If you’re shortlisting the best next-generation firewall for 2026, Palo Alto Networks’ PA-Series is our top overall pick for its App-ID application control and machine-learning threat prevention, while Fortinet FortiGate delivers the strongest price-to-performance for most mid-market and distributed networks.…
Tag: Cyber Security News
The Gentlemen Ransomware Uses 21 Remote Execution Techniques to Encrypt Entire Networks
A new ransomware strain called The Gentlemen has emerged as one of the more aggressive threats tracked this year, combining strong encryption with a self-spreading worm engine that can take down an entire corporate network from a single infected machine.…
Gemini Live Voice Session Flaw Enables Tool Injection Through Misconfigured Ephemeral Tokens
A security flaw in how developers implement Google’s Gemini Live API allows attackers to hijack browser-based AI voice sessions, override system prompts, and trigger unauthorized code execution all through a token misconfiguration that traces back to Google’s own reference implementation.…
Microsoft Device Code Phishing Attack Steals Tokens Through Legitimate Login Page
A new phishing technique is tricking users into handing over their Microsoft account tokens without a fake website in sight. Attackers are exploiting a legitimate Microsoft authentication feature to steal access to email, files, and chat messages. The method works…
OpenSSH 10.4 Released with Multiple Security Fixes and New Features
OpenSSH 10.4 launched on July 6, 2026, delivering a batch of security patches, protocol hardening, and early post-quantum cryptography support, available through mirrors listed on the official OpenSSH site. OpenSSH 10.4 Security Fixes The release addresses several vulnerabilities across core…
SilverFox Hackers Use Go RAT, AV Killer, and Kernel Rootkit in Live ValleyRAT Campaign
A new strain of remote access malware is quietly moving through corporate networks, and it does not behave like anything defenders have seen from this threat group before. The malware, tracked as ValleyRAT, is deployed by a hacking group known…
RedLine C2 Pivot Reveals Seven Fraudulent Domains Used in Maritime Phishing Attacks
A single leaked command and control server ended up unraveling an entire phishing operation aimed at the maritime shipping world. What started as a routine look at RedLine Stealer traffic turned into the discovery of seven fake domains built to…
Multiple ModSecurity Vulnerabilities Allow Attackers to Bypass Firewall Rules
Multiple vulnerabilities have been disclosed in OWASP ModSecurity, a widely used open-source web application firewall (WAF), allowing attackers to bypass security rules under specific conditions. The flaws, tracked as CVE-2026-52761 and CVE-2026-52747, affect ModSecurity versions up to 3.0.15 and have…
Moody Bible Institute Data Breach Exposes 2.3 Million Users’ Personal Data
Moody Bible Institute has confirmed a significant data breach after threat actors linked to the ShinyHunters extortion group published personal information belonging to over 2.3 million individuals. The exposed dataset includes donors, supporters, students, and alumni associated with the institute.…
Multiple PHP Vulnerabilities Enable DoS and Memory Corruption Attacks
Multiple security vulnerabilities in PHP have been disclosed that could allow attackers to trigger denial-of-service (DoS) conditions and cause memory corruption, impacting widely deployed web applications. The issues, tracked as CVE-2026-12184 and CVE-2026-14355, were published through official PHP security advisories…
Gaslight macOS Malware Uses Prompt Injection to Evade AI Security Analysis
A fresh piece of Mac malware has surfaced, and it comes with a twist that security teams have not seen before. Written in Rust and tied to North Korean hacking groups, this malware does not just steal data quietly. It…
Agent Skill Malware Targets Claude Code and OpenAI Codex With Scanner-Evasion Techniques
A new class of malicious software is quietly slipping past the security tools meant to protect popular AI coding assistants. Researchers have found that malware hidden inside “agent skills,” small add-on packages used by tools like Claude Code and OpenAI…
15-Year-Old Arrested Over Bandai Channel Cyberattack Using a ChatGPT-Assisted Tool
Japanese police have arrested a 15-year-old high school student from Tokorozawa City, Saitama Prefecture, on suspicion of fraudulent obstruction of business after he allegedly used a ChatGPT-assisted program to launch a sustained cyberattack against Bandai Channel, a popular anime and…
Hackers Abuse OpenAI Org Invites to Harvest Sensitive Prompts and API Activity
Hackers are actively abusing OpenAI’s organization invitation feature to launch a new form of “poisoned tenant” attack, allowing them to harvest sensitive prompts, API activity, and potentially corporate data from unsuspecting users. According to research disclosed by Push Security, attackers…
New TrojPix Attack Lets Attackers Access Air-gapped Computers From 208 Meters
A novel electromagnetic (EM) covert-channel attack, dubbed TrojPix, can steal sensitive data from already-compromised air-gapped computers over distances of up to 208 meters, even through concrete walls, by exploiting only the pixels displayed on a victim’s screen. The technique was…
Opera GX 0-Click Vulnerability Lets Attackers Exfiltrate User Data via Malicious Website
A newly disclosed vulnerability in Opera GX allowed attackers to silently exfiltrate sensitive user data with no interaction required, simply by luring victims to a malicious website. The issue, documented in recent research titled “One trigram at a time: XSLeak…
SSH Honeypots Miss Most Post-Login Attacks by Focusing on Interactive Shells
SSH honeypots, widely used in cyber defense, may miss most real-world post-login attacker activity, according to new research that challenges long-standing assumptions in deception technology. A recent study titled “Ghost Without Shell: Measuring Non-Interactive SSH Attacks on Honeypots” by researchers…
Parrot 7.3 Released With Optimized Packages and Updated Tools
Parrot Security has released Parrot OS 7.3, introducing significant system-level optimizations, updated security tools, and a redesigned application management experience to improve performance and usability for security professionals. The update arrives just months after the previous release, with developers focusing…
T3MP3ST Security Framework With 35 Tools, Turns AI Coding Agents Into 0-Day Bug Hunters
A newly released open-source security framework called T3MP3ST is turning general-purpose AI coding agents like Claude Code, OpenAI’s Codex, and Hermes into autonomous red-teaming operators without requiring new API keys, cloud infrastructure, or additional billing. Built by researcher elder-plinius, T3MP3ST…
Cyber Security News Bulletin Weekly – Mythos is Back, WhatsApp Username, Kali Linux 2026.2, +20 Stories
This week’s roundup covers a major AI security model redeployment, several critical RCE vulnerabilities across popular tools, a landmark WhatsApp privacy update, and the latest Kali Linux release. Anthropic Confirms Claude Mythos 5 Redeployment Anthropic’s most powerful AI cybersecurity model…