8 posts were published in the last hour 7:3 : Can a self-driving robotaxi take you to the police if you are doing something illegal in the car? 7:2 : Wireshark 4.6.7 Released With Fixes for Vulnerabilities Allowing Crashes via…
Can a self-driving robotaxi take you to the police if you are doing something illegal in the car?
Yes, it can, and this is exactly what happened to a couple of teenagers from San Mateo, CA. A Waymo robotaxi noticed that the two… The post Can a self-driving robotaxi take you to the police if you are doing…
Wireshark 4.6.7 Released With Fixes for Vulnerabilities Allowing Crashes via Malicious Packets
The Wireshark Foundation has released Wireshark 4.6.7, a security-focused update that fixes multiple vulnerabilities that can cause the popular network protocol analyzer to crash when processing specially crafted packets or capture files. Wireshark is widely used by security researchers, network…
Six U-Boot FIT Signature Verification Flaws Enable Code Execution and DoS Attacks
A new security analysis by Binarly Research has uncovered six critical vulnerabilities in the widely used U-Boot bootloader, exposing embedded systems and server management platforms to denial-of-service (DoS) attacks and potential arbitrary code execution. U-Boot is a foundational component in…
Most data brokers won’t tell you what happened to your deletion request
Data brokers collect personal details on most adults in the United States and sell them to buyers that include employers, landlords, insurance companies, and government agencies. California gives residents a way to push back. You can ask a broker to…
Hackers Compromise AWS AI Gateway Connected to Amazon Bedrock to Deploy XMRig Cryptominer
A compromise of an AI gateway linked to Amazon Bedrock, highlighting how generative AI infrastructure has become a new target within the enterprise attack landscape. The incident was disclosed on July 9, 2026, and reveals attackers exploiting a LiteLLM-Proxy EC2…
GigaWiper Uses OneDrive Update Scheduled Task for Persistent Destructive Access
A sophisticated Golang-based backdoor family now tracked as GigaWiper that fuses extensive C2 controls with multiple destructive payloads. What makes GigaWiper noteworthy is not merely its destructive capacity but how it packages several formerly separate wipers and extortion tools into…
Microsoft is rewriting Windows patch guidance because of AI
Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and exploit vulnerabilities after security updates are released. The company says organizations should reassess how quickly they…
Z.ai Launches Programming Agent In Latest Anthropic Challenge
China’s Zhipu AI brings out autonomous programming agent framework ZCode as it squares off against Anthropic, OpenAI worldwide This article has been indexed from Silicon UK Read the original article: Z.ai Launches Programming Agent In Latest Anthropic Challenge
Ransomware Negotiator Jailed for Leaking Victim Secrets to BlackCat Hackers
Angelo Martino, a former ransomware negotiator from Florida, has been sentenced to 70,707 months in federal prison for conspiring with ALPHV/BlackCat ransomware operators to extort victims whom he was supposed to help during incident-response engagements. The U.S. Department of Justice…
Filigran report: Organisations can see their threats but can’t act fast enough
Fragmented tools and manual processes are widening the gap between threat awareness and effective CTEM. Only 41% of organisations have a fully consolidated view of cyber risk exposure, and security teams spend 42% of their time investigating risks that turn…
Turning software supply chain security into a daily habit
In this Help Net Security video, Anastasia Tikhonova, Global Threat Research Lead at Group-IB, explains how to operationalize software supply chain risk. Instead of filing an SBOM away as a compliance document, she argues teams should use it every day…
Malicious Braintree.Net Typosquat Steals PAN, CVV, and Payment Gateway Credentials
A malicious NuGet package masquerading as the official Braintree .NET client on July 3, 2026 and Socket’s automation labeled it potential malware within ten minutes. The package, published under the misleading name Braintree.Net, is a carefully crafted typosquat that mirrors…
OpenAI Launches GPT-5.6 With Multi-Agent Cybersecurity and Vulnerability-Exploitation Capabilities
OpenAI has introduced the GPT-5.6 family, comprising Sol, Terra, and Luna, positioning it as a multi-agent platform tailored for advanced cybersecurity workflows, vulnerability research, and exploit development. The company claims that these models offer better performance per dollar compared to…
OpenAI Releases GPT-5.6 and ChatGPT Work, a New Companion to Handle Your Tasks
OpenAI has released the GPT-5.6 model family for general availability, introducing three models aimed at different performance and cost requirements: Sol, the flagship system; Terra, a balanced option for routine professional workloads; and Luna, the fastest and lowest-cost member of…
AWS gives its ERP agent deny-by-default rules and a separate identity
Accounts receivable teams at large companies spend hours each day matching incoming bank payments to invoices by hand. When those payments sit unmatched for days, cash flow suffers and days sales outstanding climbs. The same pattern repeats across blocked invoices,…
Microsoft Uses AI-Powered Agentic Scanning to Find Windows Security Flaws and Accelerate Patching
Microsoft is expanding its AI-driven vulnerability discovery across Windows, introducing a multi-model “agentic” scanning system designed to identify security flaws earlier and accelerate global patch deployment. AI-Powered Vulnerability Discovery At the core of this initiative is Microsoft Security’s Multi-Model Agentic…
Multiple U-Boot Vulnerabilities Enable Pre-Authentication Code Execution and Device DoS Attacks
Six critical vulnerabilities in the widely used U-Boot bootloader, which can be exploited through malicious Flattened Image Tree (FIT) images, allowing attackers to achieve pre-authentication arbitrary code execution or crash devices during the early boot process. U-Boot is foundational to…
Only 28% of financial workforce MFA is phishing-resistant
Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new Secret Double Octopus report. Key challenges preventing universal implementation of phishing-resistant MFA (Source: Secret Double Octopus)…
New infosec products of the week: July 10, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Attestiv, Automox, Codenotary, and First Recon AI. Codenotary launches AI security platform that learns from AI agent behavior Codenotary has announced AgentMon 3, the latest…
AI-Assisted Hackers Compromise AWS Cloud in 72 Hours Using Stolen Credentials
An AI-assisted threat actor has demonstrated how quickly a modern AWS environment can be compromised when valid credentials, weak identity controls, and exposed secrets intersect. In about 72 hours, they achieved broad cloud control using familiar techniques executed at an…
Roundcube Webmail Security Update Patches Critical Zero-Click XSS and SSRF Bypass Flaws
Roundcube has released version 1.7.2, a security-focused update that addresses multiple high-impact vulnerabilities, including a zero-click stored cross-site scripting (XSS) flaw and a server-side request forgery (SSRF) bypass. This update follows responsible disclosures from various security researchers and is strongly…
A questionable breach, bad routers at home and at work and AI gives defenders a win
This episode covers a hacker’s claim of stealing 35GB from Accenture—including source code, Azure personal access tokens, RSA keys, and SSH keys—while Accenture calls it an isolated, remediated matter, leaving uncertainty about potential downstream risk to its Fortune 500-heavy client…
ISC Stormcast For Friday, July 10th, 2026 https://isc.sans.edu/podcastdetail/10002, (Fri, Jul 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, July 10th, 2026…