The first recognition program for the security leaders who will define the future of cybersecurity. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: The security leaders defining the next decade aren’t in CISO…
Hackers Use RedLine C2 Infrastructure to Target South Korean Maritime Industry
A single RedLine Stealer command-and-control (C2) indicator has revealed a focused spear-phishing campaign targeting the South Korean maritime industry, exposing a cluster of attacker-owned domains and mail infrastructure used to distribute credential-stealing payloads. The initial signal originated from a VMRay…
Bad Epoll Flaw Gives Attackers Root Access on Linux and Android
Bad Epoll (CVE-2026-46242) lets local attackers gain root on Linux and Android. The flaw was missed by AI but found by a security researcher. A newly disclosed Linux kernel vulnerability, named Bad Epoll (CVE-2026-46242), allows a local attacker with no special privileges…
New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that’s capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for…
New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates…
NCA Issues Warning to Parents As Shared Child Photos Exploited by AI Tools
IWF and NCA warn that growing numbers of images and videos are being manipulated into sexual abuse material This article has been indexed from www.infosecurity-magazine.com Read the original article: NCA Issues Warning to Parents As Shared Child Photos Exploited by…
SSH Honeypots Miss Most Post-Login Attacks by Focusing on Interactive Shells
SSH honeypots, widely used in cyber defense, may miss most real-world post-login attacker activity, according to new research that challenges long-standing assumptions in deception technology. A recent study titled “Ghost Without Shell: Measuring Non-Interactive SSH Attacks on Honeypots” by researchers…
Researchers Claim First Fully Agentic Ransomware: JadePuffer
Researchers have revealed JadePuffer, the first agentic AI-powered ransomware campaign, highlighting how autonomous agents can automate cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Claim First Fully Agentic Ransomware: JadePuffer
ISA VDA 6.0.3 (part 5) — Information Security Sheet: Supplier Relationships, Compliance
This is the part 5 of the series about the TISAX label: TISAX getting started: A Deep Dive into the ISA Assessment Workbook (part 1). ISA VDA 6.0.3 (part 5) — Information Security Sheet: Supplier Relationships, Compliance Chapter…
Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of…
Malicious Agent Skills Can Steal Credentials, Exfiltrate Source Code, and Install Backdoors
Malicious AI agent skills can be packaged to steal credentials, exfiltrate source code, and install backdoors while still bypassing many current skill-auditing systems. The paper finds that static scanners are especially weak against payload-preserving evasions, while runtime behavior auditing is…
A week in security (June 29 – July 5)
A list of topics we covered in the week of June 29 to July 5 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (June 29 – July 5)
First AI ransomware, AdaptHealth suffers cyberattack, UK cyber plan delayed
JadePuffer ransomware used AI agent to automate entire attack AdaptHealth suffers cyberattack UK’s National Cyber Action Plan launch delayed by political leadership crisis Get the show notes here: https://cisoseries.com/cybersecurity-news-first-ai-ransomware-adapthealth-suffers-cyberattack-uk-cyber-plan-delayed/ Thanks to our episode sponsor, Vanta Your team just added its…
IT Security News Hourly Summary 2026-07-06 09h : 5 posts
5 posts were published in the last hour 7:4 : Parrot 7.3 Released With Optimized Packages and Updated Tools 7:4 : How to prioritize AI agent security by business impact 7:4 : SkillCloak Lets Malicious AI Agent Skills Evade Static…
Parrot 7.3 Released With Optimized Packages and Updated Tools
Parrot Security has released Parrot OS 7.3, introducing significant system-level optimizations, updated security tools, and a redesigned application management experience to improve performance and usability for security professionals. The update arrives just months after the previous release, with developers focusing…
How to prioritize AI agent security by business impact
Your CEO calls about an AI agent security incident in finance. He wants to know whether money moved, whether financial data was exposed, who owned the agent and why it had this level of access. The agent was connected to…
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
Scanners meant to catch malicious add-on “skills” for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest…
Hackers Use Server-Side Geofencing to Deliver Ousaban Banking Trojan in Spain and Portugal
A targeted campaign that delivers the Ousaban banking Trojan to users in Spain and Portugal using sophisticated server-side geofencing and multi-stage delivery. The adversary begins with a socially engineered phishing PDF that impersonates a corrupted document and coerces victims into…
Securing the inbox: Where identity, brand and security meet
Getting a verified logo to appear next to your email has traditionally meant having to work with two separate entities. You have to work with a DMARC partner for setting up DMARC and BIMI, then use a trusted Certificate Authority…
Blackstone Terminates Huge Virginia Data Centre Project
Blackstone-owned QTS pulls out of plan to create massive 2,100-acre data centre corridor after years of legal challenges This article has been indexed from Silicon UK Read the original article: Blackstone Terminates Huge Virginia Data Centre Project
Bad Epoll Linux Kernel UAF Flaw Lets Unprivileged Attackers Gain Root on Linux and Android
A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46242 and dubbed “Bad Epoll,” exposes a critical race-condition use-after-free (UAF) flaw in the epoll subsystem that allows unprivileged users to escalate privileges to root across Linux systems and potentially Android devices.…
ModSecurity Security Flaws Enable WAF Rule Evasion With Crafted HTTP Requests
ModSecurity, a widely used open-source web application firewall (WAF), has multiple security vulnerabilities that allow attackers to bypass detection with specially crafted HTTP requests. These vulnerabilities, identified as CVE-2026-52761 and CVE-2026-52747, affect ModSecurity versions up to 3.0.15. They have been…
Omnigent: Open-source AI agent framework and meta-harness
Plenty of developers now keep several coding agents close at hand, reaching for Claude Code on one task and Codex or Cursor on the next. Each tool arrives with its own command line, its own handling of credentials, and its…
Gaslight Stealer Embeds Fake System Messages to Mislead AI Malware Analysts
A new macOS stealer, tracked as Gaslight and attributed to North Korean operators, demonstrates a worrying evolution in malware design: deliberate prompt-injection to mislead AI-driven security tools. Gaslight arrives as a standalone Mach-O executable commonly luring macOS users with faux…