Google has started rolling out FIDO2-compliant physical security key support as a second factor for authentication in Google Credential Provider for Windows (GCPW) to all Google Workspace customers. GCPW is a free tool that lets users sign in to Windows…
The serpent’s tongue: Luring the Python out of its den
This blog examines the full lifecycle of a Python package, from hosting on repositories such as PyPI or custom web servers, through source and wheel distribution formats, to the final installation into virtual or system-wide Python environments. This article has…
Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended
Japan’s largest taxi operator Nihon Kotsu shut down systems after a malware attack, disrupting dispatch and bookings. Nihon Kotsu, Japan’s largest taxi company, disclosed on July 13, 2026 that its internal systems suffered an unauthorized external access involving malware infection…
IT Security News Hourly Summary 2026-07-14 12h : 9 posts
9 posts were published in the last hour 10:5 : The inside job that cost ransomware victims millions 10:4 : Valarian Raises $50 Million for Sovereign Infrastructure Control Layer 10:4 : Lidl Notifies Customers of Third-Party Data Breach 9:34 :…
The inside job that cost ransomware victims millions
Instead of helping victims negotiate with BlackCat, a trusted ransomware negotiator secretly helped the gang extort them. This article has been indexed from Malwarebytes Read the original article: The inside job that cost ransomware victims millions
Valarian Raises $50 Million for Sovereign Infrastructure Control Layer
UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology. The post Valarian Raises $50 Million for Sovereign Infrastructure Control Layer appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Lidl Notifies Customers of Third-Party Data Breach
Supermarket giant Lidl has revealed details of a supplier breach impacting customer data This article has been indexed from www.infosecurity-magazine.com Read the original article: Lidl Notifies Customers of Third-Party Data Breach
Millions of Microsoft Entra Accounts Targeted in OAuth Client ID Spoofing Campaigns
Proofpoint details how attackers spoof OAuth client IDs to probe Microsoft Entra accounts, test credentials and bypass common sign-in detections at cloud scale. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
Multiple Jscrambler Packages Impacted by Supply Chain Attack
A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer. The post Multiple Jscrambler Packages Impacted by Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
UK charges five persons linked to fraud platform behind more than a million scam calls
Five people have been charged in the UK following a National Crime Agency (NCA) investigation into Russian Coms, a caller ID spoofing service used by fraudsters. Ayoub Sehailia, 28, Zakkaria Sehailia, 30, Usman Din, 30, Denis Ozmus, 29, and Fadila…
Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads
xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93,…
Smartphone Shipments Sink 11 Percent Worldwide
Apple takes 20 percent of global market, Samsung retains top spot as mid-range sellers hit by record contraction This article has been indexed from Silicon UK Read the original article: Smartphone Shipments Sink 11 Percent Worldwide
Microsoft Entra ID authentication overhaul to start in September 2026
Microsoft will begin rolling out passkeys as the default authentication experience for Microsoft Entra ID in the public cloud on September 1, 2026. Organizations with SMS or voice authentication enabled will automatically be enabled for passkeys. The next time users…
Norfolk Residents Fight Local Data Centre Plans
Thousands sign petition against plans to build 150 MW data centre on 32-acre site of Ipswich Road south of Norwich This article has been indexed from Silicon UK Read the original article: Norfolk Residents Fight Local Data Centre Plans
SAP July 2026 Patch Day Fixes Critical NetWeaver, Approuter, and Commerce Cloud Vulnerabilities
SAP’s July 2026 Security Patch Day addresses multiple high-impact vulnerabilities across its enterprise products, including a severe memory corruption issue in the SAP NetWeaver Application Server ABAP. The most critical vulnerability, tracked as CVE-2026-44747, has a CVSS score of 9.9…
Chrome Extension Used by 1.6 Million Users Silently Included Data Exfiltration Capabilities
A widely used browser extension, ModHeader, has been removed from the Chrome Web Store after researchers found that its signed release contained a dormant capability to collect, encrypt, and potentially upload users’ browsing-domain data. The extension reportedly had about 1.6…
Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through…
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might…
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS),…
Five Charged in “Russian Coms” Fraud Platform Case
Five UK residents have been charged in relation to supplying Russian Coms fraud devices and apps This article has been indexed from www.infosecurity-magazine.com Read the original article: Five Charged in “Russian Coms” Fraud Platform Case
Large Platforms Face Fines Over Scam Ads
Major online platforms including social, search, AI service must block fraudulent adverts under new Ofcom proposals This article has been indexed from Silicon UK Read the original article: Large Platforms Face Fines Over Scam Ads
Greenhat Announces Successful Delegation at Web Summit Vancouver 2026
Vancouver, Canada, 14th July 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Greenhat Announces Successful Delegation at Web Summit Vancouver 2026
WinFsp Race Condition Flaw Allows Attackers to Gain SYSTEM-Level Access on Windows
A newly disclosed vulnerability in the Windows File System Proxy (WinFsp) could allow a local attacker to gain SYSTEM-level privileges by exploiting a race condition that triggers a kernel heap overflow. Tracked as CVE-2026-3006, this vulnerability affects WinFsp versions 2.1.25156…
CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper
New macOS infostealer CrashStealer uses a signed app to bypass Gatekeeper, steals credentials and wallets, then AES-encrypts stolen data. Jamf Threat Labs first spotted CrashStealer in early May 2026 as a suspicious macOS sample uploaded to VirusTotal. By early July,…