Researchers have revealed JadePuffer, the first agentic AI-powered ransomware campaign, highlighting how autonomous agents can automate cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Claim First Fully Agentic Ransomware: JadePuffer
ISA VDA 6.0.3 (part 5) — Information Security Sheet: Supplier Relationships, Compliance
This is the part 5 of the series about the TISAX label: TISAX getting started: A Deep Dive into the ISA Assessment Workbook (part 1). ISA VDA 6.0.3 (part 5) — Information Security Sheet: Supplier Relationships, Compliance Chapter…
Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of…
Malicious Agent Skills Can Steal Credentials, Exfiltrate Source Code, and Install Backdoors
Malicious AI agent skills can be packaged to steal credentials, exfiltrate source code, and install backdoors while still bypassing many current skill-auditing systems. The paper finds that static scanners are especially weak against payload-preserving evasions, while runtime behavior auditing is…
A week in security (June 29 – July 5)
A list of topics we covered in the week of June 29 to July 5 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (June 29 – July 5)
First AI ransomware, AdaptHealth suffers cyberattack, UK cyber plan delayed
JadePuffer ransomware used AI agent to automate entire attack AdaptHealth suffers cyberattack UK’s National Cyber Action Plan launch delayed by political leadership crisis Get the show notes here: https://cisoseries.com/cybersecurity-news-first-ai-ransomware-adapthealth-suffers-cyberattack-uk-cyber-plan-delayed/ Thanks to our episode sponsor, Vanta Your team just added its…
IT Security News Hourly Summary 2026-07-06 09h : 5 posts
5 posts were published in the last hour 7:4 : Parrot 7.3 Released With Optimized Packages and Updated Tools 7:4 : How to prioritize AI agent security by business impact 7:4 : SkillCloak Lets Malicious AI Agent Skills Evade Static…
Parrot 7.3 Released With Optimized Packages and Updated Tools
Parrot Security has released Parrot OS 7.3, introducing significant system-level optimizations, updated security tools, and a redesigned application management experience to improve performance and usability for security professionals. The update arrives just months after the previous release, with developers focusing…
How to prioritize AI agent security by business impact
Your CEO calls about an AI agent security incident in finance. He wants to know whether money moved, whether financial data was exposed, who owned the agent and why it had this level of access. The agent was connected to…
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
Scanners meant to catch malicious add-on “skills” for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest…
Hackers Use Server-Side Geofencing to Deliver Ousaban Banking Trojan in Spain and Portugal
A targeted campaign that delivers the Ousaban banking Trojan to users in Spain and Portugal using sophisticated server-side geofencing and multi-stage delivery. The adversary begins with a socially engineered phishing PDF that impersonates a corrupted document and coerces victims into…
Securing the inbox: Where identity, brand and security meet
Getting a verified logo to appear next to your email has traditionally meant having to work with two separate entities. You have to work with a DMARC partner for setting up DMARC and BIMI, then use a trusted Certificate Authority…
Blackstone Terminates Huge Virginia Data Centre Project
Blackstone-owned QTS pulls out of plan to create massive 2,100-acre data centre corridor after years of legal challenges This article has been indexed from Silicon UK Read the original article: Blackstone Terminates Huge Virginia Data Centre Project
Bad Epoll Linux Kernel UAF Flaw Lets Unprivileged Attackers Gain Root on Linux and Android
A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46242 and dubbed “Bad Epoll,” exposes a critical race-condition use-after-free (UAF) flaw in the epoll subsystem that allows unprivileged users to escalate privileges to root across Linux systems and potentially Android devices.…
ModSecurity Security Flaws Enable WAF Rule Evasion With Crafted HTTP Requests
ModSecurity, a widely used open-source web application firewall (WAF), has multiple security vulnerabilities that allow attackers to bypass detection with specially crafted HTTP requests. These vulnerabilities, identified as CVE-2026-52761 and CVE-2026-52747, affect ModSecurity versions up to 3.0.15. They have been…
Omnigent: Open-source AI agent framework and meta-harness
Plenty of developers now keep several coding agents close at hand, reaching for Claude Code on one task and Codex or Cursor on the next. Each tool arrives with its own command line, its own handling of credentials, and its…
Gaslight Stealer Embeds Fake System Messages to Mislead AI Malware Analysts
A new macOS stealer, tracked as Gaslight and attributed to North Korean operators, demonstrates a worrying evolution in malware design: deliberate prompt-injection to mislead AI-driven security tools. Gaslight arrives as a standalone Mach-O executable commonly luring macOS users with faux…
SSH Attackers Use Single Exec Commands to Bypass Interactive Honeypot Analysis
SSH attackers are increasingly abusing single non-interactive exec commands over SSH to bypass traditional honeypot analysis, effectively turning post-authentication activity into short, automated probes rather than interactive shell sessions that deception systems were designed to study. Recent measurements on eleven…
FatFs Vulnerabilities Let Attackers Execute Code via Crafted USB and SD Card Images
A newly disclosed set of vulnerabilities in the widely used FatFs file system library is raising significant concerns across the embedded systems ecosystem. Researchers are warning that specially crafted USB drives and SD card images can trigger memory corruption and,…
OAuth, guest accounts, and weak MFA drive SaaS risk
Organizations often create guest accounts to give contractors, suppliers, and partners temporary access to files and SaaS applications. Many of these accounts remain active long after they are needed, creating overlooked access paths to corporate data. Guest accounts accounted for…
Flipper Zero firmware development gets a fresh set of community rules
Owners of the Flipper Zero, the pocket-sized wireless testing tool, spent recent weeks worried that its official firmware had gone quiet. Pavel Zhovner, CEO of Flipper Devices, moved to settle that concern with word that the company has set aside…
Product showcase: Is that text a scam? Malwarebytes Mobile Security can help you find out
Malwarebytes Mobile Security for iPhone combines scam prevention, privacy protection, and identity monitoring in a single app. It evaluates a device’s security posture, provides recommendations to improve protection, and is available for Windows, macOS, Android, iOS, and ChromeOS. Installation and…
AI Red Teaming Explained: How to Test LLMs for Vulnerabilities (2026)
By HOC Team | Last updated: July 2026 | Read time: ~22 min Every major organisation deploying AI… The post AI Red Teaming Explained: How to Test LLMs for Vulnerabilities (2026) appeared first on Hackers Online Club. This article has…
The future of payment fraud could be automated
Payment fraud is becoming more organized as criminal groups use fake websites, large-scale operations, and, in some cases, forced labor to steal money and personal information. Advances in agentic AI could automate many stages of payment fraud, from collecting and…