Top Security Breaches 2026-07-07
Auto-generated 2026-07-07T09:00:27.115209+00:00 (UTC)
-
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
Source: The Hacker News | Published: 2026-07-04T12:47:53+00:00 | Score: 18.347
A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left.
The odd part: the group that took the money calls itself Kairos, but it may not be a ransomware gang at all. Krishnan found no sign that it ever locked a single
-
New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
Source: The Hacker News | Published: 2026-07-06T08:50:54+00:00 | Score: 14.398
Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode.
But TrojPix works only once malware is already on the target machine, so it
-
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Source: The Hacker News | Published: 2026-07-02T09:13:13+00:00 | Score: 14.103
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent.
Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company’s production database.
Ransomware has always
-
Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
Source: The Hacker News | Published: 2026-07-06T10:58:16+00:00 | Score: 14.065
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts.
The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.
-
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
Source: The Hacker News | Published: 2026-07-06T13:01:14+00:00 | Score: 13.55
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary.
Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust
-
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
Source: The Hacker News | Published: 2026-07-03T18:55:24+00:00 | Score: 12.724
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that’s distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls.
Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one
-
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
Source: The Hacker News | Published: 2026-06-30T17:46:07+00:00 | Score: 12.71
New Microsoft research shows how attackers can hijack AI agents that act on a user’s behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider.
The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire.
The work comes from Microsoft Incident Response and its
-
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Source: The Hacker News | Published: 2026-07-02T18:30:33+00:00 | Score: 12.419
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.
“Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
End of report.
