Discord has confirmed that a bug in its automated security systems led to the wrongful suspension of more than 8,000 user accounts between May 2026 and early July 2026. The company disclosed the issue via its official support account on…
China-Nexus Hackers Exploit Ruckus Routers to Build Operational Relay Box Networks
UAT-7810, a China-nexus hacking group, is expanding a global network of hijacked internet devices by exploiting security flaws in Ruckus wireless routers and rolling out new custom malware. This activity feeds into what researchers call an Operational Relay Box network,…
NCSC Touts National Scale, AI-Powered “Cyber Shield” for Defense
The National Cyber Security Centre wants to work with AI partners to build a new “Cyber Shield” to defend the UK This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Touts National Scale, AI-Powered “Cyber Shield” for…
Adobe ColdFusion Vulnerabilities Are a Design Failure, Not Bad Luck
Adobe frames the fast exploitation of its ColdFusion vulnerabilities as an attacker speed problem. The real issue is a connector that never should have trusted an unauthenticated request. Adobe ColdFusion Vulnerabilities Are a Design Failure, Not Bad Luck on Latest…
Over 70% of Public WordPress Sites Running Outdated PHP Exposed to Cyberattacks
A new analysis has revealed a significant security gap within the global web ecosystem. Over 70% of publicly accessible WordPress sites are running outdated, end-of-life (EOL) PHP versions, significantly increasing their vulnerability to cyberattacks. These findings highlight a systemic issue…
CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code
CISA is using Anthropic’s Mythos AI to scan federal code for vulnerabilities, aiming to find flaws before hackers and foreign intelligence services. Three sources familiar with the matter told Reuters that CISA, the U.S. government’s civilian cyber defense agency, is…
Alleged Member of Scattered Spider Cyber Gang Extradited to the USA to Stand Trial
Finnish authorities arrested an alleged member of the notorious hacker group Scattered Spider before extraditing him to the United States. Prosecutors charged 19-year-old Peter Stokes… The post Alleged Member of Scattered Spider Cyber Gang Extradited to the USA to Stand…
Lurking Lizard Uses Drop-Catch Domains and Lookalike Brands to Distribute Proxyware
A sophisticated, long-running operation that converts consumer devices into rentable exit nodes for residential proxy services. The initial signal was a fake 7-Zip installer hosted at 7zip[.]com a domain that mimicked the legitimate 7-zip[.]org and benefitted from years of search-engine…
15-Year-Old GhostLock Linux Kernel Vulnerability Enables Root Access and Container Escape
A critical vulnerability in the Linux kernel, known as “GhostLock” (CVE-2026-43499), has been disclosed by researchers at Nebula Security. This vulnerability, which has existed for 15 years, allows for reliable privilege escalation and container escape across nearly all Linux distributions.…
Claude Cowork turns your phone into a remote control for AI work
Anthropic started rolling out Claude Cowork, an AI agent that completes multi-step tasks, in beta for Max users on mobile and the web. They describe a goal, and Claude plans the work, uses the required tools, and produces outputs such…
UK Cyber Shield, Japanese telco attack, China AI model limits
The UK’s Cyber Pledge and Cyber Shield Millions exposed in Japanese telco attack China looking to curb overseas model access Get the show notes here: Thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And…
IT Security News Hourly Summary 2026-07-08 09h : 8 posts
8 posts were published in the last hour 6:43 : Indian Income Tax Department Phishing Lure Deploys Gh0st RAT and AsyncRAT Implants 6:40 : Orbia CISO Miranda Ritchie on building security into sustainable infrastructure 6:38 : CISA Adds 4 Actively…
Indian Income Tax Department Phishing Lure Deploys Gh0st RAT and AsyncRAT Implants
A targeted phishing campaign impersonating the Indian Income Tax Department has been observed delivering a sophisticated, six-stage infection chain that culminates in two in-memory remote-access implants: a Gh0st RAT derivative and a Quasar/AsyncRAT-family .NET payload. Victims are funneled to fake…
Orbia CISO Miranda Ritchie on building security into sustainable infrastructure
In this interview with Help Net Security, Miranda Ritchie, industrial cybersecurity, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing processes. She explains why a cyber incident in these settings can harm people, equipment…
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below – CVE-2026-48282 (CVSS score: 10.0) – A path traversal…
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011.…
US Teenager Arrested In Finland For Scattered Spider Hacks
Peter Stokes, 19, extradited to face criminal conspiracy charges in Chicago federal court, after arrest by Finnish authorities This article has been indexed from Silicon UK Read the original article: US Teenager Arrested In Finland For Scattered Spider Hacks
LONGLEASH Malware Adds Reverse Shell, Proxying, and Intermediate C2 Capabilities
A significant upgrade to malware maintained by the UAT-7810 actor: LONGLEASH, a successor to the previously reported SHORTLEASH implant, now sporting reverse-shell, multi-protocol proxying, and intermediate command-and-control (C2) forwarding capabilities. LONGLEASH retains SHORTLEASH’s ff-agent codebase but expands its operational scope.…
OpenAI Reportedly Secures US Government Clearance to Launch GPT-5.6 Model
OpenAI has reportedly received approval from the U.S. Department of Commerce for a broad public launch of its advanced GPT-5.6 model, marking a significant moment in how Washington regulates access to frontier AI systems. A source familiar with the matter…
20 open-source cybersecurity tools to keep your team ready for anything
AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent open-source releases…
China-Aligned UNK_MassTraction Exploits Roundcube Servers to Target Universities
A suspected China-aligned cluster dubbed UNK_MassTraction that is exploiting n-day flaws in Roundcube webmail to compromise physics and engineering departments at U.S. and Canadian universities. The operators use a two-stage browser-to-server infection chain that begins with a Cross-Site Scripting (XSS)…
macOS is becoming a proving ground for AI agents
Somewhere right now, a Mac Mini is sitting on a shelf doing someone’s chores. Nobody’s watching it. It reads a version number out of Terminal, hops over to Safari, digs up a release year, then quietly files a reminder, the…
U.S. Government Reportedly Approves OpenAI’s GPT-5.6 Sol, Terra, and Luna Models
The Trump administration has reportedly lifted previous restrictions on the launch of OpenAI’s GPT-5.6, enabling a broader commercial rollout of this advanced model after weeks of government-mandated cybersecurity and national security vetting. This decision marks a significant turning point in…
How to implement a continuous offensive security testing program
The hard part was never finding the exposure. It was deciding what to do about it: whether to patch, mitigate, monitor, or accept, and banking that that decision would still hold tomorrow. A penetration test answers this question for the…