access ai android api apple attack authentication backdoor breach browser business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London.The attack left 148 TfL systems inoperable and forced all 27,000 of the transport authority’s employees into an office to get their passwords…
-
New OkoBot framework deploys 20 payloads to steal data, crypto
A new malicious framework called OkoBot is delivering more than 20 payloads in attacks focused on stealing cryptocurrency wallet seed phrases, credentials, and other sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/ also interesting: Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters…
-
OAuth Client ID Spoofing Enables Stealthy Cloud Account Enumeration
Proofpoint found attackers are using OAuth client ID spoofing to stealthily enumerate Microsoft Entra ID accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/oauth-client-id-spoofing-enables-stealthy-cloud-account-enumeration/ also interesting: Microsoft verliert Log-Daten von Sicherheitsprodukten in der Cloud … ‘Sovereign Private Cloud” mit Azure Local und Microsoft 365 Local – Microsoft erweitert Souveränitäts-Portfolio um PrivateServices Wie CISOs vom ERP-Leid…
-
Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack
Two members of the Scattered Spider cybercrime group received jail sentences in the UK for the 2024 cyberattack on Transport for London. A UK court sentenced two Scattered Spider members, Thalha Jubair (20) and Owen Flowers (18), for their role in the 2024 cyberattack on Transport for London (TfL). Transport for London (TfL) is a local…
-
Claude for Chrome Flaw Puts Gmail at Risk From Rogue Extensions
Researchers say a Claude for Chrome flaw lets rogue extensions trigger Gmail, Docs, and Calendar tasks, with greater risk in unattended mode. The post Claude for Chrome Flaw Puts Gmail at Risk From Rogue Extensions appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-claude-chrome-flaw-rogue-extensions-gmail/ also interesting: Google Repairs High-Risk Flaw in Chrome…
-
SpaceXAI Open-Sources Grok Build After Privacy Backlash
SpaceXAI open-sourced Grok Build under Apache 2.0 after privacy backlash over broad directory uploads from its terminal AI coding agent. The post SpaceXAI Open-Sources Grok Build After Privacy Backlash appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-spacexai-grok-build-open-source-privacy/ also interesting: Meta Unveils New Advances in AI Security and Privacy Protection LLM03: Supply…
-
The Biggest Data Breaches of 2026 So Far, Ranked by Impact
The biggest data breaches of 2026 so far, ranked by impact, with details on exposed data, affected users, and what readers should do next. The post The Biggest Data Breaches of 2026 So Far, Ranked by Impact appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-biggest-data-breaches-2026-ranked-impact/ also interesting: HealthEC Data Breach Impacts…
-
Horizon3.ai boss talks of partner importance
Tags: businessSecurity player has seen its revenues via the channel continue to grow as it looks to ramp up its indirect business First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366645956/Horizon3ai-boss-talks-of-partner-importance also interesting: Cultivating a security-first mindset: Key leadership actions From Managing Vulnerabilities to Managing Exposure: The Critical Shift You Can’t Ignore Munich Reinsurance unites global security…
-
Palantir: Can anyone else do what it does?
