Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection…
Google Chrome Update Patches 27 Security Vulnerabilities Including Critical Use-After-Free Flaws
Google has released a critical security update for Chrome, upgrading the Stable channel to version 150.0.7871.114/.115 on Windows and macOS, and to version 150.0.7871.114 on Linux. This update addresses 27 vulnerabilities, including several critical use-after-free flaws that could potentially enable…
GitLab Patches 8 Vulnerabilities Affecting CE and EE Installations
GitLab has released critical security updates to address eight vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE). Administrators are urged to upgrade immediately to versions 19.1.2, 19.0.4, or 18.11.7. The patch rollout on July 8, 2026, includes fixes…
Nike Alleged Breach: Threat Actors Claim Leak of Millions of Customer Records
A threat actor on a prominent cybercrime forum has claimed responsibility for leaking data allegedly belonging to Nike and Alcon, posting the purported datasets for download. The claims, currently unverified, suggest a significant breach affecting millions of records across both…
IT Security News Hourly Summary 2026-07-09 12h : 5 posts
5 posts were published in the last hour 10:4 : Turn off this Meta setting before someone generates AI images of you 10:4 : New AI Security Charter Backed by Over 70 Cyber Firms 9:34 : GitHub Copilot IDE Coding…
Turn off this Meta setting before someone generates AI images of you
Meta’s new Muse Image tool lets anyone generate AI images of you from your public Insta profile. You won’t be notified, and it’s on by default. This article has been indexed from Malwarebytes Read the original article: Turn off this…
New AI Security Charter Backed by Over 70 Cyber Firms
Over 70 cybersecurity organizations have signed the CREST AI Charter detailing responsible use of AI for security This article has been indexed from www.infosecurity-magazine.com Read the original article: New AI Security Charter Backed by Over 70 Cyber Firms
GitHub Copilot IDE Coding Agents Vulnerable to Workflow-Level Jailbreak Attacks
GitHub Copilot’s new coding agents, which are integrated into IDEs, are susceptible to a specific type of “workflow-level” jailbreak attacks. These attacks can bypass chat refusals, allowing agents to generate harmful code while performing standard software development tasks unwittingly. According…
HalluSquatting Attack Lets Hackers Turn AI Coding Assistants Into Botnet Installers
A newly disclosed attack technique called “HalluSquatting” is raising serious concerns in the AI security landscape. This technique demonstrates how attackers can exploit large language model (LLM) hallucinations to covertly compromise systems and potentially create botnets on a large scale.…
New AI Security Charter Backed by 71 Cyber Firms
Over 70 cybersecurity organizations have signed the CREST AI Charter detailing responsible use of AI for security This article has been indexed from www.infosecurity-magazine.com Read the original article: New AI Security Charter Backed by 71 Cyber Firms
npm and PyPI Malware Campaign Exfiltrates CI/CD Secrets Through Fake Payment SDKs
A coordinated supply-chain campaign that pushed 17 malicious packages across npm and PyPI, masquerading as SDKs for well-known payment services including PaySafe, Skrill and Neteller. The campaign’s packages 17 npm modules published with four rapid versions each and four PyPI…
Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes
Fake apps like WireVPN and a trojanized 7-Zip turn victims’ devices into residential proxies, letting criminals route traffic through their IPs. Infoblox’s threat research team started pulling on a single thread in early 2026: a fake version of the 7-Zip…
AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique
Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval. The post AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique appeared first on SecurityWeek. This article has been indexed from…
AWS centralizes access, spending, and governance for Claude
Claude apps gateway for AWS is a self-hosted control plane that gives organizations a single point of control over access, costs, and policies for Claude Code and Claude Desktop. It replaces per-developer cloud credentials, manual distribution of managed settings to…
Microsoft Releases Patches for RoguePlanet Defender Zero-Day Vulnerability
Microsoft has released security updates to address a newly disclosed zero-day vulnerability in Microsoft Defender, publicly referred to as “RoguePlanet.” The flaw, tracked as CVE-2026-50656, affects the Microsoft Malware Protection Engine and could allow attackers to gain elevated privileges on…
Helix Data Extortion Group Uses Vishing and Device Code Phishing to Steal SharePoint Data
Helix has surfaced as a fast-moving data extortion group that targets Microsoft 365 users through phone scams and cloud-focused phishing instead of traditional malware drops. Attackers are after access first, then large volumes of corporate files, with SharePoint libraries becoming…
NetSPI pairs AI pentesting with expert-validated security findings
NetSPI has announced the expansion of its AI-powered continuous pentesting platform, broadening the suite of services that organizations can use to ensure critical assets are always protected. The new services comprise continuous web application penetration testing, continuous AI penetration testing,…
Mexico’s big cyber test, Roundcube mailserver snooped on, Cash App found lax
Mexico’s first cyber test gets tested Snoops break into Roundcube mailservers Cash App owner pays up over lax security Get the show notes here: https://cisoseries.com/cybersecurity-news-mexicos-big-cyber-test-roundcube-mailserver-snooped-on-cash-app-found-lax/ Thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And…
Meta’s New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images
Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it’s enabled by default. “You can also @-mention Instagram accounts in the Meta AI app…
Cybercriminals Plant Malicious AI Agents in Open Source Tool Repositories
Cybersecurity researchers at ESET identify big rise in suspicious and malicious toolsets which put users at risk from cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Plant Malicious AI Agents in Open Source Tool Repositories
SNOW Malware Ecosystem Uses Teams Phishing, WebSocket Tunnels, and Browser Extensions
Threat actors are increasingly chaining classic phishing with collaboration platforms and covert tunneling to create highly believable intrusion paths. A recent multi-stage campaign attributed to UNC6692 exposes how adversaries combine email bombardment, Microsoft Teams impersonation, malicious browser extensions, WebSocket tunnels,…
Chrome 150 Update Patches 27 Vulnerabilities
The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google. The post Chrome 150 Update Patches 27 Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Chrome 150 Update…
Everest Ransomware Encryptor Uses ConfuserEx-Protected .NET Binary With Wake-on-LAN Capability
A recent technical analysis of an Everest ransomware encryptor reveals a purpose-built, ConfuserEx-protected .NET 4.0 binary that combines heavy obfuscation, misleading cryptographic declarations, and uncommon network tactics to maximize impact and impede response. The analyzed sample (hlntqyun.exe, SHA-256 1df92b…) is…
Thief posed as Wi-Fi fixing hero, then stole priceless trophy
If people think you are doing a legitimate job, you can get away with anything This article has been indexed from www.theregister.com – Articles Read the original article: Thief posed as Wi-Fi fixing hero, then stole priceless trophy