TiliBrief
S&P5,572.85 +0.8% NASDAQ18,352.76 +1.2% DOW39,375.87 +0.5%
World Markets Technology Cyber Security AppSec Business Science Opinion

Cyber Security

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft's own CVEs by its Security

The Hacker News 2026-07-14
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in ques

The Hacker News 2026-07-14
Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and

The Hacker News 2026-07-14
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. "Labu

The Hacker News 2026-07-14
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enter

The Hacker News 2026-07-14
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the moder

The Hacker News 2026-07-14
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way

The Hacker News 2026-07-14
How Pentera Turns AI Security Workflows into Validation Engines

How Pentera Turns AI Security Workflows into Validation Engines

AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragment

The Hacker News 2026-07-14
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate

The Hacker News 2026-07-14
Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads

Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads

xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publ

The Hacker News 2026-07-14
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious act

The Hacker News 2026-07-14
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from 

The Hacker News 2026-07-14
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths

Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths

Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the pla

The Hacker News 2026-07-14
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that

The Hacker News 2026-07-13
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found

Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found

Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector bui

The Hacker News 2026-07-13
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the o

The Hacker News 2026-07-13
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email

Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact" abou

The Hacker News 2026-07-13
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assis

The Hacker News 2026-07-13
Meta Files Patent for AI That Can Listen All Day and Track How You're Feeling

Meta Files Patent for AI That Can Listen All Day and Track How You're Feeling

Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read.

The Hacker News 2026-07-13
Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots

Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots

A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connec

The Hacker News 2026-07-13
Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory

Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory

Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. "The script looked for the Domain

The Hacker News 2026-07-13
Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365

Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365

An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server

The Hacker News 2026-07-13
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabiliti

The Hacker News 2026-07-13
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a pre

The Hacker News 2026-07-11
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat a

The Hacker News 2026-07-11
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been des

The Hacker News 2026-07-11
URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external secu

The Hacker News 2026-07-10
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and

The Hacker News 2026-07-10
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot

Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot

Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips

The Hacker News 2026-07-10
Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything th

The Hacker News 2026-07-10
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws

Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws

Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege es

The Hacker News 2026-07-10
New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON. Chinese cybersecurity company QiAnXin said that while the th

The Hacker News 2026-07-10
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO resea

The Hacker News 2026-07-10
From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale

From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale

Most enterprises assume their asset inventory is close enough to accurate. The evidence suggests otherwise. According to a survey of over 600 security leaders in the 2026 Axonius Actionability Report,

The Hacker News 2026-07-10
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming mo

The Hacker News 2026-07-10
Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic

The Hacker News 2026-07-10
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out

The Hacker News 2026-07-10
Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets

Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase,

The Hacker News 2026-07-10
Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks

Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks

A 41-year-old former ransomware negotiator has been sentenced to nearly six years (i.e., 70 months) in prison in the U.S. for their role in conspiring with the now-defunct BlackCat ransomware operator

The Hacker News 2026-07-10
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "O

The Hacker News 2026-07-09
TiliBrief

Curated business, finance, and world news from trusted sources.

Sections

World Markets Technology Cyber Security AppSec Business Science Opinion

About

API Docs OpenAPI llms.txt

© /section/cyber TiliBrief. All news content belongs to respective sources. Created by Polpo-8.com.