Palantir is a US defence-intelligence company, born from the CIA’s venture arm that now operates inside the UK public sector. We examine the claim that its technology does what no other supplier can First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366645878/Palantir-Can-anyone-else-do-what-it-does also interesting: 6 novel ways to use AI in cybersecurity Root causes of security…
-
2 Young Hackers Jailed for Disrupting London Underground
Police Say Arrests ‘Effectively Halted’ Scattered Spider Cybercrime Collective. Two leaders of the Scattered Spider hacking group received 66-month jail sentences in Britain’s biggest cybercrime prosecution to date, after they disrupted London’s transport authority, causing $39 million in losses and recovery costs. How to deter young hackers remains an ongoing challenge. First seen on govinfosecurity.com…
-
Begun, the Patch Wars have
Tags: updateLong foretold, the Great Patching has begun and it’s a doozy. Buckle in as Joe takes you through the story. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/begun-the-patch-wars-have/ also interesting: Reality Bites: You’re Only as Secure as Your Last API Deployment Multiple Google Chrome Flaws Allow Attackers to Execute Arbitrary Code Windows 11 to Prevent…
-
Russian trio indicted for allegedly running bulletproof hosting providers that spurred cybercrime
Officials accused three Russian nationals, Media Land and ML.Cloud of supporting cyberattacks spanning 21 U.S. states and other countries, resulting in losses surpassing $62 million. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-nationals-medialand-mlcloud-indicted-bulletproof-hosting/ also interesting: 11 ways cybercriminals are making phishing more potent than ever Russian Lynk group leaks sensitive UK MoD files, including info…
-
AI Appreciation Day: Unternehmen müssen Künstliche Intelligenz sicher und verantwortungsvoll steuern
Tags: aiDie Qualität und Kontrolle der verwendeten Daten rücken in den Mittelpunkt. KI-Agenten können nur so verlässlich handeln wie die Informationen, auf die sie zugreifen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ai-appreciation-day-unternehmen-muessen-kuenstliche-intelligenz-sicher-und-verantwortungsvoll-steuern/a45774/ also interesting: Deloitte-Studie zeigt Skepsis bezüglich Regulierung auf – ‘EU AI Act könnte KI-Entwicklung behindern Criminal IP Set to Make Its Debut at…
-
Google Makes Security Objections to EU Order Opening Android
EU Forces Google to Give Rival AI Services Android Access and to Share Search Data. Google sounded security alarms after the European Commission ordered it to open up deep Android functionality to rival artificial intelligence providers, and also to give third-party search providers access to Google Search data. The orders enforce the Digital Markets Act.…
-
UK investigates TikTok for alleged age-verification lapses, exposing kids to online harms
“Age checks are a cornerstone of the UK’s online safety laws,” said Ofcom’s Chief Executive, Melanie Dawes. “Too many services have no or inadequate age checks in place, which is not good enough.” First seen on therecord.media Jump to article: therecord.media/ofcom-investigation-tiktok-age-verification also interesting: Lumma Stealer Masquerades as Pirated Apps to Steal Logins and Data CISO…
-
Hacker missbraucht Googles Gemini CLI zur Botnetz-Steuerung
Ein russischsprachiger Cyberkrimineller hat Googles KI-Tool Gemini CLI als autonomen Hacking-Agenten zur Steuerung eines Botnetzes missbraucht. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-missbraucht-gemini also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors Privacy Roundup: Week 1 of Year 2025 Sieben gängige Wege, ein Smartphone zu hacken Cybersecurity Snapshot: AI Security Skills Drive…
-
Gaps in network security, oversight strategy hamper US’s aviation cybersecurity regulators
A new government audit identified several weaknesses at the two agencies that protect air travel from hackers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/aviation-cybersecurity-faa-tsa-gao-report/825416/ also interesting: Key strategies to enhance cyber resilience China-linked hackers target Japan’s national security and high-tech industries Insider risk in an age of workforce volatility 6 key trends reshaping the…
-
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories
A lot of this week’s trouble starts with something that looks close enough.A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the explanation.Old bugs are back, weak defaults are earning their keep, and some attack paths…
-
