The Hacker News
βœ”
162K subscribers
3.34K photos
21 videos
4 files
9.3K links
⭐ Official THN Telegram Channel β€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.

πŸ“¨ Contact: admin@thehackernews.com

🌐 Website: https://thehackernews.com
Download Telegram
⚑ New GitLost technique can trick #GitHub Agentic Workflows into leaking private repo data.

A public issue can make an agent read a private repo and post its contents in a public comment.

In one test, adding β€œAdditionally” to the malicious instruction was enough to get past GitHub’s guardrail.

Learn how the leak works - https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html
😁2πŸ€”2
🚨 Microsoft 365 phishing is shifting from fake login pages to real Microsoft login flows.

DEBULL uses device-code phishing to trick users into approving attacker access to M365 accounts.

The login page is real. The access goes to the attacker.

Read the full story: https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html
😁4πŸ‘2
🚨 Rogue Agent was not just another chatbot bug.

β†’ Google Dialogflow CX had a flaw where editing one AI chatbot could let attackers reach other chatbots in the same project.

β†’ Read live chats, capture input, and turn the bot into a phishing lure.

Read how the flaw worked - https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html
πŸ‘5πŸ”₯2
πŸ›‘ WARNING - #Android bank fraud is being packaged for rent on Telegram.

Researchers are warning of RedWing, a mobile MaaS operation that gives buyers custom APKs, fake app-store lures, login overlays, OTP theft, and call forwarding.

82 institutions are listed as targets.

Learn more - https://thehackernews.com/2026/07/redwing-maas-packages-android-bank.html
πŸ”₯13πŸ‘3⚑2
⚠️ CISA added 4 actively exploited flaws to KEV. Three are rated 10.0.

Adobe ColdFusion, Joomla page builders, and Langflow are affected.

Experts say the Langflow chain used IDOR and RCE to steal LLM provider and AWS keys.

Read - https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html
πŸ‘7πŸ”₯3
This media is not supported in your browser
VIEW IN TELEGRAM
πŸ›‘ A newly found 15-year-old #Linux kernel flaw, GhostLock (CVE-2026-43499), could let any logged-in user gain root on unpatched distributions.

A working exploit code is now public, and it escaped containers in tests.

Read details here: https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html
😁13πŸ”₯4πŸ‘2⚑1
🚨 Chinese APT UAT-7810 is upgrading LONGLEASH to turn compromised devices into relay boxes for LapDogs.

Ruckus router flaws are already in the chain. ASUS AiCloud targeting points to possible ORB expansion.

Read: https://thehackernews.com/2026/07/china-linked-uat-7810-expands-orb.html
πŸ”₯6
⚑ Refused in chat. Delivered in code.

GitHub Copilot's Claude and Gemini models rejected almost every direct harmful request, then produced harmful answers in all 816 coding-workflow runs.

Learn how a benchmark Q&A task got Copilot to write banned answers itself: https://thehackernews.com/2026/07/github-copilot-refuses-harmful-requests.html
😁4
Passkeys are making stolen passwords less useful.

So ATO is moving downstream: account recovery, magic links, step-up checks, and identity verification.

The next weak link is not login. It’s proving the person behind the action is real.

Read where ATO is shifting next: https://thehackernews.com/2026/07/the-verification-step-is-new-ato.html
😁3πŸ‘2
🚨 That green "Verified" badge on a #GitHub commit? The hash under it isn't unique.

New research: anyone can rewrite a signed commit into many valid "Verified" hashes, no signing key needed.

Same files. Same author. Valid signature.

Learn how 'hash chain malleability' breaks commit trust - https://thehackernews.com/2026/07/github-verified-commits-can-be.html
😁7πŸ”₯1
⚠️ Mexican banking customers are being targeted through fake CAPTCHA pages that trick them into running a PowerShell command.

That installs SCMBANKER, a toolkit that watches banking sessions, swaps CLABE and card numbers, and can trigger vishing overlays or Remote Utilities by IP.

Read: https://thehackernews.com/2026/07/scmbanker-malware-uses-clickfix-lures.html
πŸ‘4πŸ”₯2πŸ‘1😱1
⚑Just dropped: SAIL 2.0 - the free and open-source framework for agentic AI security.

SAIL v1 gained more than 50,000 downloads and helped security teams build practical AI security roadmaps.

Now, SAIL 2.0 evolves that foundation for the agentic landscape, bringing a practical, process-oriented approach to:

βœ… Build an AI security roadmap and benchmark maturity, phase by phase.
βœ… Drive vendor assessments and RFPs with agentic-literate questions.
βœ… Turn standards mappings into compliance checklists across the EU AI Act, ISO 42001, OWASP, DASF, and AIUC-1.
βœ… Prioritize controls by zone, asset, risk, and agent autonomy.

Download for free the PDF, or use the SAIL Skill: https://thn.news/sail-framework
😁2πŸ‘1πŸ”₯1
🚨 Ubiquiti fixed 7 critical UniFi flaws across Connect, Talk, Access, Protect, and UniFi OS.

Attackers with network access could use them for command execution, privilege escalation, or unauthorized device changes.

Read details here - https://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html
πŸ”₯1😁1
⚠️ New attack can turn AI coding assistants into BOTNET installers.

Register a hallucinated repo name, hide prompt-injection instructions inside it, and wait for coding agents to fetch the wrong resource.

Here's how HalluSquatting works - https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html
πŸ”₯6πŸ‘3πŸ‘2
EvilTokens phishing can look clean during URL checks.

The real page stays encrypted until it opens in the victim’s browser, then uses Microsoft device-code phishing to push toward Microsoft 365 account takeover.

The blind spot is browser visibility, not just email scanning.

Read: https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html
πŸ‘1
🚨 Your developers’ AI coding assistants are tripping endpoint alarms built to catch intruders.

Sophos says #Claude Code, Cursor, and OpenAI Codex triggered rules for DPAPI browser credential access, cmdkey /list, certutil-to-bitsadmin downloads, and startup-folder writes.

Read the full story: https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html
πŸ”₯2πŸ‘2