Mexico’s first cyber test gets tested Snoops break into Roundcube mailservers Cash App owner pays up over lax security Get the show notes here: https://cisoseries.com/cybersecurity-news-mexicos-big-cyber-test-roundcube-mailserver-snooped-on-cash-app-found-lax/ Thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And…
Meta’s New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images
Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it’s enabled by default. “You can also @-mention Instagram accounts in the Meta AI app…
Cybercriminals Plant Malicious AI Agents in Open Source Tool Repositories
Cybersecurity researchers at ESET identify big rise in suspicious and malicious toolsets which put users at risk from cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Plant Malicious AI Agents in Open Source Tool Repositories
SNOW Malware Ecosystem Uses Teams Phishing, WebSocket Tunnels, and Browser Extensions
Threat actors are increasingly chaining classic phishing with collaboration platforms and covert tunneling to create highly believable intrusion paths. A recent multi-stage campaign attributed to UNC6692 exposes how adversaries combine email bombardment, Microsoft Teams impersonation, malicious browser extensions, WebSocket tunnels,…
Chrome 150 Update Patches 27 Vulnerabilities
The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google. The post Chrome 150 Update Patches 27 Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Chrome 150 Update…
Everest Ransomware Encryptor Uses ConfuserEx-Protected .NET Binary With Wake-on-LAN Capability
A recent technical analysis of an Everest ransomware encryptor reveals a purpose-built, ConfuserEx-protected .NET 4.0 binary that combines heavy obfuscation, misleading cryptographic declarations, and uncommon network tactics to maximize impact and impede response. The analyzed sample (hlntqyun.exe, SHA-256 1df92b…) is…
Thief posed as Wi-Fi fixing hero, then stole priceless trophy
If people think you are doing a legitimate job, you can get away with anything This article has been indexed from www.theregister.com – Articles Read the original article: Thief posed as Wi-Fi fixing hero, then stole priceless trophy
8Layers Raises $2.9 Million for Identity Security Platform
The Spanish startup has closed an extended pre-seed funding round two months after launching its digital identity protection platform. The post 8Layers Raises $2.9 Million for Identity Security Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
IT Security News Hourly Summary 2026-07-09 09h : 7 posts
7 posts were published in the last hour 6:35 : Umbrij Malware Lets ToddyCat Hackers Hijack Gmail Accounts Through Google API Abuse 6:35 : Palo Alto PAN-OS Vulnerability Allows Arbitrary Code Execution Through Malicious Network Traffic 6:34 : New GhostApproval…
Umbrij Malware Lets ToddyCat Hackers Hijack Gmail Accounts Through Google API Abuse
A targeted campaign in which the ToddyCat (aka APT-style) group leverages a previously observed loader family, Umbrij, to hijack Gmail accounts by abusing Google APIs. Chaining that capability to broad remote access achieved through a malicious MSI installer masquerading as…
Palo Alto PAN-OS Vulnerability Allows Arbitrary Code Execution Through Malicious Network Traffic
Palo Alto Networks has disclosed a high-severity vulnerability in PAN-OS that could allow unauthenticated attackers to execute arbitrary code or trigger a denial-of-service (DoS) condition by sending specially crafted network traffic. Tracked as CVE-2026-0288, the flaw carries a CVSS-B score…
New GhostApproval Vulnerability Affects Amazon Q, Claude Code, Cursor, and Other AI Agents
A newly disclosed vulnerability pattern dubbed “GhostApproval” has exposed a critical security flaw in six of the most widely used AI coding assistants: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf, allowing malicious repositories to bypass…
Malicious AI agent skills can slip past the scanners built to stop them
Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. Each one is a little bundle of plain-English instructions, scripts, and files…
Singapore Mansion Seized Amid Nvidia Chip Smuggling Probe
Singapore police charge man with using proceeds from Nvidia server fraud conspiracy to buy luxury home in upscale area This article has been indexed from Silicon UK Read the original article: Singapore Mansion Seized Amid Nvidia Chip Smuggling Probe
The fake report message that ends with a stolen Reddit account
A direct message arrives on Reddit from a stranger, and it invites a reply. That reply is the point. This scheme runs on social engineering, with no malware and no malicious links, and it has spread across Reddit, Discord, and…
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker’s code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls…
Product showcase: Protect your iPhone with McAfee Mobile Security
McAfee Mobile Security for iOS combines scam protection, web protection, VPN, Wi-Fi security, and device security checks in a single app. It is also available for Android. After downloading the app from the App Store, I created an account and…
Open-source collaboration is growing worldwide and putting pressure on maintainers
Developers are pushing code and opening pull requests across economy borders at a rate GitHub has rarely seen. Outbound collaboration, the sum of git pushes and pull requests sent from developers in one economy to public repositories in another, grew…
New Helix Extortion Group Targets Enterprises With MFA Abuse and SharePoint Exfiltration
A previously unreported data extortion operation dubbed “Helix” that targets enterprises using identity-focused entry techniques and automated SharePoint exfiltration. The group’s playbook combines voice phishing (vishing), device-code phishing to capture session tokens and bypass Conditional Access controls, rapid MFA registration…
How to Set Up a Home Hacking Lab for Beginners (Free and Legal) (2026)
By HOC Team | Last updated: July 2026 | Read time: ~20 min Every ethical hacker, penetration tester,… The post How to Set Up a Home Hacking Lab for Beginners (Free and Legal) (2026) appeared first on Hackers Online Club.…
ESET Threat Report H1 2026
A view of the H1 2026 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. This article has been indexed from WeLiveSecurity Read the original article: ESET Threat Report H1 2026
Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices
Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device’s web management interface. The post Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Messaging fraud trends point to smarter attacks, stronger blocking
Fraudsters spent 2025 investing in scale. New routes, new tools, and higher message volumes moved through the SMS, voice, and chat channels that businesses rely on to reach customers. Money follows that activity. The Communications Fraud Control Association puts global…
Wireshark 4.6.7 patches a dozen security flaws
Network analysts who open packet captures in Wireshark push untrusted data through a large set of protocol dissectors, and each parser is a spot where a malformed frame can trip up the software. The 4.6.7 maintenance release closes twelve of…