A malicious NuGet package impersonating the Braintree .NET payment library has put production payment systems at risk. The package can collect live card details during transactions, then send the data away without alerting the application or its users. It also…
Tag: EN
GhostApproval Symlink Codes Could Run Malicious Codes in AI Coding Agents
Cyber security experts at Wiz discovered that a bug in six famous AI coding assistants allows a booby-trapped code project to silently take over a developer’s system. The assistant can ask access to edit one innocent-looking file, but the write…
AI-assisted software engineering is creating a new delivery paradox
AI can generate code faster than most software organizations can absorb it. This should be a productivity breakthrough, but it also exposes a larger problem: many of the processes surrounding software delivery still happen at human speed. A new white…
Sysdig uncovers first documented agentic ransomware operation
Security researchers at Sysdig have documented what they believe is the first documented case of an AI agent running a ransomware operation from end to end. Dubbed JADEPUFFER, the operation used a large language model (LLM) to automate an attack…
Network of 200 GitHub Repositories Used for Malware Infection
A Go module is used to load PowerShell code that fetches a resolver from public dead drops to execute Windows malware. The post Network of 200 GitHub Repositories Used for Malware Infection appeared first on SecurityWeek. This article has been…
July 2026 Patch Tuesday forecast: Is CVE tracking still practical?
I was off by a month in my forecast of record-setting CVE releases from Microsoft. In June, we saw the deluge of over 200 reported CVEs that I expected in May. There were 116 CVEs for Windows 11 and 104…
Fake Robinhood Sign-In Alerts Trick Users Into Calling Hacker-Controlled Phone Numbers
A sophisticated callback phishing campaign impersonating Robinhood is coercing victims into dialing attacker-controlled phone numbers by exploiting fear of account compromise. The campaign begins with an unsolicited email or SMS posing as a Robinhood security alert, warning recipients of “unusual…
The open source library holding up your stack might have one maintainer
Every serious software product runs on code that someone else wrote and released for free. A web service leans on a cryptography library, a data pipeline pulls in a parser, and a mobile app ships a handful of small utilities…
Workato expands Agent Studio with Headless API, AI guardrails
Workato has announced two new capabilities for Agent Studio: Headless API and Agent Guardrails. Headless API lets Genies, Workato’s AI agents built on Agent Studio, be embedded into any business application surface, on web, mobile, or inside another agent’s own…
Interpol’s global fraud sweep, China’s Claude Code flag, old Github account tricks
Interpol’s fraud sweep goes global China flags Claude Code Old GitHub accounts, new tricks Get the show notes here: https://cisoseries.com/cybersecurity-news-interpols-global-fraud-sweep-chinas-claude-code-flag-old-github-account-tricks/ Thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security…
Can a self-driving robotaxi take you to the police if you are doing something illegal in the car?
Yes, it can, and this is exactly what happened to a couple of teenagers from San Mateo, CA. A Waymo robotaxi noticed that the two… The post Can a self-driving robotaxi take you to the police if you are doing…
Wireshark 4.6.7 Released With Fixes for Vulnerabilities Allowing Crashes via Malicious Packets
The Wireshark Foundation has released Wireshark 4.6.7, a security-focused update that fixes multiple vulnerabilities that can cause the popular network protocol analyzer to crash when processing specially crafted packets or capture files. Wireshark is widely used by security researchers, network…
Six U-Boot FIT Signature Verification Flaws Enable Code Execution and DoS Attacks
A new security analysis by Binarly Research has uncovered six critical vulnerabilities in the widely used U-Boot bootloader, exposing embedded systems and server management platforms to denial-of-service (DoS) attacks and potential arbitrary code execution. U-Boot is a foundational component in…
Most data brokers won’t tell you what happened to your deletion request
Data brokers collect personal details on most adults in the United States and sell them to buyers that include employers, landlords, insurance companies, and government agencies. California gives residents a way to push back. You can ask a broker to…
Hackers Compromise AWS AI Gateway Connected to Amazon Bedrock to Deploy XMRig Cryptominer
A compromise of an AI gateway linked to Amazon Bedrock, highlighting how generative AI infrastructure has become a new target within the enterprise attack landscape. The incident was disclosed on July 9, 2026, and reveals attackers exploiting a LiteLLM-Proxy EC2…
GigaWiper Uses OneDrive Update Scheduled Task for Persistent Destructive Access
A sophisticated Golang-based backdoor family now tracked as GigaWiper that fuses extensive C2 controls with multiple destructive payloads. What makes GigaWiper noteworthy is not merely its destructive capacity but how it packages several formerly separate wipers and extortion tools into…
Microsoft is rewriting Windows patch guidance because of AI
Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and exploit vulnerabilities after security updates are released. The company says organizations should reassess how quickly they…
Z.ai Launches Programming Agent In Latest Anthropic Challenge
China’s Zhipu AI brings out autonomous programming agent framework ZCode as it squares off against Anthropic, OpenAI worldwide This article has been indexed from Silicon UK Read the original article: Z.ai Launches Programming Agent In Latest Anthropic Challenge
Ransomware Negotiator Jailed for Leaking Victim Secrets to BlackCat Hackers
Angelo Martino, a former ransomware negotiator from Florida, has been sentenced to 70,707 months in federal prison for conspiring with ALPHV/BlackCat ransomware operators to extort victims whom he was supposed to help during incident-response engagements. The U.S. Department of Justice…
Filigran report: Organisations can see their threats but can’t act fast enough
Fragmented tools and manual processes are widening the gap between threat awareness and effective CTEM. Only 41% of organisations have a fully consolidated view of cyber risk exposure, and security teams spend 42% of their time investigating risks that turn…