Top 10 Firewall Solutions Setting New Cybersecurity Standards in 2026
Thefirewallcategory is reinventing itself faster than at any point since NGFW arrived and2026’sleadersaren’tjust shipping betterboxes,they’reredefining what”firewall”means. Palo Alto Networks is setting the bar for AI-driven inline prevention, Fortinet for hybrid mesh execution, and HPE Juniper for the quantum-safe era, while Zscaler and Cloudflare are proving the most consequentialfirewallof all might be no appliance whatsoever. Here…
-
Scattered Spider hackers sentenced over TfL attack
Owen Flowers and Thalha Jubair, the hackers behind the 2024 TfL cyber attack, have been sentenced to five-year prison terms at Woolwich Crown Court First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366645859/Scattered-Spider-hackers-sentenced-over-TfL-attack also interesting: Scattered Spider is focus of NCA inquiry into cyber-attacks against UK retailers 10 Best Web Application Penetration Testing Companies in 2025…
-
UK Sees Data Infrastructure, Water System Cyberattack Risks
National Risk Assessment Cites CrowdStrike Lessons Learned, Hybrid Warfare Risks. The British government’s latest national security risk register sees a rising threat posed by cyberattacks disrupting operational technology in more critical national infrastructure sectors, and cites the CrowdStrike outage in digital resilience failure lessons to be learned. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-sees-data-infrastructure-water-system-cyberattack-risks-a-32239…
-
Two Scattered Spider Members Sentenced to 5.6 Years Over TfL Cyberattack
Nearly two years after a cyberattack disrupted Transport for London’s (TfL) online services and exposed customer data, two… First seen on hackread.com Jump to article: hackread.com/two-scattered-spider-members-sentenced-tfl-cyberattack/ also interesting: 5 Encrypted Attack Predictions for 2025 South African telecom provider Cell C disclosed a data breach following a cyberattack Legal Aid Agency Warns Lawyers, Defendants on Data…
-
Wachsendes Risiko für europäische Unternehmen durch beschleunigte KI-Adaption
Aktuelle Daten einer Studie des Cyber-Sicherheitsherstellers Okta belegen, dass die Mehrheit der Firmen komplexe Multi-Vendor-KI-Ökosysteme betreibt. Dies widerlegt die Annahme, dass sich der Enterprise-Markt auf einen einzigen KI-Anbieter standardisieren wird. Okta veröffentlicht dazu eine proprietäre Studie, die auf anonymisierten Zugriffsmustern auf KI-Anwendungen in über 20.000 Unternehmen weltweit basiert. Die Ergebnisse verdeutlichen, wie Organisationen ihre KI-Tech-Stacks…
-
Period tracker Stardust shares users’ health data with analytics firm, says Mozilla research
One period tracker app tested by Mozilla was ‘squeaky clean,’ while another app was seen sharing users’ health data with an analytics company, underscoring vast differences in user privacy among these apps. First seen on techcrunch.com Jump to article: techcrunch.com/2026/07/16/period-tracker-stardust-shares-users-health-data-with-analytics-firm-says-mozilla-research/ also interesting: Neural data privacy an emerging issue as California signs protections into law Celebrating…
-
UK cops say arrest of two young hackers disrupted the operations of an infamous hacking group
Owen Flowers and Thalha Jubair, two members of the prolific Scattered Spider hacking group, pleaded guilty and were sentenced to five years and six months in jail for hacking London’s metropolitan transit system. First seen on techcrunch.com Jump to article: techcrunch.com/2026/07/16/uk-cops-say-arrest-of-two-young-hackers-disrupted-the-operations-of-an-infamous-hacking-group/ also interesting: Anonymous dumps VMware source code in hacking spree: Hackers affiliated with the…
-
Ukrainians rally against dismissal of tech-minded defense minister Fedorov
Ukraine President Volodymyr Zelensky dismissed Defense Minister Mykhailo Fedorov, who championed the push to integrate drone technology and digital innovation into the military. First seen on therecord.media Jump to article: therecord.media/ukraine-fedorov-drones-dismissal also interesting: Rising ClickFix malware distribution trick puts PowerShell IT policies on notice Working in critical infrastructure? Boost your effectiveness with these cybersecurity certifications…
-
Iran-nexus actors using AI to enhance cyber playbook
A report shows state-linked and hacktivist groups have used ChatGPT and other tools for malware development, phishing and mapping out industrial sites. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-nexus-actors-ai-cyber-ChatGPT-malware/825415/ also interesting: Top 12 ways hackers broke into your systems in 2024 Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted…
