All News
The Hacker News
The Hacker News
July 11, 2026
Compromised jscrambler 8.14.0 npm Release Runs Hidden Platform-Specific Binary During Install
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of July 11, 2026.
The Hacker News
July 11, 2026
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
Suspected China- and India-aligned actors targeted Pakistani police systems with PlugX, ShadowPad, Remcos, and Cobalt Strike from 2024 to 20...
The Hacker News
July 11, 2026
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Zimbra fixes a critical stored XSS flaw in its Classic Web Client that could let crafted emails run malicious scripts when opened. Update to...
The Hacker News
July 10, 2026
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Unknown attackers compromised Injective Labs' GitHub repo to publish npm package 1.20.21, which steals wallet private keys and seed phrases.
The Hacker News
July 10, 2026
URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat
Progress ordered ShareFile customers to shut down their Storage Zone Controllers while it investigates a credible external security threat.
The Hacker News
July 10, 2026
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
Six U-Boot flaws include four that can crash devices and two that could run code before signature checks; no fixed stable release exists.
The Hacker News
July 10, 2026
Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
Ledger researchers used laser fault injection to reset Tangem wallet passwords, but the invasive attack needs physical access and a $250,000...
The Hacker News
July 10, 2026
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws
A researcher says three patched OpenClaw flaws could enable credential theft, privilege escalation, and host code execution via WhatsApp.
The Hacker News
July 10, 2026
New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic
China-linked Silver Fox deploys the Rust-based MODBEACON RAT through fake software installers, targeting technology, education, and state-ow...
The Hacker News
July 10, 2026
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
FoxIO disclosed XRING, an unpatched XQUIC flaw that lets unauthenticated clients crash HTTP/3 servers with 260 bytes of legal QPACK traffic.
The Hacker News
July 10, 2026
From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale
Lumen used Axonius to reconcile 40-plus systems, uncover 60 times more devices, and rebuild exposure management around trusted asset data.
The Hacker News
July 10, 2026
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
An open WP-SHELLSTORM server exposed tools, logs, and target lists naming 1.4 million sites, with researchers validating 25,195 compromises.
The Hacker News
July 10, 2026
Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking
Researchers tested 281 free Android VPN apps and found DNS leaks, plaintext traffic, weak tunnels, and flaws across apps with 2.4B installs.
The Hacker News
July 10, 2026
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
O-UNC-066 uses vishing and a live phishing kit to trick Microsoft 365 users into enrolling attacker-controlled Entra passkeys for account ac...
The Hacker News
July 10, 2026
Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets
Coinspect confirms $3.1M from 431 wallets drained due to Ill Bloom flaw, affecting crypto wallets from mobile apps built weak seed generatio...
The Hacker News
July 10, 2026
Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks
Former ransomware negotiator Angelo Martino gets 70 months for giving victim negotiation data to BlackCat operators and aiding extortion.
The Hacker News
July 9, 2026
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
The Hacker News
July 9, 2026
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
Microsoft details GigaWiper, a Windows backdoor that bundles disk wiping, fake ransomware, and remote control into one destructive tool.
The Hacker News
July 9, 2026
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
GitHub releases npm 12 with install scripts off by default and begins phasing out 2FA bypass tokens for sensitive npm actions.
The Hacker News
July 9, 2026
ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories
ThreatsDay Bulletin covers fraud arrests, supply-chain attacks, phishing, cloud hijacking, ransomware, Windows flaws, and AI-driven data exf...
The Hacker News
July 9, 2026
AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up
AI-powered attacks move faster than human runbooks. Zscaler shows how Zero Trust can cut reach and lateral movement.
The Hacker News
July 9, 2026
Summer of Clearinghouses
Chainguard argues AI-driven vulnerability discovery is shifting open source disclosure from hand coordination to automated orchestration.
The Hacker News
July 9, 2026
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
GodDamn ransomware, tied by Symantec to Hyadina's Beast lineage, uses AnyDesk, PsExec, and PoisonX to move and evade defenses.
The Hacker News
July 9, 2026
Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges | Read more hacking news on The Hacker News cybersecurity news...
