Welcome to this week’s edition of the GBHackers cybersecurity newsletter — your weekly cybersecurity bulletin covering the 40 most important stories from July 6–10, 2026. This week the security world collided with AI head-on: prompt-injection attacks turned chatbots into C2…
Tag: EN
Cyber Security Newsletter and Bulletin Weekly – 16-Year-Old Linux, Ubiquiti Flaws, Accenture Breach, Android 17 Exploit +20 Stories
This week’s bulletin exposes just how long dangerous flaws can hide in plain sight, with a 16-year-old Linux KVM escape bug and a 15-year-old kernel privilege escalation flaw both surfacing after more than a decade undetected. Enterprise infrastructure took a…
Cybersecurity Career Roadmap: From Beginner to Professional in 2026
By HOC Team | Last updated: July 2026 | Read time: ~25 min Cybersecurity is one of the highest-demand,… The post Cybersecurity Career Roadmap: From Beginner to Professional in 2026 appeared first on Hackers Online Club. This article has been indexed…
Week in review: Accenture data breach, great open-source cybersecurity tools
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Securing the inbox: Where identity, brand and security meet Getting a verified logo to appear next to your email has traditionally meant having to work…
Microsoft Confirms Windows GDID Device Identifier That Cannot Be Disabled, Documented in FBI Case Filing
Microsoft has publicly acknowledged the existence of the Global Device Identifier (GDID), a device-specific ID assigned to Windows installations, in a federal c Thank you for being a Ghacks reader. The post Microsoft Confirms Windows GDID Device Identifier That Cannot…
Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S.…
Apple Sues OpenAI and Former Employees for Alleged Theft of Trade Secrets
Apple has filed a federal lawsuit against OpenAI, accusing the ChatGPT maker of orchestrating a systematic campaign to steal confidential hardware designs, manufacturing processes, and supplier relationships through more than 400 former Apple employees now working at OpenAI. The 41-page…
U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities (KEV) catalog. The…
Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices
Binarly found six U-Boot flaws, including two that enable code execution during boot image verification, impacting 50+ releases. Binarly’s research team has found six vulnerabilities in U-Boot, the open-source bootloader that runs on home routers, smart cameras, server management controllers,…
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. “At Balochistan Police, the compromised assets included servers hosting web…
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux. Published on July 11, 2026, it needs no import and no CLI call.…
Meta Faces Privacy Questions After Employee Data Exposure Report
After sensitive employee information was reportedly made available throughout the organization, Meta has suspended an internal employee monitoring initiative intended to assist in the development of artificial intelligence systems. Initially introduced in April, the Model Capability Initiative was intended…
Six U-Boot Vulnerabilities Could Enable Pre-Boot Code Execution and Persistent Firmware Attacks
Security researchers have identified six vulnerabilities in the widely deployed U-Boot bootloader that could allow attackers to execute malicious code during the earliest stages of a device’s startup process. If successfully exploited, the flaws could enable firmware-level attacks capable…
U.S. Security Expert Sentenced for Aiding BlackCat Ransomware Gang
A cybersecurity professional has become the third U.S. security expert sentenced to prison for aiding a ransomware gang, marking a significant escalation in insider threat cases involving incident response firms. Angelo Martino, a 41-year-old from Florida, pleaded guilty to…
New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents
A novel supply chain attack called “Ghostcommit” that conceals prompt-injection instructions within PNG images to bypass AI code reviewers and trick coding agents into leaking secrets such as .env files. The ASSET Research Group demonstrated that a pull request containing…
Microsoft Teams on macOS Screen Sharing Bug Causing Blank Screens
Microsoft has confirmed a known issue in Teams on macOS that causes screen sharing to fail, freeze, or show a blank black screen during meetings. The bug affects users running macOS versions older than macOS Tahoe 26.4, and Microsoft has…
Ghost Accounts Abuse GitHub API in Mass Recon Campaign
Multiple campaigns are using ghost accounts to map GitHub organizations, including their repositories and members. The post Ghost Accounts Abuse GitHub API in Mass Recon Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Injective Labs GitHub Compromise Distributes Malicious npm Package Targeting Crypto Wallet Keys
Cybersecurity researchers have detected a software supply chain attack in which threat actors compromised the Injective Labs SDK GitHub repository and utilized it to distribute a backdoored version of the npm package containing cryptocurrency wallet credentials stealing capabilities. Researchers…
Hackers Target Industries in Japan, Attacks Share One Pattern
Four big Japan cyberattacks point to a common trend: threat actors are getting access via third-party infrastructure and subsidiaries, not from corporate headquarters. While the attacks impacted companies from varying industries such as telecommunications, manufacturing, insurance, and brewing, the breaches…
Physicists finally build a quantum material predicted more than a decade ago
Researchers have achieved a major milestone by creating a long-sought two-dimensional quantum material and confirming its unusual conducting edge states. The ability to control these states through strain could make the material a promising platform for future room-temperature quantum electronics.…