers to execute arbitrary code. The post Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Polygraf AI Meeting Guard delivers real-time deepfake detection for enterprise meetings
Polygraf AI has announced Meeting Guard, a real-time AI fraud detection solution for enterprise meetings built to detect fraud and protect meeting security. AI can clone a voice, animate a face, and answer every interview question in real time, making…
U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities (KEV) catalog. The flaws added…
ClickFix is changing the economics of social engineering
ClickFix has moved from a one-off social engineering trick into an industrialized attack ecosystem that is outpacing conventional antivirus and endpoint defenses, according to ReversingLabs. The technique first showed up in late 2023 and early 2024, and Proofpoint named it…
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it…
Microsoft July 2026 Patch Tuesday Fixes Record 570 Flaws Including Three Zero-Days
Microsoft has released the July 2026 Patch Tuesday security updates, addressing a record 570 vulnerabilities. Thank you for being a Ghacks reader. The post Microsoft July 2026 Patch Tuesday Fixes Record 570 Flaws Including Three Zero-Days appeared first on gHacks.…
Dell Warns of Critical PowerProtect Data Domain Flaws Allowing Remote Attackers to Take Complete Control
Dell has recently disclosed two critical vulnerabilities in PowerProtect Data Domain appliances that could allow unauthenticated remote attackers to gain complete control of affected systems. These vulnerabilities are tracked as CVE-2026-53483 and CVE-2026-53481, both of which received a critical CVSS…
White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative
The new program stems from an AI-focused Executive Order signed by President Trump on June 2. The post White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
AI-driven bug hunting fuels record Microsoft Patch Tuesday
Microsoft has released patches for 570+ vulnerabilities on July 2026 Patch Tuesday, including two that are being leveraged by attackers (CVE-2026-56155 and CVE-2026-56164), and one that was previouly disclosed (CVE-2026-50661). The release was once again followed by Nightmare Eclipse publishing…
TuxBot v3: Inside an IoT Botnet Framework With LLM-Assisted Development
TuxBot v3 Evolution, an IoT botnet framework built with LLMs. Read our analysis of its cross-compiled binaries, C2 architecture and bugs. The post TuxBot v3: Inside an IoT Botnet Framework With LLM-Assisted Development appeared first on Unit 42. This article…
11 Malicious NuGet Game Cheat Packages Deploy Pepesoft Windows Surveillance Malware
11 malicious NuGet packages masquerading as game cheats, automation bots, and management “panels” that deploy a Windows payload called pepesoft.exe. The packages were published as .NET command-line tools, enabling users to install them through the dotnet tool install workflow and…
Forgotten UEFI shims undermining Secure Boot
ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities This article has been indexed from WeLiveSecurity Read the original article: Forgotten UEFI shims undermining Secure Boot
OkoBot: new sophisticated malware framework targets cryptocurrency users
Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs TookPS, exfiltrates seed phrases, monitors Chromium-based browsers, and installs various malware strains, including the Rilide stealer. This article has been indexed from Securelist Read the…
Critical SonicWall Firewall 0-Day Vulnerabilities Actively Exploited in Attacks
SonicWall has issued an urgent security advisory regarding two vulnerabilities affecting its SMA1000 Series appliances. The company is warning that attackers are actively exploiting these flaws in real-world attacks. The most critical issue, tracked as CVE-2026-15409, carries a maximum CVSS…