Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to DNS threat intelligence firm Infoblox. Once such campaign, observed earlier this year, involved the

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub 'ghost' accounts that are often years old, or compromised OAuth tokens and personal

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The

Showing 10–18 of 25 articles
Prev 1 2