In this interview with Help Net Security, Miranda Ritchie, industrial cybersecurity, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing processes. She explains why a cyber incident in these settings can harm people, equipment…
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below – CVE-2026-48282 (CVSS score: 10.0) – A path traversal…
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011.…
US Teenager Arrested In Finland For Scattered Spider Hacks
Peter Stokes, 19, extradited to face criminal conspiracy charges in Chicago federal court, after arrest by Finnish authorities This article has been indexed from Silicon UK Read the original article: US Teenager Arrested In Finland For Scattered Spider Hacks
LONGLEASH Malware Adds Reverse Shell, Proxying, and Intermediate C2 Capabilities
A significant upgrade to malware maintained by the UAT-7810 actor: LONGLEASH, a successor to the previously reported SHORTLEASH implant, now sporting reverse-shell, multi-protocol proxying, and intermediate command-and-control (C2) forwarding capabilities. LONGLEASH retains SHORTLEASH’s ff-agent codebase but expands its operational scope.…
OpenAI Reportedly Secures US Government Clearance to Launch GPT-5.6 Model
OpenAI has reportedly received approval from the U.S. Department of Commerce for a broad public launch of its advanced GPT-5.6 model, marking a significant moment in how Washington regulates access to frontier AI systems. A source familiar with the matter…
20 open-source cybersecurity tools to keep your team ready for anything
AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent open-source releases…
China-Aligned UNK_MassTraction Exploits Roundcube Servers to Target Universities
A suspected China-aligned cluster dubbed UNK_MassTraction that is exploiting n-day flaws in Roundcube webmail to compromise physics and engineering departments at U.S. and Canadian universities. The operators use a two-stage browser-to-server infection chain that begins with a Cross-Site Scripting (XSS)…
macOS is becoming a proving ground for AI agents
Somewhere right now, a Mac Mini is sitting on a shelf doing someone’s chores. Nobody’s watching it. It reads a version number out of Terminal, hops over to Safari, digs up a release year, then quietly files a reminder, the…
U.S. Government Reportedly Approves OpenAI’s GPT-5.6 Sol, Terra, and Luna Models
The Trump administration has reportedly lifted previous restrictions on the launch of OpenAI’s GPT-5.6, enabling a broader commercial rollout of this advanced model after weeks of government-mandated cybersecurity and national security vetting. This decision marks a significant turning point in…
How to implement a continuous offensive security testing program
The hard part was never finding the exposure. It was deciding what to do about it: whether to patch, mitigate, monitor, or accept, and banking that that decision would still hold tomorrow. A penetration test answers this question for the…
Google Dialogflow CX Flaw Lets Attackers Bypass VPC-SC and Steal Sensitive Chatbot Data
A critical vulnerability in Google Cloud’s Dialogflow CX platform allowed attackers to bypass VPC Service Controls (VPC-SC) and silently exfiltrate sensitive chatbot data, raising significant concerns about the security of enterprise AI deployments. Discovered by Varonis Threat Labs and dubbed…
Anthropic Keeps Claude Fable 5 Available on Paid Plans Until July 12
Anthropic has announced an extension of access to its advanced AI model, Claude Fable 5, allowing users on all paid plans to continue using the system until July 12, 2026. This update, shared via the company’s official X account, comes…
OpenAI and Anthropic are pulling in different directions
Companies are handing routine operational decisions to AI agents that plan, remember, and act on their behalf. These agents run on statistical models, and their behavior can drift across weeks and months. That drift opens a security gap outside the…
GitLost Vulnerability Lets Attackers Trick GitHub AI Agent Into Leaking Private Repos
A critical vulnerability known as “GitLost” has been discovered in GitHub’s newly introduced Agentic Workflows by Noma Labs. This flaw allows unauthenticated attackers to exfiltrate sensitive data from private repositories. It demonstrates how AI-driven automation within development pipelines can be…
Accenture Data Breach Exposes 35GB Source Code and Azure DevOps Credentials
Accenture is currently investigating a potential data breach after a threat actor using the alias “888” claimed to be selling approximately 35GB of stolen data, including source code and sensitive credentials, on a cybercrime forum. This listing, posted on July…
IT Security News Hourly Summary 2026-07-08 06h : 3 posts
3 posts were published in the last hour 3:33 : Phishing Campaign Targets Marketing Professionals Using Fake Job Interviews from Top Global Brands 3:9 : Accenture Data Breach – Hackers Allegedly Claim to Have Stolen 35 GB of Source Code…
Phishing Campaign Targets Marketing Professionals Using Fake Job Interviews from Top Global Brands
A sophisticated phishing campaign is targeting marketing professionals by posing as recruiters from more than 30 globally recognized brands, including Adobe, Netflix, Coca-Cola, OpenAI, Adidas, and Marriott. The attackers aim to steal Google account credentials by luring victims into…
Accenture Data Breach – Hackers Allegedly Claim to Have Stolen 35 GB of Source Code
A threat actor operating under the alias “888” has posted a listing on a cybercrime forum claiming to sell data allegedly stolen from the IT services and consulting giant Accenture, with the stated haul totaling roughly 35 GB of source…
Anthropic Extends Free Access to Claude Fable 5 on All Paid Plans
Anthropic has extended promotional access to its newest AI model, Claude Fable 5, allowing subscribers on paid plans to use it at no additional cost through July 12, 2026, at 11:59:59 PM PT. The company confirmed the extension in an…
Scattered Spider squashed, Rogue Agent AI flaw, 16 year-old Linux bug and new phish hunts marketers
Cybersecurity Today host David Shipley covers how a newly unsealed U.S. complaint tied an alleged Scattered Spider member to a luxury retailer intrusion using a persistent Windows device ID, with prosecutors alleging help-desk social engineering, admin account takeover, data exfiltration,…
ISC Stormcast For Wednesday, July 8th, 2026 https://isc.sans.edu/podcastdetail/9998, (Wed, Jul 8th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, July 8th, 2026…
Gitea Docker Vulnerability Now Under Active Probing, CVE-2026-20896
A critical flaw in Gitea’s official Docker image let anyone impersonate an admin with one forged header. Sysdig spotted the first exploitation attempts 13 days after the fix shipped. Gitea Docker Vulnerability Now Under Active Probing, CVE-2026-20896 on Latest Hacking…
Why Unity Remains the Most Popular Engine for Mobile Games
Learn why Unity is still a trusted engine for mobile games, from faster prototyping and Android and iOS support to tools that help studios scale after releases. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI…