Every serious software product runs on code that someone else wrote and released for free. A web service leans on a cryptography library, a data pipeline pulls in a parser, and a mobile app ships a handful of small utilities…
Workato expands Agent Studio with Headless API, AI guardrails
Workato has announced two new capabilities for Agent Studio: Headless API and Agent Guardrails. Headless API lets Genies, Workato’s AI agents built on Agent Studio, be embedded into any business application surface, on web, mobile, or inside another agent’s own…
Interpol’s global fraud sweep, China’s Claude Code flag, old Github account tricks
Interpol’s fraud sweep goes global China flags Claude Code Old GitHub accounts, new tricks Get the show notes here: https://cisoseries.com/cybersecurity-news-interpols-global-fraud-sweep-chinas-claude-code-flag-old-github-account-tricks/ Thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security…
IT Security News Hourly Summary 2026-07-10 09h : 8 posts
8 posts were published in the last hour 7:3 : Can a self-driving robotaxi take you to the police if you are doing something illegal in the car? 7:2 : Wireshark 4.6.7 Released With Fixes for Vulnerabilities Allowing Crashes via…
Can a self-driving robotaxi take you to the police if you are doing something illegal in the car?
Yes, it can, and this is exactly what happened to a couple of teenagers from San Mateo, CA. A Waymo robotaxi noticed that the two… The post Can a self-driving robotaxi take you to the police if you are doing…
Wireshark 4.6.7 Released With Fixes for Vulnerabilities Allowing Crashes via Malicious Packets
The Wireshark Foundation has released Wireshark 4.6.7, a security-focused update that fixes multiple vulnerabilities that can cause the popular network protocol analyzer to crash when processing specially crafted packets or capture files. Wireshark is widely used by security researchers, network…
Six U-Boot FIT Signature Verification Flaws Enable Code Execution and DoS Attacks
A new security analysis by Binarly Research has uncovered six critical vulnerabilities in the widely used U-Boot bootloader, exposing embedded systems and server management platforms to denial-of-service (DoS) attacks and potential arbitrary code execution. U-Boot is a foundational component in…
Most data brokers won’t tell you what happened to your deletion request
Data brokers collect personal details on most adults in the United States and sell them to buyers that include employers, landlords, insurance companies, and government agencies. California gives residents a way to push back. You can ask a broker to…
Hackers Compromise AWS AI Gateway Connected to Amazon Bedrock to Deploy XMRig Cryptominer
A compromise of an AI gateway linked to Amazon Bedrock, highlighting how generative AI infrastructure has become a new target within the enterprise attack landscape. The incident was disclosed on July 9, 2026, and reveals attackers exploiting a LiteLLM-Proxy EC2…
GigaWiper Uses OneDrive Update Scheduled Task for Persistent Destructive Access
A sophisticated Golang-based backdoor family now tracked as GigaWiper that fuses extensive C2 controls with multiple destructive payloads. What makes GigaWiper noteworthy is not merely its destructive capacity but how it packages several formerly separate wipers and extortion tools into…
Microsoft is rewriting Windows patch guidance because of AI
Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and exploit vulnerabilities after security updates are released. The company says organizations should reassess how quickly they…
Z.ai Launches Programming Agent In Latest Anthropic Challenge
China’s Zhipu AI brings out autonomous programming agent framework ZCode as it squares off against Anthropic, OpenAI worldwide This article has been indexed from Silicon UK Read the original article: Z.ai Launches Programming Agent In Latest Anthropic Challenge
Ransomware Negotiator Jailed for Leaking Victim Secrets to BlackCat Hackers
Angelo Martino, a former ransomware negotiator from Florida, has been sentenced to 70,707 months in federal prison for conspiring with ALPHV/BlackCat ransomware operators to extort victims whom he was supposed to help during incident-response engagements. The U.S. Department of Justice…
Filigran report: Organisations can see their threats but can’t act fast enough
Fragmented tools and manual processes are widening the gap between threat awareness and effective CTEM. Only 41% of organisations have a fully consolidated view of cyber risk exposure, and security teams spend 42% of their time investigating risks that turn…
Turning software supply chain security into a daily habit
In this Help Net Security video, Anastasia Tikhonova, Global Threat Research Lead at Group-IB, explains how to operationalize software supply chain risk. Instead of filing an SBOM away as a compliance document, she argues teams should use it every day…
Malicious Braintree.Net Typosquat Steals PAN, CVV, and Payment Gateway Credentials
A malicious NuGet package masquerading as the official Braintree .NET client on July 3, 2026 and Socket’s automation labeled it potential malware within ten minutes. The package, published under the misleading name Braintree.Net, is a carefully crafted typosquat that mirrors…
OpenAI Launches GPT-5.6 With Multi-Agent Cybersecurity and Vulnerability-Exploitation Capabilities
OpenAI has introduced the GPT-5.6 family, comprising Sol, Terra, and Luna, positioning it as a multi-agent platform tailored for advanced cybersecurity workflows, vulnerability research, and exploit development. The company claims that these models offer better performance per dollar compared to…
OpenAI Releases GPT-5.6 and ChatGPT Work, a New Companion to Handle Your Tasks
OpenAI has released the GPT-5.6 model family for general availability, introducing three models aimed at different performance and cost requirements: Sol, the flagship system; Terra, a balanced option for routine professional workloads; and Luna, the fastest and lowest-cost member of…
AWS gives its ERP agent deny-by-default rules and a separate identity
Accounts receivable teams at large companies spend hours each day matching incoming bank payments to invoices by hand. When those payments sit unmatched for days, cash flow suffers and days sales outstanding climbs. The same pattern repeats across blocked invoices,…
Microsoft Uses AI-Powered Agentic Scanning to Find Windows Security Flaws and Accelerate Patching
Microsoft is expanding its AI-driven vulnerability discovery across Windows, introducing a multi-model “agentic” scanning system designed to identify security flaws earlier and accelerate global patch deployment. AI-Powered Vulnerability Discovery At the core of this initiative is Microsoft Security’s Multi-Model Agentic…
Multiple U-Boot Vulnerabilities Enable Pre-Authentication Code Execution and Device DoS Attacks
Six critical vulnerabilities in the widely used U-Boot bootloader, which can be exploited through malicious Flattened Image Tree (FIT) images, allowing attackers to achieve pre-authentication arbitrary code execution or crash devices during the early boot process. U-Boot is foundational to…
Only 28% of financial workforce MFA is phishing-resistant
Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new Secret Double Octopus report. Key challenges preventing universal implementation of phishing-resistant MFA (Source: Secret Double Octopus)…
New infosec products of the week: July 10, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Attestiv, Automox, Codenotary, and First Recon AI. Codenotary launches AI security platform that learns from AI agent behavior Codenotary has announced AgentMon 3, the latest…
AI-Assisted Hackers Compromise AWS Cloud in 72 Hours Using Stolen Credentials
An AI-assisted threat actor has demonstrated how quickly a modern AWS environment can be compromised when valid credentials, weak identity controls, and exposed secrets intersect. In about 72 hours, they achieved broad cloud control using familiar techniques executed at an…