ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities This article has been indexed from WeLiveSecurity Read the original article: Forgotten UEFI shims undermining Secure Boot
OkoBot: new sophisticated malware framework targets cryptocurrency users
Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs TookPS, exfiltrates seed phrases, monitors Chromium-based browsers, and installs various malware strains, including the Rilide stealer. This article has been indexed from Securelist Read the…
Critical SonicWall Firewall 0-Day Vulnerabilities Actively Exploited in Attacks
SonicWall has issued an urgent security advisory regarding two vulnerabilities affecting its SMA1000 Series appliances. The company is warning that attackers are actively exploiting these flaws in real-world attacks. The most critical issue, tracked as CVE-2026-15409, carries a maximum CVSS…
Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption
The company has rolled out a fix and is restoring access for Storage Zones Controller customers who apply it. The post Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below – @asyncapi/generator-helpers@1.1.1 @asyncapi/generator-components@0.7.1 @asyncapi/generator@3.3.1 @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) “The This…
IT Security News Hourly Summary 2026-07-15 12h : 10 posts
10 posts were published in the last hour 9:38 : ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell 9:36 : Microsoft Patches 570 CVEs in Record Patch Tuesday 9:26 : OpenAI Plans Smart Speaker In First Hardware Foray 9:23…
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell
The industrial giants fixed dozens of vulnerabilities across their ICS products, with advisories also released by CISA and VDE CERT. The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell appeared first on SecurityWeek. This article has been indexed…
Microsoft Patches 570 CVEs in Record Patch Tuesday
Microsoft released fixes for a record 570 CVEs in its July Patch Tuesday update, as experts warn AI is dramatically accelerating vulnerability discovery and increasing patch volumes This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Patches…
OpenAI Plans Smart Speaker In First Hardware Foray
Start-up reportedly planning to launch ChatGPT-powered speaker this year, as it faces Apple lawsuit claiming theft of hardware secrets This article has been indexed from Silicon UK Read the original article: OpenAI Plans Smart Speaker In First Hardware Foray
SheetAgent RAT Runs 14 Virtual Machine Checks and Self-Deletes When Analysis Is Detected
A threat campaign targeting Indian government job seekers is using a recruitment notice for Senior Field Officer positions in the Cabinet Secretariat as a lure to deploy a custom remote access Trojan, SheetAgent RAT. The campaign begins with a ZIP…
SonicWall warns of active exploitation of two SMA 1000 zero-days
SonicWall warns of active attacks exploiting two SMA 1000 zero-days, including a flaw enabling arbitrary command execution. SonicWall confirmed the active exploitation of two zero-day vulnerabilities affecting Secure Mobile Access (SMA) 1000 appliances. The vulnerabilities were internally discovered and reported…
Fluke – 821,100 breached accounts
In July 2026, electronic test and measurement equipment company Fluke was targeted in a ShinyHunters “pay or leak” extortion campaign. The group subsequently published more than 100GB of data allegedly taken from the company. The corpus contained largely corporate contact…
This fake Apple app can unlock your Mac’s password vault
Disguised as Apple’s CrashReporter, CrashStealer steals passwords, browser data, crypto wallets, and other sensitive information. This article has been indexed from Malwarebytes Read the original article: This fake Apple app can unlock your Mac’s password vault
FreeRDP 3.29.0 security update resolves 22 advisories
FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license, and it runs on a large share of workstations and servers through the many tools built on it. The 3.29.0 version is a security, bugfix,…
AWS retools Security Hub for AI and multicloud threats
AWS added AI workload protection and Microsoft Azure security monitoring to Security Hub, its centralized security platform for collecting and prioritizing security findings across cloud environments. Support for additional cloud platforms will follow. “Collecting findings was never the hard part.…
Government Updates UK’s National Risk Register with Cyber Warnings
The UK government is warning of the potential impact of catastrophic cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Government Updates UK’s National Risk Register with Cyber Warnings
UK Man Jailed Over SWAT Calls After Being Identified By FBI
Callum Dare, 26, sentenced to prison in first sentence in Wales for hoax calls designed to trigger armed police response This article has been indexed from Silicon UK Read the original article: UK Man Jailed Over SWAT Calls After Being…
New LegacyHive Windows 0-day Vulnerability Allows Users to Load Another User’s Registry
A proof-of-concept exploit dubbed LegacyHive has been released, enabling a Windows elevation-of-privilege vulnerability in the Windows User Profile Service that allows a standard user to load another user’s registry hive under their own registry classes root. Registry hives are files…
Gamers Download Fake Cheats and Hand Attackers a Live Remote Control of Their Windows PCs
New research uncovered 11 malicious NuGet packages disguised as game cheats, bots, and management panels for popular online titles. The campaign targets gaming communities playing titles such as Albion Online, GTA5RP, GrandRP, Majestic RP, and Throne and Liberty. Once installed,…
Chinese Hackers Embed Claude Code and DeepSeek in AI-Powered Government Cyberattacks
An active, highly structured intrusion campaign co-opting commercial artificial intelligence platforms as operational engines for state-sponsored operations. Rather than acting as peripheral research tools, Claude Code and DeepSeek-v4-pro were embedded directly into the core execution flows of a China-linked cyber…
Researcher Claims Bypass of EU Age Verification App Using Chrome Extension
Security researcher Paul Moore has once again exposed critical weaknesses in the EU’s flagship age verification system, this time by bypassing the latest app release (version 2026.07-1) using a Chrome extension powered by ClaudeAI. The proof-of-concept shows that, despite months…
Virgin Media Fined After Dropping Calls Of Those Trying To Switch
Record £28m Ofcom fine comes after Virgin Media repeatedly dropped calls, put customers on hold for no reason for nearly three years This article has been indexed from Silicon UK Read the original article: Virgin Media Fined After Dropping Calls…
Product showcase: Trust Chain TPRM turns vendor compliance evidence into verified assurance
Trust Chain is an AI-native third-party risk management (TPRM) solution by Strike Graph that replaces the security questionnaire model with validated evidence of compliance. Rather than asking vendors to self-report their security posture, Trust Chain requires vendors to submit evidence,…
Fortinet adds AI controls and data loss prevention to FortiEndpoint
Fortinet has announced new capabilities for its unified endpoint platform, FortiEndpoint, designed to help organizations securely adopt AI, protect sensitive data, and reduce risk. By bringing AI visibility and control, native data security, endpoint risk scoring, and FortiAI-assisted operations into…