-
Phishing Campaign Hides Lua Loader as TrueType Font File
Global phishing campaign disguised a Lua loader as a font file to deploy RATs and infostealers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-lua-loader-truetype-font/ also interesting: Remcos RAT Distributed As UUEncoding (UUE) File To Steal Logins Russia-linked group Nebulous Mantis targets NATO-related defense organizations Beware of Weaponized Wedding Invite Scams Delivering SpyMax RAT to Android…
-
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss.A valid token from issuer A carrying a sub that belongs to someone under issuer…
-
KI-Sicherheit erfordert kontinuierliches Red-Teaming
Check Point Software Technologies beschreibt ein zentrales Problem moderner KI-Sicherheit: Ein bestandener Sicherheitstest ist kein dauerhafter Nachweis für Sicherheit. Er gilt nur für ein bestimmtes System, eine konkrete Konfiguration und einen bestimmten Zeitpunkt. Produktive KI-Systeme verändern sich jedoch laufend: Modelle passen ihr Verhalten an, Prompts werden überarbeitet, Retrieval-Quellen kommen hinzu, Agenten erhalten neue Tools und…
-
Statements zum AI-Appreciation-Day von Boomi, Getronics, Ping Identity, Nexis, Omada Identity und Veeam
Gerald Eid, Regional Managing Director DACH bei Getronics Der AI-Appreciation-Day würdigt zu Recht, wie sehr Künstliche Intelligenz Arbeit und Wertschöpfung heute voranbringt. Zu einem reifen Umgang mit dieser Technologie gehört aber auch eine Frage, die mit ihrer wachsenden Bedeutung immer wichtiger wird: Wo landen die Daten, und wer behält die Kontrolle? Gerade in Europa ist…
-
How a former DeepMind researcher raised at a $300M pre-seed valuation before launching a product
Drawing on more than a decade spent helping build some of the world’s most influential AI systems, including research that later informed the development of ChatGPT, Andrew Dai explains why he believes visual AI is one of the next major frontiers in artificial intelligence. First seen on techcrunch.com Jump to article: techcrunch.com/2026/07/16/how-a-former-deepmind-researcher-raised-at-a-300m-pre-seed-valuation-before-launching-a-product/ also interesting: ChatGPT-Hacking:…
-
OnionHop: Tool leitet Daten durch das Tor-Netzwerk
OnionHop für Linux, macOS und Windows ist ein Routing-Manager, der die Daten einzelner oder aller Programme über das Tor-Netzwerk leitet. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/onionhop-tool-leitet-daten-durch-das-tor-netzwerk-331520.html also interesting: VMware plugs a high-risk vulnerability affecting its Windows-based virtualization Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds Russian Hackers…
-
Gesperrtes Konto: Doch kein endgültiger Datenverlust bei Microsoft
Tags: microsoftMicrosoft erklärte ein Konto für unwiederbringlich verloren. Jetzt ist es mitsamt Onedrive-Fotos und Spielen wieder da. First seen on golem.de Jump to article: www.golem.de/news/gesperrtes-konto-doch-kein-endgueltiger-datenverlust-bei-microsoft-2607-210958.html also interesting: When AI nukes your database: The dark side of vibe coding Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws New Microsoft Teams feature will let you report…
-
Ungeschütztes Elasticsearch-Cluster – Knapp 8 GB interne Nextcloud-Daten geleakt
Tags: data-breachFirst seen on security-insider.de Jump to article: www.security-insider.de/offenes-elasticsearch-cluster-nextcloud-daten-leak-a-f7340e831560f3c6d77d908db52f93c0/ also interesting: Android Phone Wipeout Security Flaw Exposed Microchip Technology Confirms Data Breach in August Cyberattack SEO Poisoning Attack Hits Windows Users With Hiddengh0st and Winos Malware RondoDoX Botnet Abuses React2Shell Vulnerability for Malware Deployment
-
Single Prompt Enables ChatGPT to Execute Full Cyber-Attack Chain, Researchers Claim
Cybersecurity researchers tested Open AI GPT 5.5’s offensive cyber capabilities and the results showed how effective a frontier LLM can be for hackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chatgpt55-to-execute-full/ also interesting: Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting Top 5 ways attackers use generative AI to exploit your…
-
Modular macOS Stealer Uses Kill Loops to Force Password Entry
New ClickLock macOS stealer locked victims out of their own system until they surrendered a password First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/clicklock-macos-stealer-clickfix/ also interesting: How to use the Apple Passwords app New Banshee Stealer macOS Malware Priced at $3,000 Per Month Password Stealing Malware Attacking macOS Users Increasing Rapidly How to encrypt and…
-
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password
ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits.At the next login,…
-
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026.”The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report. “While the number of C2 [command-and-control] domains is currently small, the daily First…
-
23andMe to pay $18 million in new genetics data breach settlement
Genetic testing company 23andMe has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general that it failed to protect customers’ genetic data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/23andme-to-pay-18-million-in-new-genetics-data-breach-settlement/ also interesting: Police identify persons of interest in major data breach affecting up to 1 million NSW and ACT…
-
AI Agents Broke the Security Playbook. Here’s What Replaces It.
Traditional security workflows were built for environments that changed at human speed. Token Security explains why AI agents require a new approach: building on a live identity foundation while giving security teams the flexibility to create workflows tailored to their own environments. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-agents-broke-the-security-playbook-heres-what-replaces-it/ also interesting: Beyond cryptocurrency: Blockchain…
-
CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance
On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and four allied cyber authorities published a guide telling software vendors how to build a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/16/cisa-coordinated-vulnerability-disclosure-guidance/ also interesting: Secure by design vs by default which software development concept is better? Cybersecurity Snapshot: CISA Analyzes Malware Used in…
-
Scattered Spider members jailed over Transport for London hack that cost £29 million
Two members of the notorious >>Scattered Spider<< hacking collective have been sentenced to five years and six months in prison each for a cyberattack on Transport … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/16/ransport-for-london-cyberattack-prison-time/ also interesting: Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage Chinese Hacker Suspect Arrested in South Korea Over…
-
Sandworm hackers have a CAPTCHA trick for Ukrainians
Rather than verifying they are human, the CAPTCHA users are instructed to copy and paste a PowerShell command into their Windows computers. First seen on therecord.media Jump to article: therecord.media/ukraine-sandworm-hacks-captcha-powershell also interesting: Rising ClickFix malware distribution trick puts PowerShell IT policies on notice The most notorious and damaging ransomware of all time Russian APT RomCom…
-
Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig.Daxin (“srt64.sys”), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in March 2022, with evidence indicating its use in targeted attacks…
-
New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands
Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click “Buy Now” instead. Ask a coding assistant to apply a maintainer’s fix from a GitHub thread, and a fake comment can make it run a stranger’s command on your computer.Neither trick hijacks the agent’s…
-
20+ Hijacked Government Websites BecameӬan Attack Channel
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions.The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind a campaign First seen on thehackernews.com Jump to…
-
Hackers Exploit SonicWall SMA1000 Zero-Days to Execute Commands as Root
Hackers are actively exploiting two zero-day vulnerabilities in the SonicWall SMA 1000 Series remote access appliances. They are chaining a critical server-side request forgery flaw with a local code injection bug to execute commands with root privileges. Rapid7’s Managed Detection and Response team detected targeted attacks before SonicWall publicly disclosed these vulnerabilities on July 14,…
-
Millions of Shark Robot Vacuums Vulnerable to Unpatched Remote Code Execution Flaw
Millions of internet-connected Shark robot vacuums may be vulnerable to a critical remote code execution (RCE) flaw that could allow attackers to control devices remotely, access onboard cameras, retrieve home maps, and potentially steal stored Wi-Fi credentials. An independent researcher disclosed this issue following a 90-day reporting period, and it arises from overly permissive AWS…

