Security researchers from HawkTrace have disclosed technical details of a high-severity server-side request forgery (SSRF) vulnerability in Microsoft Exchange, tracked as CVE-2026-45504. The flaw, which carries a CVSS score of 8.8, allows authenticated, low-privileged users to read arbitrary files from…
North Korea-Linked Hackers Hide JavaScript Loaders in Open Source Repositories
A new wave of supply chain attacks is spreading across the open source world, and this time the target is developers themselves. Security researchers have uncovered a campaign called PolinRider that hides malicious JavaScript loaders inside trusted code repositories, waiting…
Multiple WatchGuard Firebox OS Vulnerabilities Enable Arbitrary Code Execution Attacks
Multiple high‑severity vulnerabilities in WatchGuard Firebox devices running Fireware OS could let authenticated attackers execute arbitrary code and take full control of affected appliances. WatchGuard has disclosed three high‑impact vulnerabilities in Fireware OS affecting Firebox firewall appliances, all scored 8.6…
Alleged Scattered Spider Hacker Extradited to US
Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments. The post Alleged Scattered Spider Hacker Extradited to US appeared first on…
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file…
Government and Healthcare Are the Weakest Links in Global Email Security
Government and healthcare sectors have weak email security. Many domains lack SPF, DMARC, DKIM, and MTA-STS, leaving them open to phishing attacks. Comparitech analyzed live DNS records for 5,849 domains across 13 sectors and scored each one out of 8…
Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor’s sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek.…
Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices
NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks. The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek. This article has…
Anthropic Unveils Cyber Jailbreak Severity Framework for Claude Fable 5 Safeguards
Anthropic has provided detailed technical insights into the cybersecurity safeguards of its redeployed Claude Fable 5 model. Alongside this, they have introduced a proposed Cyber Jailbreak Severity (CJS) framework designed to standardize how AI jailbreak risks are measured across various…
Critical Cursor AI IDE Flaws Could Lead to OS-Level Remote Code Execution
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor’s sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI IDE Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek. This…
ChatGPT Guardrail Bypass Vulnerability Exposes LFI Risk Through Download Flow
A now-patched guardrail bypass in ChatGPT that could be exploited through a Local File Inclusion (LFI) vulnerability via its file download mechanism. This incident underscores how logic flaws in large language model (LLM) workflows, particularly concerning temporary file handling and…
FBI Says TeamPCP Uses Trojanized Updates to Steal Cloud Tokens, SSH Keys, and Kubernetes Secrets
The Federal Bureau of Investigation (FBI) has issued an urgent FLASH advisory warning that the cybercriminal group TeamPCP is weaponizing trojanized software updates to harvest cloud access tokens, SSH keys, and Kubernetes secrets at scale. This campaign represents one of…
Consumer security worries, Vought supervises spy budgets, Fortibleed exposes Fortinet
Card data theft remains top concern for U.S. consumers OMB chief to oversee spy agency budgets Fortibleed leads to ransomware attacks and 430,000 Fortinet firewalls exposed Get the show notes here: https://cisoseries.com/cybersecurity-news-consumer-security-worries-vought-supervises-spy-budgets-fortibleed-exposes-fortinet/ Huge thanks to our sponsor, Silent Push Most…
Hackers Use Compromised Websites and transcript.pdf.js Lure to Deliver PureLog Stealer
Hackers are using compromised websites and a deceptive transcript.pdf.js lure to deliver PureLog Stealer through a layered, fileless infection chain that leans heavily on PowerShell, trusted cloud infrastructure, and in-memory execution. The campaign, described in the attached research, shows how…
Intezer helps SOC teams automate custom security tasks
Intezer has announced Custom Agents, a new capability that lets security teams build their own AI agents directly inside the Intezer platform. The launch builds on Intezer’s core approach, that lets autonomous agents do the security work and humans supervise…
IT Security News Hourly Summary 2026-07-03 09h : 9 posts
9 posts were published in the last hour 6:33 : User swore hacker called General Failure had invaded his PC 6:8 : Kioxia Prepares Next-Gen 3D Memory Amid Data Centre Boom 6:7 : Claude Cowork Sandbox Flaw Lets Attackers Execute…
User swore hacker called General Failure had invaded his PC
Maybe they were looking for Private Data This article has been indexed from www.theregister.com – Articles Read the original article: User swore hacker called General Failure had invaded his PC
Kioxia Prepares Next-Gen 3D Memory Amid Data Centre Boom
NAND flash inventor Kioxia, formerly Toshiba Memory, becomes key focus for investors as AI spending surge shifts to inference-related tech This article has been indexed from Silicon UK Read the original article: Kioxia Prepares Next-Gen 3D Memory Amid Data Centre…
Claude Cowork Sandbox Flaw Lets Attackers Execute Commands as Root in Hyper-V VM
A newly disclosed sandbox escape technique in Anthropic’s Claude Cowork for Windows illustrates how attackers can achieve root-level command execution inside a Hyper-V–isolated Ubuntu virtual machine (VM) by exploiting design vulnerabilities in CoworkVMService and its Remote Procedure Call (RPC) interface.…
SharkLoader Malware Uses Perfect DLL Hijacking to Execute Cobalt Strike in Memory
SharkLoader, used by an intrusion cluster tracked as StrikeShark to deliver Cobalt Strike Beacon entirely in memory across a wide international footprint. The campaign combines opportunistic exploitation of exposed internet-facing infrastructure with custom droppers disguised as trusted installers to establish…
Politician who investigated spyware abuses had his phone hacked with Pegasus spyware
A government customer of NSO Group used the company’s Pegasus spyware to hack into the phone of a European politician, who at the time was serving on an EU committee tasked with investigating the spyware industry. This article has been…
Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework
Anthropic has published detailed technical documentation on the cybersecurity safeguards protecting Claude Fable 5, following the model’s global redeployment. The disclosure covers both the AI’s safety classifier system and a draft framework for grading jailbreak severity, developed in partnership with…
Hacker Used Claude AI to Score Free Tickets to Nearly Every US Music Show
A critical unauthenticated SQL injection vulnerability in Front Gate Tickets (FGT), a Live Nation/Ticketmaster subsidiary that powers ticketing for major US festivals including EDC, Bonnaroo, and Outside Lands, allowed full administrative takeover of the platform with help from Anthropic’s Claude…
U.S. Secures Extradition of 19-Year-Old Linked to Scattered Spider
US authorities have intensified their pursuit of individuals linked to the financially motivated hacking collective Scattered Spider, and the extradition of a 19-year-old suspect marks another significant development. Peter Stokes, who is a dual citizen of the United States and…