Robinhood users are being targeted with fake sign-in alerts that urge them to call a phone number. The messages are designed to create urgency around an unfamiliar account login, turning a routine security warning into a route for a phone-based…
Xalgorix AI Penetration Testing Tool with 22-Phase Testing Methodology
Xalgorix is an open-source, self-hosted AI penetration testing platform that uses an autonomous LLM agent paired with an independent exploit verifier to deliver proven, not just suspected, vulnerability findings. Most vulnerability scanners flag potential issues and leave security teams to…
Odyssey Stealer Hits macOS Users in 100+ Countries, Targets 300 Crypto Wallet Extensions
Odyssey Stealer is again targeting macOS users, with a recent surge affecting victims in more than 100 countries. The information-stealing malware is built to collect credentials, browsing data, cryptocurrency assets, and other sensitive files that can quickly expose both personal…
Two Chrome updates in two days fix critical vulnerabilities
Chrome updates are arriving within days of each other. Learn how to update Chrome and check if you’re running the latest version. This article has been indexed from Malwarebytes Read the original article: Two Chrome updates in two days fix…
Security User Stories How-To – for product managers and developers
I wrote some time ago about “How to create security user stories” and I received in the meanwhile a lot of good feedback and questions about it. For these reasons, I decided that it is time to write again on…
Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang
A former ransomware negotiator was sentenced to nearly six years for secretly helping BlackCat extort victims while betraying his clients. A U.S. court sentenced former ransomware negotiator Angelo Martino, 41, to 70 months in prison for conspiring with the BlackCat…
Django SQL Injection Vulnerability Actively Exploited in the Wild
A high-severity SQL injection vulnerability in the Django web framework is now being actively exploited in real-world attacks, raising concerns for organizations running geospatial applications on PostGIS-backed deployments. The flaw, tracked as CVE-2026-1207, affects Django’s GIS module and has been…
GigaWiper Malware Attacking Windows Systems With Data Wipers and Fake Ransomware Notices
GigaWiper is a newly identified Windows threat built to do more than steal information or lock a screen. Once activated, it can erase disks, scramble files beyond recovery, and leave organizations facing sudden outages. Its arrival shows how destructive malware…
IT Security News Hourly Summary 2026-07-10 12h : 12 posts
12 posts were published in the last hour 10:5 : Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims 10:4 : Hackers Turn 50+ Dormant GitHub Accounts Into a Network for Corporate Source Code Recon 10:4 : Microsoft Warns…
Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims
A former Florida ransomware negotiator has been sentenced to 70 months in federal prison after conspiring with BlackCat/ALPHV ransomware operators and helping attack multiple U.S. victims. Angelo Martino, of Land O’Lakes, Florida, worked for a U.S.-based cyber incident response company.…
Hackers Turn 50+ Dormant GitHub Accounts Into a Network for Corporate Source Code Recon
Research has uncovered coordinated campaigns that use more than dormant GitHub accounts to map corporate organizations, repositories, and developers. The activity relies on GitHub’s API to collect public information. However, some operators have also attempted to access private source code…
Microsoft Warns of Increase in Number of Security Updates
Microsoft has said the volume of Windows security updates is set to grow as it uses AI to find new bugs This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Warns of Increase in Number of Security…
Interpol Operation First Light 2026 Nets 5,811 Arrests and $293 Million Seized Across 97 Countries
Interpol has wrapped up Operation First Light 2026, resulting in 5,811 arrests and the seizure of $293 million in illicit assets across 97 countries and territo Thank you for being a Ghacks reader. The post Interpol Operation First Light 2026…
“Comment stuffing” in an HTML phishing attachment as a mechanism for evading AI-based detection?, (Fri, Jul 10th)
Anyone who deals with phishing messages caught by basic security filters knows that most phishing samples tend to blend into one another, since only a small set of techniques and approaches keeps reappearing in them. That is precisely why it…
FastNetMon Launches Netomics, a Self-Hosted Routing Intelligence Platform
London, United Kingdom, 10th July 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: FastNetMon Launches Netomics, a Self-Hosted Routing Intelligence Platform
Process Parameter Poisoning Technique Hides Shellcode Inside Windows Startup Data
A newly documented Windows injection approach, dubbed Process Parameter Poisoning or P³, uses process startup parameters as an unconventional staging area for shellcode. Implemented in the P³-Shellcode Loader proof of concept, the technique can reduce exposure to telemetry that endpoint…
Redefining the CISO Contract: From Securing the Business to Securely Doing Business
Walk into almost any executive leadership meeting right now and you’ll find the same dynamic playing out. The CEO is asking how the company can do more with AI, faster. Engineering teams are already three sprints deep into building something…
Scot NHS Trust probes email stuffup involving maternity patients’ data
NHS Forth Valley is the latest health board to bungle basic email data protection principles This article has been indexed from www.theregister.com – Articles Read the original article: Scot NHS Trust probes email stuffup involving maternity patients’ data
GigaWiper Combines Multiple Malware for System-Level Sabotage
The backdoor’s destructive capabilities include a standalone wiper, ransomware encryption, and a multi-pass wiping command. The post GigaWiper Combines Multiple Malware for System-Level Sabotage appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: GigaWiper…
Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks
A 41-year-old former ransomware negotiator has been sentenced to nearly six years (i.e., 70 months) in prison in the U.S. for their role in conspiring with the now-defunct BlackCat ransomware operators to extort multiple victims and working with two other…
Attackers Exploit ‘Ill Bloom’ Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with…
Odyssey Stealer Attacks Macs Worldwide and Replaces Crypto Wallet Apps With Drainers
Odyssey Stealer is driving a large-scale macOS infostealer campaign that now spans more than 100 countries, with operators systematically hijacking cryptocurrency ecosystems by replacing legitimate wallet apps with drainer trojans. The operation blends advanced social engineering, AppleScript-based stealth, and persistent…
GigaWiper Merges Three Malware Families Into One Destructive Backdoor
Microsoft uncovered GigaWiper, a modular Go backdoor combining three malware families with espionage, remote control, and destructive wiping features. In October 2025, Microsoft’s threat intelligence team identified destructive wiping activity inside compromised environments and traced it to a previously unknown…
‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery Mechanism
Researchers demonstrate adversarial hallucination squatting against popular AI assistants to achieve remote code execution. The post ‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery Mechanism appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: ‘HalluSquatting’…