“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories [email protected] (The Hacker News)
A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the explanation. Old bugs are back, weak defaults are earning their keep, and some…
-

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer [email protected] (The Hacker News)
n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in…
-

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands [email protected] (The Hacker News)
Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report. “While the number of C2 [command-and-control] domains is currently small, the dailyRead…
-

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password [email protected] (The Hacker News)
ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits. At the next…
-

20+ Hijacked Government Websites Became an Attack Channel [email protected] (The Hacker News)
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions. The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind a campaignRead More
-

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands [email protected] (The Hacker News)
Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click “Buy Now” instead. Ask a coding assistant to apply a maintainer’s fix from a GitHub thread, and a fake comment can make it run a stranger’s command on your computer. Neither trick hijacks the…
-

Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor [email protected] (The Hacker News)
An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin (“srt64.sys”), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in March 2022, with evidence indicating its use in targeted…
-

AI Can Find Bugs, But Human Knowledge Still Proves Them [email protected] (The Hacker News)
Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate payloads, summarize attack surfaces, explain unfamiliar APIs, and run repetitive testing workflows at impressive speed. That is a real advantage for…
-

Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide [email protected] (The Hacker News)
Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people’s Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi password in plaintext. A researcher publishing under the handle tokay0 put the…
-

OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol [email protected] (The Hacker News)
OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an aim to fix issues before the tools are deployed widely. “GPT‑Red is a strong red-teamer, and our previous models are highly vulnerable to its prompt injection attacks,” the artificial intelligence (AI) company said. “We use GPT‑Red…
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
