A targeted phishing campaign is using genuine academic event details to trick researchers into opening malware. The operation delivers a RokRAT variant through a fake document package that appears connected to a real seminar. The attackers used information from an…
Centers Laboratory Data Breach Affects 540,000 Individuals
The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider. The post Centers Laboratory Data Breach Affects 540,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns
The company notified customers to manually shut down their servers while it is investigating a credible threat. The post Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365
An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history. From that…
Australian Cyber Agency Warns of Global CMS Exploitation Campaign
Australian Cyber Security Centre warns CMS users of mass scanning and exploitation campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: Australian Cyber Agency Warns of Global CMS Exploitation Campaign
Australia Alerts Organizations to Ongoing CMS Exploitation Attacks
Australia warns of a global campaign exploiting CMS flaws to deploy webshells on WordPress, Joomla, and other websites. Australia’s Signals Directorate has issued an alert about a large-scale exploitation campaign actively targeting content management systems (CMS) worldwide, with many small…
AI Agent Discovers 15-Year-Old Linux Kernel Privilege Escalation Bug Named GhostLock
Researchers at Nebula Security have identified GhostLock, a Linux kernel vulnerability tracked as CVE-2026-43499 that has been present since Linux 2. Thank you for being a Ghacks reader. The post AI Agent Discovers 15-Year-Old Linux Kernel Privilege Escalation Bug Named…
A week in security (July 6 – July 12)
A list of topics we covered in the week of July 6 to July 12 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (July 6 – July 12)
Multifunction Windows backdoor, NSA revives TAO, urgent ShareFile warning
Windows backdoor stuffs multiple wipers and ransomware code into a single package NSA brings back Tailored Access Operations name for elite hacking unit Progress urges ShareFile customers to shut down storage zone controllers Show notes: https://cisoseries.com/cybersecurity-news-multifunction-windows-backdoor-nsa-revives-tao-urgent-sharefile-warning/ Huge thanks to our…
New VEXAIoT AI Agents Autonomously Exploit IoT Vulnerabilities With 95% Success Rate
VEXAIoT, an autonomous multi-agent framework designed to discover and exploit vulnerabilities in the Internet of Things (IoT) within controlled test environments. In 200 attack trials against the intentionally vulnerable IoTGoat platform, the system completed 189 attacks, achieving an overall success…
Hackers Can Exploit Motorola MR2600 Firmware Update Process to Gain Code Execution
A newly disclosed unauthenticated remote code execution vulnerability in Motorola MR2600 Wi-Fi routers allows attackers on the local network to upload and install a malicious firmware image without logging in to the router’s administration panel. According to researcher MrBruh, the…
Why SBOMs, signing, and provenance still don’t tell you if software is safe
We have made real progress in software supply chain security, improving visibility into software components, authenticity and build integrity. Much of this progress traces back to Executive Order 14028, which pushed agencies, contractors and enterprises to invest in SBOMs, signing…
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated…
IT Security News Hourly Summary 2026-07-13 09h : 7 posts
7 posts were published in the last hour 6:32 : Exposed Server Unmasks Evilginx Operators Stealing Microsoft 365 Sessions and OAuth Tokens 6:32 : Jscrambler npm Supply Chain Attack Steals Cloud Credentials and Crypto Wallet Secrets 6:32 : Cynative: Open-source…
Exposed Server Unmasks Evilginx Operators Stealing Microsoft 365 Sessions and OAuth Tokens
A misconfigured server in Budapest exposed a live phishing operation built to bypass Microsoft 365 multi-factor authentication and retain access to compromised accounts. The server, hosted at 185.163.204[.]7185.163.204[.]7185.163.204[.]7, was running python3 -m http.server 8080 with directory listing enabled, making its…
Jscrambler npm Supply Chain Attack Steals Cloud Credentials and Crypto Wallet Secrets
A malicious actor compromised the Jscrambler npm package and published several trojanized versions that included a hidden, cross-platform credential-stealing payload. The attack targeted developers, build pipelines, and CI/CD systems, where npm installations could access source code, cloud credentials, deployment tokens,…
Cynative: Open-source deep research agent
Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke around can delete a bucket, flip a permission, or…
FBI Disrupts Malicious Network Running On Android Set-Top Boxes
US agency seizes domains of Israel-based NetNut, works with companies to take down millions of bots running on TV streaming boxes This article has been indexed from Silicon UK Read the original article: FBI Disrupts Malicious Network Running On Android…
Operation Capsule Vault Uses Malicious ISO Files and Process Injection to Deliver RokRAT
Operation Capsule Vault began with spear-phishing emails sent on June 22, 2026, posing as notices distributing materials from a legitimate academic event. The lures referenced the “Why Wonsan-Kalma Tourism Now?” conference, held at Seoul COEX on June 12, and incorporated…
15 Best Free Cybersecurity Resources to Learn in 2026
By HOC Team | Last updated: July 2026 | Read time: ~18 min The biggest myth in cybersecurity education… The post 15 Best Free Cybersecurity Resources to Learn in 2026 appeared first on Hackers Online Club. This article has been indexed…
Microsoft demystifies how Windows updates work
Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the mechanisms used to deliver new features throughout the year. “Most individuals and organizations regularly deploy monthly…
A hardware security AI assistant that checks chips for hidden backdoors
Chip designers license blocks of circuitry from outside vendors and drop them into larger products. A single processor can carry components from a range of suppliers, each written by a company the buyer may never deal with directly. A malicious…
Microsoft Tests AI-Powered Copilot Tool to Diagnose Windows 11 Performance Issues
Microsoft is gradually rolling out an optional Copilot feature called PC Insights, which provides the AI assistant with access to real-time information about Windows 11 hardware and performance. This feature, first reported by Windows Latest, is currently being tested with…
Citrix Unveils NetScaler MCP Gateway With Centralized Security for AI Agents
Citrix has introduced new NetScaler capabilities designed to secure and govern enterprise AI agents that use the Model Context Protocol (MCP). Announced on July, the NetScaler MCP Gateway provides a centralized entry point for AI agents connecting to approved MCP…