The Hacker News
July 9, 2026
Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images
Meta Muse Image lets users tag public Instagram accounts to generate AI images, with public posts and reels reusable by default unless disab...
The Hacker News
July 9, 2026
Friendly Fire: AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command approval is enabled.
The Hacker News
July 9, 2026
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Wiz says GhostApproval abuses symlinks so AI coding agents write to SSH keys or shell startup files while showing benign paths.
The Hacker News
July 9, 2026
Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes
Infoblox says Lurking Lizard has used fake installers, mobile apps, and lookalike domains to recruit devices into a proxy botnet.
The Hacker News
July 8, 2026
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
Sophos says Claude Code, Cursor, and Codex triggered Windows endpoint rules for credential access, LOLBin downloads, and persistence.
The Hacker News
July 8, 2026
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
Researchers show HalluSquatting can make AI coding agents fetch fake repositories or skills and run attacker-supplied code.
The Hacker News
July 8, 2026
Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
Ubiquiti fixes seven critical UniFi flaws across Connect, Talk, Access, Protect, and OS, with no evidence of exploitation in the wild found.
The Hacker News
July 8, 2026
New Ghost Phishing Wave Is Breaking Traditional Email Security
EvilTokens uses AES-GCM encrypted HTML and Microsoft Device Code Phishing to hide Microsoft 365 account takeover pages until browser render.
The Hacker News
July 8, 2026
SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users
SCMBANKER watches banking windows, captures screenshots, hijacks CLABE and card numbers, and can deploy Remote Utilities for hands-on access...
The Hacker News
July 8, 2026
GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
Research shows signed Git commits can be re-encoded into fresh GitHub Verified hashes without changing files or breaking signatures.
The Hacker News
July 8, 2026
The Verification Step Is the New ATO Battleground in 2026
Passkeys reduce stolen-password value, shifting ATO toward recovery, re-verification, magic links, and AI-driven identity fraud in 2026.
The Hacker News
July 8, 2026
GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code
GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code | Read more hacking news on The Hacker News cybersecurity news web...
The Hacker News
July 8, 2026
China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
Cisco Talos says UAT-7810 is refining LONGLEASH, DOGLEASH, and JARLEASH to expand the LapDogs ORB network.
The Hacker News
July 8, 2026
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
GhostLock (CVE-2026-43499), a 15-year-old use-after-free in Linux's futex code, gives any local user root.
The Hacker News
July 8, 2026
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
CISA added four exploited flaws to KEV, covering Adobe ColdFusion, Joomla page builders, and Langflow ahead of July 10 fixes.
The Hacker News
July 7, 2026
RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
Zimperium found RedWing, a rented Android kit that steals banking logins, lifts one-time codes, and forwards calls to defeat phone-based 2FA...
The Hacker News
July 7, 2026
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
Google fixed Rogue Agent, a Dialogflow CX Code Blocks flaw that could let one writable agent affect every chatbot in a Cloud project.
The Hacker News
July 7, 2026
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
Talos details ARToken, a PhaaS panel tied to EvilTokens that supports device code phishing, BEC workflows, SharePoint theft, and PRT persist...
The Hacker News
July 7, 2026
Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
The issue affects GitHub Agentic Workflows setups that read public input, hold private repo access, and can post output publicly.
The Hacker News
July 7, 2026
Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants
Writer patched WriteOut after Sand Security found sandbox previews could forward session cookies into attacker-controlled agents.
The Hacker News
July 7, 2026
Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
Federal complaint says a Windows GDID tied Peter Stokes to a May 2025 jewelry retailer hack that stole 77GB and drew an $8M ransom demand.
The Hacker News
July 7, 2026
What Changes When Your Software Supply Chain Includes AI Writing Your Code?
AI agents, prompts, and MCP tools now shape software builds, forcing teams to track provenance beyond packages and generated code alone.
The Hacker News
July 7, 2026
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
Proofpoint says UNK_MassTraction exploited patched Roundcube flaws to target U.S. and Canadian university mail servers.
The Hacker News
July 7, 2026
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
CVE-2026-11405 affects five Tenda firmware builds and can bypass password checks through an undocumented admin login path in /bin/httpd.
The Hacker News
July 7, 2026