-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Vulnerability | Breaking Cybersecurity News | The Hacker News

Category — Vulnerability
TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

Jul 15, 2026 IoT Security / Network Security
Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results. "While the AI complied with their request to generate botnet code, it included a safety disclaimer that the developer failed to remove before shipping," Palo Alto Networks Unit 42 said . "Although the LLM clearly aided in constructing the botnet, several functions in the analyzed samples failed to work correctly." The cybersecurity company said a manual code review would have resolved these errors and that it's possible more polished iterations of the malware exist out there in the wild. The botnet framework consists of multiple components: a C-based bot agent that cross-compiles for multiple architectures (e.g., ARM, MIPS, MIPSEL, MIPS64, x86_64, PowerPC, and RISC-V), a Go-based command-...
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Jul 15, 2026 Vulnerability / Browser Security
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - CVE-2026-15718 , an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719 , a site isolation in the DOM: Navigation component "We are aware that exploit code for this is public, however we are not aware of any attacks in the wild abusing this flaw," Mozilla said in an advisory. Both vulnerabilities have been addressed in Firefox version 152.0.6. The release comes as Google shipped fixes for 15 security flaws, including two critical use-after-free bugs in Ozone ( CVE-2026-15764 and CVE-2026-15765 ), a cross-platform abstraction layer that allows the browser to interact natively with various display servers and windowing systems. It supports Linux, ChromeOS, and Fuchsia. "Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker ...
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Jul 15, 2026 Vulnerability / Enterprise Security
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse ) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a core system component that manages user accounts and environments. "The PoC requires another standard user credential and a third username (which can be an administrator account)," Chaotic Eclipse said . "If the PoC is successful, it will end up mounting the target user hive in the current user classes root." The researcher said the exploit was stripped down to prevent public exploitation, adding the original exploit did not require additional user credentials and was not limited to the "usrclass.dat" hive. "Any hive could be loaded using this vulnerability, but you would need some brain cells to make the PoC do it," the researc...
cyber security

The AI Security Starter Pack

websiteWizAI Security / Cloud Security
Unlock 7 of the most widely used AI security resources in one place. Each asset provides practical tools for securing AI apps, models, and agents.
cyber security

11 real-world stories proving how identity drift opens active attack paths

websiteXM CyberIdentity Security / Exposure Management
Learn how attackers leverage privilege drift to reach critical assets across 11 architectural teardowns.
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Jul 15, 2026 Endpoint Security / Vulnerability
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open. No prompt injection, no agent, no model in the loop, and no prior access to the machine: opening the folder is the entire exploit, and the result is arbitrary code execution as the logged-in user. AI security firm Mindgard reported the flaw to Cursor on December 15, 2025 and  published full technical details  on Tuesday, seven months later. There is still no patch, and Cursor has published no advisory for the issue. The mechanism takes about a sentence. Cursor checks several locations for a Git binary when a project loads, and one of them is the workspace itself. Process Monitor output in t...
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Jul 15, 2026 Vulnerability / Enterprise Security
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 (CVSS score: 10.0) - A Server-side request forgery (SSRF) vulnerability that a remote unauthenticated attacker could exploit to potentially cause the appliance to make requests to an unintended location. CVE-2026-15410 (CVSS score: 7.2) - A post-authentication code injection vulnerability rooted in the Appliance Management Console (AMC) that a remote authenticated attacker could exploit to execute arbitrary operating system commands as administrator under certain conditions. SonicWall said it has "investigated multiple cases indicating the active exploitation of the vulnerabilities," urging customers to apply the fixes as soon as possible. The patches are available in the following versions - 12.4...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources