June 2026 saw 176 confirmed cyber attacks. Cyber Crime drove three in four incidents, Malware remained attackers’ weapon of choice, and Information & Communication infrastructure took the heaviest hit. This visual breakdown charts the month’s motivations, attack vectors, initial access…
Your coding agent says no in chat and yes in the code
Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own output across many turns. The safety testing that vets these agents still runs…
GhostApproval Flaw Hits Six Major AI Coding Assistants
Wiz discovered GhostApproval, a symlink flaw in six major AI coding assistants that bypasses approval This article has been indexed from www.infosecurity-magazine.com Read the original article: GhostApproval Flaw Hits Six Major AI Coding Assistants
Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign
A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data extortion. The threat actor begins by registering domains that include the term “passkey” (for example, assignpasskey[.]com, deploypasskey[.]com, passkeydeploy[.]com, passkeyadd[.]com,…
Foxit Patches Multiple Use-After-Free Flaws Leading to Remote Code Execution
Foxit has released critical security updates to address multiple use-after-free vulnerabilities that could lead to remote code execution (RCE) in its widely used PDF Reader and PDF Editor products. The vulnerabilities, disclosed in Foxit’s July 8, 2026 security bulletin, affect…
GhostApproval Attack Impacts Amazon Q, Claude Code, Cursor, Google Antigravity, and Windsurf
A newly disclosed vulnerability pattern known as “GhostApproval” is exposing significant flaws in the trust boundary of leading AI coding assistants, including Amazon Q Developer, Anthropic Claude Code, Cursor, Google Antigravity, Augment, and Windsurf. This issue demonstrates how attackers can…
Madison Square Garden Kept a List of Gay Celebrities
An MSG database tracked and categorized hundreds of celebs, famous Knicks superfans, and even some of Taylor Swift’s wedding guests. Labels included “LGBTQIA,” “DO NOT HOST,” and low to high “risk.” This article has been indexed from Security Latest Read…
Mount Royal University Confirms Data Stolen in Ransomware Attack
Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data. The post Mount Royal University Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Microsoft Patches Defender ‘RoguePlanet’ Vulnerability
The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update. The post Microsoft Patches Defender ‘RoguePlanet’ Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Microsoft…
Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection…
Google Chrome Update Patches 27 Security Vulnerabilities Including Critical Use-After-Free Flaws
Google has released a critical security update for Chrome, upgrading the Stable channel to version 150.0.7871.114/.115 on Windows and macOS, and to version 150.0.7871.114 on Linux. This update addresses 27 vulnerabilities, including several critical use-after-free flaws that could potentially enable…
GitLab Patches 8 Vulnerabilities Affecting CE and EE Installations
GitLab has released critical security updates to address eight vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE). Administrators are urged to upgrade immediately to versions 19.1.2, 19.0.4, or 18.11.7. The patch rollout on July 8, 2026, includes fixes…
Nike Alleged Breach: Threat Actors Claim Leak of Millions of Customer Records
A threat actor on a prominent cybercrime forum has claimed responsibility for leaking data allegedly belonging to Nike and Alcon, posting the purported datasets for download. The claims, currently unverified, suggest a significant breach affecting millions of records across both…
IT Security News Hourly Summary 2026-07-09 12h : 5 posts
5 posts were published in the last hour 10:4 : Turn off this Meta setting before someone generates AI images of you 10:4 : New AI Security Charter Backed by Over 70 Cyber Firms 9:34 : GitHub Copilot IDE Coding…
Turn off this Meta setting before someone generates AI images of you
Meta’s new Muse Image tool lets anyone generate AI images of you from your public Insta profile. You won’t be notified, and it’s on by default. This article has been indexed from Malwarebytes Read the original article: Turn off this…
New AI Security Charter Backed by Over 70 Cyber Firms
Over 70 cybersecurity organizations have signed the CREST AI Charter detailing responsible use of AI for security This article has been indexed from www.infosecurity-magazine.com Read the original article: New AI Security Charter Backed by Over 70 Cyber Firms
GitHub Copilot IDE Coding Agents Vulnerable to Workflow-Level Jailbreak Attacks
GitHub Copilot’s new coding agents, which are integrated into IDEs, are susceptible to a specific type of “workflow-level” jailbreak attacks. These attacks can bypass chat refusals, allowing agents to generate harmful code while performing standard software development tasks unwittingly. According…
HalluSquatting Attack Lets Hackers Turn AI Coding Assistants Into Botnet Installers
A newly disclosed attack technique called “HalluSquatting” is raising serious concerns in the AI security landscape. This technique demonstrates how attackers can exploit large language model (LLM) hallucinations to covertly compromise systems and potentially create botnets on a large scale.…
New AI Security Charter Backed by 71 Cyber Firms
Over 70 cybersecurity organizations have signed the CREST AI Charter detailing responsible use of AI for security This article has been indexed from www.infosecurity-magazine.com Read the original article: New AI Security Charter Backed by 71 Cyber Firms
npm and PyPI Malware Campaign Exfiltrates CI/CD Secrets Through Fake Payment SDKs
A coordinated supply-chain campaign that pushed 17 malicious packages across npm and PyPI, masquerading as SDKs for well-known payment services including PaySafe, Skrill and Neteller. The campaign’s packages 17 npm modules published with four rapid versions each and four PyPI…
Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes
Fake apps like WireVPN and a trojanized 7-Zip turn victims’ devices into residential proxies, letting criminals route traffic through their IPs. Infoblox’s threat research team started pulling on a single thread in early 2026: a fake version of the 7-Zip…
AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique
Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval. The post AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique appeared first on SecurityWeek. This article has been indexed from…
AWS centralizes access, spending, and governance for Claude
Claude apps gateway for AWS is a self-hosted control plane that gives organizations a single point of control over access, costs, and policies for Claude Code and Claude Desktop. It replaces per-developer cloud credentials, manual distribution of managed settings to…
Microsoft Releases Patches for RoguePlanet Defender Zero-Day Vulnerability
Microsoft has released security updates to address a newly disclosed zero-day vulnerability in Microsoft Defender, publicly referred to as “RoguePlanet.” The flaw, tracked as CVE-2026-50656, affects the Microsoft Malware Protection Engine and could allow attackers to gain elevated privileges on…