Breaking News – Cyber Threats (last 6h)
Generated: 2026-07-07 13:00 PDT
- Chinese hackers develop LONGLEASH malware to expand ORB network
BleepingComputer • 2026-07-07 11:52 • www.bleepingcomputer.com
Chinese hackers tracked as ‘UAT-7810’ are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers. […]
https://www.bleepingcomputer.com/news/security/chinese-hackers-develop-longleash-malware-to-expand-orb-network/ - More Odd DNS Records: NIMLOC, (Tue, Jul 7th)
SANS ISC Diary (full) • 2026-07-07 11:09 • isc.sans.eduYesterday, I talked about NAPTR records and how they are related to RCS. But there is another “odd” record that shows up in my DNS logs. This one isn't new, but I don't think I ever covered it: NIMLOC. At least that is what Zeek calls it. But let's see what it is all about.
- Hidden backdoor in Tenda router firmware grants admin access
BleepingComputer • 2026-07-07 10:27 • www.bleepingcomputer.com
A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain administrative access to the device’s web management panel. […]
https://www.bleepingcomputer.com/news/security/hidden-backdoor-in-tenda-router-firmware-grants-admin-access/ - RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
The Hacker News • 2026-07-07 10:10 • thehackernews.com
A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim’s phone, steal their banking logins, and capture the one-time codes that protect their accounts.Zimperium’s zLabs, which found the operation, says it looks like a new variant of Oblivion, a $300-a-month rent-a-malware tool
https://thehackernews.com/2026/07/redwing-maas-packages-android-bank.html - Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
The Hacker News • 2026-07-07 09:37 • thehackernews.com
A critical flaw in Google’s Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project.From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password.
Security firm Varonis found it
https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html - Spain arrests suspected member of pro-Russian hacktivist groups
BleepingComputer • 2026-07-07 08:21 • www.bleepingcomputer.com
The National Police in Spain have arrested a man who is suspected of being an active member of the CyberArmy of Russia Reborn (CARR) and Z-Pentest, both pro-Russian hacktivist groups. […]
https://www.bleepingcomputer.com/news/security/spain-arrests-suspected-member-of-pro-russian-hacktivist-groups/ - DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
The Hacker News • 2026-07-07 08:14 • thehackernews.com
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC.“The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the legitimate Microsoft device login experience,
https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html - Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
The Hacker News • 2026-07-07 07:04 • thehackernews.com
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization’s private repositories, researchers at Noma Security have shown.The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones
https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html - The GitHub Actions Attack Pattern Your CI Security Scanners Miss
BleepingComputer • 2026-07-07 07:01 • www.bleepingcomputer.com
ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn’t guarantee a secure pipeline, and how organizations can better govern their CI/CD workflows. […]
https://www.bleepingcomputer.com/news/security/the-github-actions-attack-pattern-your-ci-security-scanners-miss/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
