Google has rolled out Chrome version 150.0.7871.124/.125 for Windows and macOS, and version 150.0.7871.124 for Linux users. This Stable Channel update addresses 15 security vulnerabilities, including two critical memory safety issues in Ozone. The update will be released gradually and…
Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow
A critical security defect in the ServiceNow AI platform could allow remote attackers to execute arbitrary code. The post Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Polygraf AI Meeting Guard delivers real-time deepfake detection for enterprise meetings
Polygraf AI has announced Meeting Guard, a real-time AI fraud detection solution for enterprise meetings built to detect fraud and protect meeting security. AI can clone a voice, animate a face, and answer every interview question in real time, making…
U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities (KEV) catalog. The flaws added…
ClickFix is changing the economics of social engineering
ClickFix has moved from a one-off social engineering trick into an industrialized attack ecosystem that is outpacing conventional antivirus and endpoint defenses, according to ReversingLabs. The technique first showed up in late 2023 and early 2024, and Proofpoint named it…
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it…
Microsoft July 2026 Patch Tuesday Fixes Record 570 Flaws Including Three Zero-Days
Microsoft has released the July 2026 Patch Tuesday security updates, addressing a record 570 vulnerabilities. Thank you for being a Ghacks reader. The post Microsoft July 2026 Patch Tuesday Fixes Record 570 Flaws Including Three Zero-Days appeared first on gHacks.…
Dell Warns of Critical PowerProtect Data Domain Flaws Allowing Remote Attackers to Take Complete Control
Dell has recently disclosed two critical vulnerabilities in PowerProtect Data Domain appliances that could allow unauthenticated remote attackers to gain complete control of affected systems. These vulnerabilities are tracked as CVE-2026-53483 and CVE-2026-53481, both of which received a critical CVSS…
White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative
The new program stems from an AI-focused Executive Order signed by President Trump on June 2. The post White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
AI-driven bug hunting fuels record Microsoft Patch Tuesday
Microsoft has released patches for 570+ vulnerabilities on July 2026 Patch Tuesday, including two that are being leveraged by attackers (CVE-2026-56155 and CVE-2026-56164), and one that was previouly disclosed (CVE-2026-50661). The release was once again followed by Nightmare Eclipse publishing…
TuxBot v3: Inside an IoT Botnet Framework With LLM-Assisted Development
TuxBot v3 Evolution, an IoT botnet framework built with LLMs. Read our analysis of its cross-compiled binaries, C2 architecture and bugs. The post TuxBot v3: Inside an IoT Botnet Framework With LLM-Assisted Development appeared first on Unit 42. This article…
11 Malicious NuGet Game Cheat Packages Deploy Pepesoft Windows Surveillance Malware
11 malicious NuGet packages masquerading as game cheats, automation bots, and management “panels” that deploy a Windows payload called pepesoft.exe. The packages were published as .NET command-line tools, enabling users to install them through the dotnet tool install workflow and…
Forgotten UEFI shims undermining Secure Boot
ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities This article has been indexed from WeLiveSecurity Read the original article: Forgotten UEFI shims undermining Secure Boot
OkoBot: new sophisticated malware framework targets cryptocurrency users
Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs TookPS, exfiltrates seed phrases, monitors Chromium-based browsers, and installs various malware strains, including the Rilide stealer. This article has been indexed from Securelist Read the…
Critical SonicWall Firewall 0-Day Vulnerabilities Actively Exploited in Attacks
SonicWall has issued an urgent security advisory regarding two vulnerabilities affecting its SMA1000 Series appliances. The company is warning that attackers are actively exploiting these flaws in real-world attacks. The most critical issue, tracked as CVE-2026-15409, carries a maximum CVSS…
Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption
The company has rolled out a fix and is restoring access for Storage Zones Controller customers who apply it. The post Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below – @asyncapi/generator-helpers@1.1.1 @asyncapi/generator-components@0.7.1 @asyncapi/generator@3.3.1 @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) “The This…
IT Security News Hourly Summary 2026-07-15 12h : 10 posts
10 posts were published in the last hour 9:38 : ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell 9:36 : Microsoft Patches 570 CVEs in Record Patch Tuesday 9:26 : OpenAI Plans Smart Speaker In First Hardware Foray 9:23…
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell
The industrial giants fixed dozens of vulnerabilities across their ICS products, with advisories also released by CISA and VDE CERT. The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell appeared first on SecurityWeek. This article has been indexed…
Microsoft Patches 570 CVEs in Record Patch Tuesday
Microsoft released fixes for a record 570 CVEs in its July Patch Tuesday update, as experts warn AI is dramatically accelerating vulnerability discovery and increasing patch volumes This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Patches…
OpenAI Plans Smart Speaker In First Hardware Foray
Start-up reportedly planning to launch ChatGPT-powered speaker this year, as it faces Apple lawsuit claiming theft of hardware secrets This article has been indexed from Silicon UK Read the original article: OpenAI Plans Smart Speaker In First Hardware Foray
SheetAgent RAT Runs 14 Virtual Machine Checks and Self-Deletes When Analysis Is Detected
A threat campaign targeting Indian government job seekers is using a recruitment notice for Senior Field Officer positions in the Cabinet Secretariat as a lure to deploy a custom remote access Trojan, SheetAgent RAT. The campaign begins with a ZIP…
SonicWall warns of active exploitation of two SMA 1000 zero-days
SonicWall warns of active attacks exploiting two SMA 1000 zero-days, including a flaw enabling arbitrary command execution. SonicWall confirmed the active exploitation of two zero-day vulnerabilities affecting Secure Mobile Access (SMA) 1000 appliances. The vulnerabilities were internally discovered and reported…
Fluke – 821,100 breached accounts
In July 2026, electronic test and measurement equipment company Fluke was targeted in a ShinyHunters “pay or leak” extortion campaign. The group subsequently published more than 100GB of data allegedly taken from the company. The corpus contained largely corporate contact…