Category: Uncategorized
-

Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots [email protected] (The Hacker News)
A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connected Claude to a few detection tools and were seeing real value in specific investigations. But as we mapped…
-

Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory [email protected] (The Hacker News)
Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. “The script looked for the Domain Controller (DC) and mapped users, computers, and domains, before creating a directory and exporting out a number of files, and finally creating AD_Report.html to measure the success…
-
Why conversational AI is redefining your security perimeter
As employees become more accustomed to using AI, they might be getting a little too comfortable. Learn how strong AI governance helps manage this new human risk.Read More
-

Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365 [email protected] (The Hacker News)
An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history. From that one lapse, French security firm Lexfo lifted the operator’s entire toolkit and pivoted through it to two…
-

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below – CVE-2026-48939 – A vulnerability in theRead…
-

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install [email protected] (The Hacker News)
Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux. Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it. Socket flagged the release six minutes after it wasRead More
-

Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns [email protected] (The Hacker News)
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. “At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen data, such as criminal andRead More
-

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions [email protected] (The Hacker News)
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user’s session. It has yet…
-
ClickFix and removable media lead malware delivery methods
Now more than ever, defenders must look for suspicious behavior, not specific malware. Learn how to defend against two trending initial access methods.Read More
-

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages [email protected] (The Hacker News)
Unknown threat actors compromised the Injective Labs SDK project’s GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected], came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version wasRead More
