“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below – CVE-2026-48282 (CVSS score: 10.0) – A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of…
-

RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service [email protected] (The Hacker News)
A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim’s phone, steal their banking logins, and capture the one-time codes that protect their accounts. Zimperium’s zLabs, which found the operation, says it looks like a new variant of…
-

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots [email protected] (The Hacker News)
A critical flaw in Google’s Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a…
-
Evaluating secure enterprise browsers vs. security plugins
Malicious actors have long targeted and exploited browser vulnerabilities. The widespread adoption of AI increases the risk, forcing CISOs to reevaluate browser security options.Read More
-

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts [email protected] (The Hacker News)
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. “The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into…
-

Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data [email protected] (The Hacker News)
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization’s private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access…
-

Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker [email protected] (The Hacker News)
U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025 intrusion, then to online accounts prosecutors say…
-

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants [email protected] (The Hacker News)
Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team. “An outsider could go from having no access to taking over any Writer AIRead More
-

What Changes When Your Software Supply Chain Includes AI Writing Your Code? [email protected] (The Hacker News)
Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, “software supply chain security” meant one question: what’s in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody chose on purpose? SolarWinds, Log4Shell, and XZ Utils all taught the same lesson: the risk…
-

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities [email protected] (The Hacker News)
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials,Read More
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
