Search CyberNews

Found 50 articles for "AI"
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets Research Bleeping Computer
Bleeping Computer Jul 11, 2026 1 min read

'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write every secret into the code as a list of numbers. [...]

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions Vulnerabilities The Hacker News
The Hacker News Jul 11, 2026 1 min read

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier. "The

'Djinn' Stealer Targets Cloud, AI Credentials Vulnerabilities Dark Reading
Dark Reading Jul 10, 2026 1 min read

'Djinn' Stealer Targets Cloud, AI Credentials

The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.

Why Identity Security Is Your Cyber Career Entry Point Research Dark Reading
Dark Reading Jul 10, 2026 1 min read

Why Identity Security Is Your Cyber Career Entry Point

In this "Heard it From a CISO" video, Silverfort CISO John Paul Cunningham explains that AI in cybersecurity workflows is creating opportunities rather than eliminating jobs β€” and there are more ways than ever to break into this essential field.

The Hidden Security Risks of Reduced Summer IT Coverage Malware Bleeping Computer
Bleeping Computer Jul 10, 2026 1 min read

The Hidden Security Risks of Reduced Summer IT Coverage

Security operations don't slow down when IT teams take vacation, but staffing levels often do. Kaseya explains how AI-driven automation can help organizations maintain consistent security operations and reduce reliance on manual processes year-round. [...]

The Replicant in Your Directory: AI Agents and the Identity Security Gap Threats Bleeping Computer
Bleeping Computer Jul 10, 2026 1 min read

The Replicant in Your Directory: AI Agents and the Identity Security Gap

AI agents are accelerating the growth of non-human identities, making it harder for organizations to understand what exists, who owns it, and what it can access. Netwrix explains why stronger visibility and identity governance are essential as AI expands the enterprise attack surface. [...]

Alleged Kimwolf Botmaster β€˜Dort’ Arrested, Charged in U.S. and Canada Threats Krebs on Security
Krebs on Security Jul 10, 2026 4 min read

Alleged Kimwolf Botmaster β€˜Dort’ Arrested, Charged in U.S. and Canada

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces crimina...

Lawmakers Demand Answers as CISA Tries to Contain Data Leak Data Breaches Krebs on Security
Krebs on Security Jul 10, 2026 6 min read

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Threats Krebs on Security
Krebs on Security Jul 10, 2026 6 min read

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a fr...

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Vulnerabilities Krebs on Security
Krebs on Security Jul 10, 2026 3 min read

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords.

A Record-Breaking Patch Tuesday for June 2026 Vulnerabilities Krebs on Security
Krebs on Security Jul 10, 2026 4 min read

A Record-Breaking Patch Tuesday for June 2026

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available.

Who Runs the Ransomware Group β€˜The Gentlemen?’ Malware Krebs on Security
Krebs on Security Jul 10, 2026 6 min read

Who Runs the Ransomware Group β€˜The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.

β€˜Popa’ Botnet Linked to Publicly-Traded Israeli Firm Malware Krebs on Security
Krebs on Security Jul 10, 2026 14 min read

β€˜Popa’ Botnet Linked to Publicly-Traded Israeli Firm

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a "residential proxy" provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR].