Search the Portal

Recent Articles

JUL16
Two Scattered Spider Hackers Sentenced to Jail in UK

Thalha Jubair and Owen Flowers were prosecuted over a 2024 cyberattack targeting Transport for London (TfL). The post Two Scattered Spider Hackers Sentenced to Jail in UK appeared first on SecurityWeek.

Security Week by Eduard Kovacs
JUL16
AI Data Centers Are Being Built Faster Than They Can Be Secured

AI infrastructure introduces new security risks that traditional data center designs were never built to handle. The post AI Data Centers Are Being Built Faster Than They Can Be Secured appeared first on SecurityWeek.

Security Week by Kevin Townsend
JUL16
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026. "The malware is full-featured, lightweight, and modular," Elastic Security Labs researcher Cyril François said in a technical report. "While the number of C2 [command-and-control] domains is currently small, the daily

The Hacker News by info@thehackernews.com (The Hacker News)
JUL16
‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing

The new macOS malware has targeted at least 100 users to steal their passwords and cryptocurrency. The post ‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing appeared first on SecurityWeek.

Security Week by Eduard Kovacs
JUL16
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

ClickLock Stealer, a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits. At the next login, Finder, the Dock, Spotlight, Terminal, Activity Monitor, and

The Hacker News by info@thehackernews.com (The Hacker News)
JUL16
20+ Hijacked Government Websites Became
an Attack Channel

More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions. The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind a campaign

The Hacker News by info@thehackernews.com (The Hacker News)
JUL16
New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click "Buy Now" instead. Ask a coding assistant to apply a maintainer's fix from a GitHub thread, and a fake comment can make it run a stranger's command on your computer. Neither trick hijacks the agent's task. Each one just corrupts the facts it trusts and lets it carry on with the job you

The Hacker News by info@thehackernews.com (The Hacker News)
JUL16
Oak Emerges From Stealth Mode With $60 Million in Funding

The startup has built an AI-powered Identity Operating System that governs all identities across an organization’s environment. The post Oak Emerges From Stealth Mode With $60 Million in Funding appeared first on SecurityWeek.

Security Week by Ionut Arghire
JUL16
Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin ("srt64.sys"), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in March 2022, with evidence indicating its use in targeted attacks aimed

The Hacker News by info@thehackernews.com (The Hacker News)
JUL16
Splunk, Zoom Patch Critical Vulnerabilities

The flaws could allow attackers to access credentials and data, take over accounts, and escalate their privileges. The post Splunk, Zoom Patch Critical Vulnerabilities appeared first on SecurityWeek.

Security Week by Ionut Arghire
JUL16
AI Can Find Bugs, But Human Knowledge Still Proves Them

Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate payloads, summarize attack surfaces, explain unfamiliar APIs, and run repetitive testing workflows at impressive speed. That is a real advantage for security teams. It also

The Hacker News by info@thehackernews.com (The Hacker News)
JUL16
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people's Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi password in plaintext. A researcher publishing under the handle tokay0 put the method online on Monday, having tested it only against vacuums he

The Hacker News by info@thehackernews.com (The Hacker News)
JUL16
F5 Patches Multiple NGINX, BIG-IP Vulnerabilities

Attackers could exploit the bugs to modify configurations, terminate or restart processes, cross security boundaries, leak memory, and execute code. The post F5 Patches Multiple NGINX, BIG-IP Vulnerabilities appeared first on SecurityWeek.

Security Week by Ionut Arghire
JUL16
China’s Top Cybersecurity Firms Hit by Mounting Military Procurement Bans

Chinese cybersecurity firms are facing action from the country’s military, but it’s not due to product or technical failures. The post China’s Top Cybersecurity Firms Hit by Mounting Military Procurement Bans appeared first on SecurityWeek.

Security Week by Eduard Kovacs
JUL16
OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol

OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an aim to fix issues before the tools are deployed widely. "GPT‑Red is a strong red-teamer, and our previous models are highly vulnerable to its prompt injection attacks," the artificial intelligence (AI) company said. "We use GPT‑Red to adversarially train

The Hacker News by info@thehackernews.com (The Hacker News)