-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Vulnerability | Breaking Cybersecurity News | The Hacker News

Category — Vulnerability
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

Jul 08, 2026 AI Security / Botnet
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call  HalluSquatting , turns that habit into an attack: work out the fake names an AI reliably invents, register them first, and wait for the assistant to fetch your trap on a user's behalf. Anyone whose AI assistant can fetch an outside resource and then run commands with little human review is exposed. In tests, that path led the assistant to run attacker-supplied code on the machine. Repeat it with a popular enough resource, and one planted name can reach many machines, which is why the researchers frame it as a way to assemble a botnet. How it works The attack chains two AI quirks. The first is a  hallucination : an AI making something up and presenting it as real. The second is a  prompt injection : a booby-trapped instruction that hijacks the AI, so i...
Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Jul 08, 2026 Vulnerability / Network Security
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution. The list of vulnerabilities is as follows - CVE-2026-50746 (CVSS score: 10.0) - An improper access control vulnerability in UniFi Connect Application that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 3.4.16 and earlier; fixed in version 3.4.20) CVE-2026-50747 (CVSS score: 9.9) - A series of authenticated SQL injection vulnerabilities in UniFi Talk Application that an attacker with access to the network could exploit to escalate privileges on the host device. (Affects versions 5.1.2 and earlier; fixed in version 5.2.2) CVE-2026-50748 (CVSS score: 9.9) - An improper input validation vulnerability in UniFi Access Application that an attacker with access to the network coul...
GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

Jul 08, 2026 DevSecOps / Open Source Security
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps "Verified." Everything a reviewer would check matches. The commit's hash does not. That matters because so many systems treat a verified commit hash as a permanent, unique name for its contents. Here is the concrete failure: block a bad commit by its hash, and an attacker can re-push the same content under a fresh, still-"Verified" hash your blocklist has never seen. Deduplication, provenance logs, and reproducible-build records that key on the hash inherit the same soft spot. A compromised or hostile mirror can hand cloners validly signed commits whose hashes differ from those on the canonical forge. What this is not is a way to slip different code past a sig...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

Jul 08, 2026 Malware / Network Security
A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices. According to findings from Cisco Talos, UAT-7810 is an advanced persistent threat (APT) actor that's responsible for maintaining and proliferating LapDogs , an ORB network that first came to light in June 2025. "UAT-7810 is most likely tasked with establishing Operational Relay Box (ORB) networks that can then be leveraged by associated secondary threat actors to conduct their own malicious attacks against high value targets," researchers Jungsoo An, Asheer Malhotra, Vanja Svajcer, and Brandon White said . One such China-nexus threat actor that has leveraged the infrastructure in its own attacks is UAT-5918 , which has been linked to cyber attacks targeting critical infrastructure entities in Taiwan since at least 2023 with an aim to establish persistent access within victim envir...
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

Jul 08, 2026 Vulnerability / Cloud Security
Researchers at  Nebula Security  have disclosed GhostLock ( CVE-2026-43499 ), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no network access; ordinary threading calls from any local program are enough. Nebula turned it into a working root exploit that is 97% reliable in its testing and also escapes containers, and says Google awarded the team $92,337 through its  kernelCTF  bug-bounty program. No one is known to be exploiting it in the wild, but Nebula has published  working exploit code , so anyone can now run it. Patching is the priority. How the bug works The kernel has a system for keeping an urgent task from getting stuck behind a trivial one. Part of it is a cleanup step that tidies up after a task...
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

Jul 08, 2026 AI Security / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of the current user. CVE-2026-56290 (CVSS score: 10.0) - An improper access control vulnerability in Joomlack Page Builder that could allow for remote code execution via unauthenticated arbitrary file upload. CVE-2026-55255 (CVSS score: 6.1) - An authorization bypass through a user-controlled key vulnerability in Langflow that could allow an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. CVE-2026-48908 (CVSS score: 10.0) - An unrestricted upload of a file with a dangerous type vulnerability in JoomShaper SP P...
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

Jul 07, 2026 AI Security / Vulnerability
A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password. Security firm Varonis found it and named it Rogue Agent. The flaw affected only organizations that built agents with Dialogflow's Playbooks and custom Code Blocks, which let developers add their own Python. And it was not a remote, unauthenticated attack. Pulling it off needed the dialogflow.playbooks.update permission on one such agent, which limits the realistic attacker to a malicious insider or a compromised developer account, not a stranger on the internet. From that one foothold, though, the reach extended to every agent in the project. Google has fixed it, and both Varonis and Google say there is no sig...
Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

Jul 07, 2026 Vulnerability / AI Security
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones included, the issue can steer it into pulling private contents into a public comment. Noma calls the technique GitLost . The target is GitHub Agentic Workflows , a feature now in public preview that GitHub launched in February. Instead of writing automation scripts, you write instructions to an AI agent in plain English in a Markdown file. The agent reads issues and pull requests, runs tools, and replies on its own. It can be powered by GitHub Copilot, Anthropic's Claude, Google Gemini, or OpenAI Codex. Workflows are read-only by default, but an organization can hand one a token with...
Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

Jul 07, 2026 AI Security / Vulnerability
Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer , an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team. "An outsider could go from having no access to taking over any Writer AI organization inside industry-leading enterprises, with nothing more than a link," the cybersecurity company said in a report shared with The Hacker News. Put differently, the shortcoming could be abused to take over a victim's Writer account, and use it to access private chats, documents, and other sensitive data related to agents, configurations, private models, connectors, and large language model (LLM) credentials. Even worse, it could be abused to seize administrative control depending on the victim's role. An important aspect of the flaw is that the attacker and the...
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

