Noma Labs details GitLost, a prompt injection flaw that made GitHub’s AI agent expose private repo data through a crafted public issue and guardrail failures. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
SindriKit 1.3.0 Abuses Call Stack Spoofing to Bypass EDR Detection
SindriKit 1.3.0 introduces a significant advancement in evading Endpoint Detection and Response (EDR) systems by exploiting dynamic call stack spoofing. This method defeats telemetry that inspects kernel-transition call chains, going beyond just user-mode hooks. Previously, SindriKit 1.2.0 had already separated…
Hackers Use Recruiter Phishing Emails and Fake Career Pages to Harvest Gmail Logins
A new phishing campaign is targeting job seekers by posing as recruiters from recognizable brands. The scheme uses fake career pages and worded emails to trick people into handing over Gmail login credentials. What makes this campaign notable is not…
IT Security News Hourly Summary 2026-07-07 15h : 13 posts
13 posts were published in the last hour 13:4 : Microsoft Confirms Windows 11, 26H2 Comes With Change in Backup Policy 13:4 : Enterprise AI still smarting from leaping before looking 13:4 : Critical Adobe ColdFusion Vulnerability Exploited in Attacks…
Microsoft Confirms Windows 11, 26H2 Comes With Change in Backup Policy
Microsoft has confirmed a significant change to its Windows settings backup policy with the upcoming release of Windows 11 version 26H2, marking a shift toward improved system resilience and recovery capabilities. According to Microsoft, the Windows settings backup policy will…
Enterprise AI still smarting from leaping before looking
Majority report AI-related security incidents or vulnerabilities This article has been indexed from www.theregister.com – Articles Read the original article: Enterprise AI still smarting from leaping before looking
Critical Adobe ColdFusion Vulnerability Exploited in Attacks
Hackers are exploiting a recently patched critical vulnerability (CVE-2026-48282) in Adobe ColdFusion that carries a CVSS score of 10/10. The post Critical Adobe ColdFusion Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Commvault measures cyber recovery readiness with AI attack simulations
Commvault has announced Commvault Minutes to Recovery, a scenario-driven cyber resilience simulation that lets participants act as a hacker and run their own attacks using frontier AI tools. Then, participants are challenged to defend against and recover from an incident…
Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks
Researchers say the Iran-linked threat actor used an adaptable modular malware framework and compromised IT service providers to reach high-value targets in Israel. The post Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks appeared first on SecurityWeek. This article has…
Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)
CVE-2026-48282, one of the maximum severity vulnerabilities patched in Adobe ColdFusion on June 30, 2026, has been targeted by attackers in the wild. Exploitation attempts were detected on July 2, through the honeypot sensors of cybersecurity threat-intelligence service KEVIntel, mere…
What Changes When Your Software Supply Chain Includes AI Writing Your Code?
Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, “software supply chain security” meant one question: what’s in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody…
Tenda Router Backdoor Grants Admin Access
CERT/CC has published an advisory warning that several Tenda router models contain a hardcoded authentication backdoor that grants full administrative access to anyone who knows a hidden password. This article has been indexed from CyberMaterial Read the original article: Tenda…
Ctrl Wallet shuts down after June security exploit
Ctrl Wallet announced Tuesday it will permanently shut down operations following a security breach that compromised Cardano wallets on its platform. This article has been indexed from CyberMaterial Read the original article: Ctrl Wallet shuts down after June security exploit
Microsoft enables Windows backup by default
Microsoft has announced that the Windows settings backup and restore tool will be enabled by default on enterprise systems after upgrading to Windows 11 version 26H2. This article has been indexed from CyberMaterial Read the original article: Microsoft enables Windows…
UK Cyber Resilience Pledge gains 60 signatories
The UK government has launched a voluntary Cyber Resilience Pledge, attracting 60 organizations including Marks & Spencer, one of last year’s most prominent cyberattack victims in the retail sector. This article has been indexed from CyberMaterial Read the original article:…
IQM acquires Quantistry assets for quantum solutions
IQM Quantum Computers has completed the acquisition of selected assets from Quantistry, a Berlin-based developer of cloud-based simulation workflow platforms, for an undisclosed sum. This article has been indexed from CyberMaterial Read the original article: IQM acquires Quantistry assets for…
TeamPCP Supply Chain Attacks Feed VECT Ransomware With Stolen CI/CD Credentials
TeamPCP’s wide-scale supply-chain compromises have materially fueled VECT ransomware operations by supplying a vast archive of stolen CI/CD credentials, reshaping how organizations should measure ransomware exposure. Rather than choosing victims in advance, TeamPCP contaminated widely used components Trivy, Checkmarx KICS,…
Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom
The company just raised $7 million in seed funding, and is launching its app for iPhone and Android on Tuesday. This article has been indexed from Security News | TechCrunch Read the original article: Savi’s app aims to protect consumers…
CISO Conversations: Tarah Wheeler, Cybersecurity Leader, Thought Leader and Original Thinker
Tarah Wheeler is CISO at TPO Group, a firm that provides cybersecurity consultancy for high-stakes organizations. But despite this elevated position, her journey was far from typical. The post CISO Conversations: Tarah Wheeler, Cybersecurity Leader, Thought Leader and Original Thinker…
Attackers Exfiltrate AnyDesk Configuration Data via Blat SMTP in Aerospace Phishing Campaign
A targeted spear-phishing campaign that configures AnyDesk for silent, persistent remote access and exfiltrates its configuration using the Blat SMTP utility. The campaign uses an aerospace-themed invoice lure that impersonates the Russian research institute VNIIR via a freshly registered spoof…
OpenAI Codex Desktop App for macOS Vulnerability Allows Attackers to Inject Indirect Prompt
A newly disclosed vulnerability in the OpenAI Codex desktop application for macOS could allow attackers to exploit indirect prompt injection techniques to exfiltrate sensitive data, according to a recent entry in the GitHub Advisory Database. Tracked as CVE-2026-14898, the issue…
Hackers Leverage Microsoft Teams Call to Install RMM Tools and Deploy EtherRAT
Threat actors are now weaponizing something as ordinary as a Microsoft Teams call to slip past corporate defenses and plant a stealthy new remote access trojan called EtherRAT. The campaign blends social engineering with legitimate remote support software, making it…
Claude Code’s hidden tracker was an “experiment,” says Anthropic
Anthropic’s hidden Claude Code tracker has raised new questions about prompt steganography and developer trust. This article has been indexed from Malwarebytes Read the original article: Claude Code’s hidden tracker was an “experiment,” says Anthropic
Fake IT bods on Microsoft Teams coax workers into installing malware
Unit 42 says attackers are posing as helpdesk staff and persuading employees to hand over remote control before dropping EtherRAT trojan This article has been indexed from www.theregister.com – Articles Read the original article: Fake IT bods on Microsoft Teams…