Claude Code’s hidden tracker was an “experiment,” says Anthropic | Malware

As a developer, you want to use tools you can trust and rely on. One researcher took that idea seriously enough to scrutinize their local Claude Code (2.1.196) installation. For…

Read more

How the Reddit and Discord false report scam steals accounts | Malware

A stranger messages you on Reddit. They say someone reported them, and the reporting account looks a lot like yours. Was it you? It wasn’t. That’s not really the point…

Read more

RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service | Cybersecurity

Swati KhandelwalJul 07, 2026Malware / Mobile Security A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals…

Read more

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts | Cybersecurity

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July,…

Read more

Fake Netflix, Coca-Cola, and FIFA job scams target marketers | Malware

Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate. A BleepingComputer article detailing the campaign found…

Read more

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities | Cybersecurity

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign….

Read more

Scammers are using AI to sell impossible flowers | Malware

We’ve had problems with deepfake celebrity scams, non-consensual deepfake sexual material, and deepfake politicians. Now we have to deal with… deepfake plants? Yup, AI seed slop is now a thing….

Read more

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA | Cybersecurity

Ravie LakshmananJul 07, 2026Vulnerability / Enterprise Security BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully…

Read more

Choose your WhatsApp username carefully | Malware

Dutch consumer organization Consumentenbond has warned users to be careful when choosing their optional WhatsApp username. Meta announced the introduction of usernames on June 29, 2026, and encouraged users to…

Read more

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations | Cybersecurity

An Iranian hacking group affiliated with Iran’s Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations….

Read more

How to tell if an image is AI-generated | Malware

A photo of an injured dog by the roadside. A dating profile with pictures that look almost too perfect. A donation appeal showing a family stranded on a rooftop after…

Read more

Breach Transparency Remains Cybersecurity’s Toughest Governance Problem | Cybersecurity

Cybersecurity is entering a new phase. It’s one where the gap between awareness and operational execution is becoming the industry’s biggest challenge. That’s what stood out to me most after…

Read more

NetNut botnet takes a hit. Don’t be part of the next one. | Malware

In a joint operation, Google, the FBI, and other partners have dealt a significant blow to the residential proxy ecosystem by disrupting the NetNut (also tracked as Popa) botnet. NetNut…

Read more

New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions | Cybersecurity

Swati KhandelwalJul 06, 2026Cyber Espionage / Endpoint Security Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique,…

Read more

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case | Cybersecurity

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation…

Read more

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign | Cybersecurity

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as…

Read more

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices | Cybersecurity

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The…

Read more

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets | Cybersecurity

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data…

Read more

Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts | Malware

Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique,…

Read more

European Parliament Member Investigating Spyware Was Hacked With Pegasus | Cybersecurity

A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while…

Read more

WinRAR flaw could allow attackers to take control of your computer | Malware

Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks. The issue is fixed in WinRAR…

Read more

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices | Cybersecurity

Swati KhandelwalJul 02, 2026Cybercrime / Botnet Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people’s traffic. Working with the…

Read more

Apple’s Hide My Email doesn’t hide it very well | Malware

404 Media reports that a researcher has found a vulnerability in Apple’s Hide My Email feature that could allow someone to discover a person’s real email address. That’s especially concerning…

Read more

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories | Cybersecurity

Ravie LakshmananJul 02, 2026Hacking News / Cybersecurity News This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem…

Read more

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack | Cybersecurity

Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER…

Read more

ChatGPT produced graphic violent images that shocked researchers | Malware

AI assistants like ChatGPT are supposed to be safe to use, with appropriate guardrails to stop people creating harmful content. However, a British AI security firm just figured out how…

Read more

Fake Google and Cloudflare verification pages spread multiple malware families | Malware

ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own…

Read more

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation | Cybersecurity

Ravie LakshmananJul 02, 2026Vulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities…

Read more

Chrome needs another whopper update to fix 382 security bugs | Malware

If there was ever a time when it dawned on users how full of holes the software they’ve been using is, it’s now. Last month Microsoft pushed out its biggest…

Read more

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters | Cybersecurity

Swati KhandelwalJul 01, 2026Kubernetes / Server Security Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated…

Read more
Update cookies preferences