Breaking News – Cyber Threats (last 6h)
Generated: 2026-07-02 03:00 PDT
- AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
The Hacker News • 2026-07-02 02:13 • thehackernews.com
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent.Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company’s production database.
Ransomware has always
https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html - Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects
Securelist • 2026-07-02 02:00 • securelist.com
Kaspersky Compromise Assessment specialists analyze trends from the service’s 2025 projects and provide tips on how to enhance your organization’s security.
https://securelist.com/compromise-assessment-findings-2025/120542/ - Alleged Scattered Spider hacker extradited to the United States
BleepingComputer • 2026-07-02 01:58 • www.bleepingcomputer.com
A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. […]
https://www.bleepingcomputer.com/news/security/alleged-scattered-spider-hacker-extradited-to-the-united-states/ - FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
The Hacker News • 2026-07-02 01:00 • thehackernews.com
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions.“An operator tied to FortiBleed’s infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment
https://thehackernews.com/2026/07/fortibleed-credential-theft-linked-to.html - New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
The Hacker News • 2026-07-02 00:24 • thehackernews.com
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs.Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack and
https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html - SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
The Hacker News • 2026-07-01 22:46 • thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue
https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html - Medtronic notifies customers impacted by ShinyHunters data breach
BleepingComputer • 2026-07-01 21:25 • www.bleepingcomputer.com
Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. […]
https://www.bleepingcomputer.com/news/security/medtronic-notifies-customers-impacted-by-shinyhunters-data-breach/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
