3 Articles Today
150 This Month
6 Categories
150 Total Articles

Latest News

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in - allowScripts defaults to off, meaning

AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up Research The Hacker News
The Hacker News Jul 10, 2026 1 min read

AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up

AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write tailored bait, pick targets, test what lands, and jump to the next host before your team clears the first alert. That is the gap, and it is not your fault. The tools and runbooks most teams run on were built for attackers who work at human speed. AI-driven

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit

New Ghost Phishing Wave Is Breaking Traditional Email Security Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

New Ghost Phishing Wave Is Breaking Traditional Email Security

A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This β€œghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft 365 access, sensitive data, and response time

The Hidden Security Risks of Reduced Summer IT Coverage Malware Bleeping Computer
Bleeping Computer Jul 10, 2026 1 min read

The Hidden Security Risks of Reduced Summer IT Coverage

Security operations don't slow down when IT teams take vacation, but staffing levels often do. Kaseya explains how AI-driven automation can help organizations maintain consistent security operations and reduce reliance on manual processes year-round. [...]

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users Malware The Hacker News
The Hacker News Jul 10, 2026 1 min read

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbed

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials,

Showing 21–30 of 149 articles