Categories Breaking News

Breaking News – Cyber Threats – 2026-07-06 03:00 PDT

Breaking News – Cyber Threats (last 6h)

Generated: 2026-07-06 03:00 PDT

  • When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website
    Securelist • 2026-07-06 02:00 • securelist.com
    The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it.
    https://securelist.com/microsoft-device-code-phishing-attack/120350/
  • New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
    The Hacker News • 2026-07-06 01:50 • thehackernews.com
    Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode.

    But TrojPix works only once malware is already on the target machine, so it
    https://thehackernews.com/2026/07/new-trojpix-attack-leaks-data-from-air.html

  • New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
    The Hacker News • 2026-07-06 01:13 • thehackernews.com
    Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that’s capable of targeting Windows, Linux, and macOS environments.

    According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for one month to $1,200 for lifetime access. Other subscription tiers include $300 for
    https://thehackernews.com/2026/07/new-java-based-quimarat-maas-built-to.html

  • Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
    The Hacker News • 2026-07-06 00:27 • thehackernews.com
    Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits.

    In a proof of concept, they reconstructed a signed-in user’s full Gmail address from a single visit, with no click. Opera has patched the flaw and says it found no evidence that
    https://thehackernews.com/2026/07/opera-gx-flaw-let-malicious-sites-auto.html

  • SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
    The Hacker News • 2026-07-05 23:33 • thehackernews.com
    Scanners meant to catch malicious add-on “skills” for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology.

    Their strongest trick slipped past every scanner tested more than 90% of the time, and the same team built a runtime checker that catches most of the
    https://thehackernews.com/2026/07/new-skillcloak-technique-lets-malicious.html

Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.

Written By

More From Author

You May Also Like