3 Articles Today
150 This Month
6 Categories
150 Total Articles

Latest News

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no network

Microsoft Reins in RoguePlanet Zero-Day Threat Vulnerabilities Dark Reading
Dark Reading Jul 10, 2026 1 min read

Microsoft Reins in RoguePlanet Zero-Day Threat

The researcher known as "Nightmare-Eclipse" published a proof-of-concept (PoC) exploit for the Windows Defender vulnerability in early June after dropping several other Microsoft zero-days.

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions Research The Hacker News
The Hacker News Jul 10, 2026 1 min read

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions

Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation. Whether a platform will materially change outcomes for

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Vulnerabilities Krebs on Security
Krebs on Security Jul 10, 2026 3 min read

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords.

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages Data Breaches The Hacker News
The Hacker News Jul 10, 2026 1 min read

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password. Security firm Varonis found it

Showing 111–120 of 149 articles