Jul 07, 2026 Email Security / Vulnerability
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials, followed by either the deployment of a web shell for persistent access or a known post-exploitation tool called VShell . The emerging threat cluster is being tracked by Proofpoint under the moniker UNK_MassTraction . It was first detected in May 2026, specifically focusing on administrators and professors in departments with either national security ties or entities studying astrophysics and particle physics. "The emails targeting university departments used both compromised senders, as well as abused domains vulnerable to spoofing due to lax DMARC policy to send the emails," the ...
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

Jul 07, 2026
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this vulnerability, tracked as CVE-2026-11405 , to bypass the password verification process and obtain full administrative control without valid credentials," the CERT/CC said in an alert. The vulnerability impacts multiple versions of the firmware - US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE US_AC10V1.0re_V15.03.06.46_multi_TDE01 US_AC5V1.0RTL_V15.03.06.48_multi_TDE01 US_AC6V2.0RTL_V15.03.06.51_multi_T The backdoor functionality is present within the "login()" function of the "/bin/httpd" web server binary. While the method initially follows a normal authentication path using MD5-based p...
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

Jul 07, 2026 Vulnerability / Enterprise Security
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-2026-40138 (CVSS score: 9.2) - A pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access stemming from improper validation of authentication data that could allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. CVE-2026-40139 (CVSS score: 9.2) - A pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support stemming from improper processing of authentication requests that could allow an unauthenticated remote attacker to bypass access controls and gain unauthorized ...
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

Jul 06, 2026 Threat intelligence / Malware
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research under the moniker Cavern Manticore , which it said shares some level of tactical overlaps with MuddyWater and Lyceum , the latter of which is assessed to be a subgroup within OilRig . "The framework reflects a mature and adaptable toolset built around a shared .NET foundation, while using multiple compilation formats across different components, including .NET Framework, .NET Mixed-Mode C++/CLI, and .NET Native AOT ," the cybersecurity company said . "The compilation format itself becomes the anti-analysis layer that forces reverse engineers into multiple toolsets and me...
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

Jul 06, 2026 Linux / Vulnerability
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed ' Januscape ' and tracked as  CVE-2026-53359 , the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit turns the same bug into full host code execution. Security researcher  Hyunwoo Kim (@v4bel) found and reported the bug. He described Januscape as the first guest-to-host exploit triggerable on both Intel and AMD, to the best of public knowledge. The flaw went unnoticed for roughly 16 years. According to Kim, the exploit was used as a zero-day submission in  Google's kvmCTF , the controlled KVM vulnerability reward program that offers up to $250,000 for full guest-to-host escapes. How It Works To run a virtual machine, KVM keeps its own private set of page tables that mi...
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Jul 06, 2026 Vulnerability / DevOps
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig . The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated access. In a statement shared with The Hacker News via email, security researcher Ali Mustafa (@rz1027), who is credited with discovering and reporting the flaw, said the Gitea Docker images shipped an "app.ini" template that hard-codes "REVERSE_PROXY_TRUSTED_PROXIES = *" by default. The " app.ini " file is a core configuration file for managing server parameters, database connections, security behavior, and application settings. "With reverse-proxy login enabled, that wildcard trusts every source IP, so anyone who could reach the port could...
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

Jul 06, 2026 Cybersecurity / Hacking
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust placed one layer too early. Below is the full recap, since this is apparently what counted as a normal week. ⚡ Threat of the Week NetNut Residential Proxy Network Disrupted — Google, in collaboration with the U.S. Federal Bureau of Investigation (FBI), Lumen, and other partners, took action against the NetNut residential proxy network, also known as Popa, building upon its takedown of IPIDEA in January 2026. Google said it disabled Google accounts and associated Google services used by NetNut for malware command-and-control (C2) and updated Google Play Protect, in addition to disabling ...
Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

Jul 06, 2026 Vulnerability / Web Security
Researchers found a flaw in  Opera GX , the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit, with no click. Opera has patched the flaw and says it found no evidence that it was ever used in the wild. The fix shipped in Opera GX version 130.0.5847.89, so anyone on a current build is already covered; you can confirm yours at opera://about. There is no CVE. Because the attack needed no clicks or approvals, there was no workaround short of the patch. Opera's bug bounty team rated the issue P1, its top severity, and paid the maximum $5,000 award for a critical bug. How the attack works GX Mods let you reskin Opera GX with custom sounds, themes, wallpapers, and CSS that restyles the sites you visit. They ship as .crx files, like browser...
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

Jul 06, 2026 AI Security / Threat Detection
Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a  new study  from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested more than 90% of the time, and the same team built a runtime checker that catches most of the disguised skills the scanners miss. Skills are small packages, usually a Markdown instruction file plus a few scripts, that agents such as Claude Code, OpenAI Codex, and OpenClaw load to pick up a new capability. Because a skill is just a bundle of files, the same one can run across different agents. And it runs with the agent's own access: your files, your terminal, your saved passwords. A bad one can steal credentials, copy source code, or install a backdoor. Most of what a public marketplace lists is uploaded by strangers with little vetting. The main defense so far has been th...
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Jul 03, 2026 Vulnerability / IoT Security
Security firm runZero has disclosed seven vulnerabilities in  FatFs , a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built on real-time operating systems. On the worst-affected systems, an attacker who gets a booby-trapped USB drive, SD card, or update file onto a device can corrupt its memory and run their own code. Many embedded devices lack the memory protections found on phones and desktops, which is why runZero says "any physical access leads to a jailbreak." A public kiosk, a camera with an SD slot, an ATM, or a voting machine with a USB port should not hand over full control after a moment of physical access, but here it can. All seven bugs work the same basic way. The device tries to read a storage vo...
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

Jul 02, 2026 Hacking News / Cybersecurity News
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runs through the stories below.
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources