Breaking News – Cyber Threats (last 6h)
Generated: 2026-07-06 08:00 PDT
- Software Is Now Written at the Speed of Thought. Security Isn't.
BleepingComputer • 2026-07-06 07:00 • www.bleepingcomputer.com
Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security decisions have traditionally taken place. […]
https://www.bleepingcomputer.com/news/security/software-is-now-written-at-the-speed-of-thought-security-isnt/ - RCS and DNS: The NAPTR Record, (Mon, Jul 6th)
SANS ISC Diary (full) • 2026-07-06 06:35 • isc.sans.eduOver the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer formatting, provides added (but optional) security. RCS messages may be end-to-end encrypted and digitally signed. Unlike SMS, which was “bolted on” to existing voice-focused phone standards. The SMS standard was based on old-fashioned pagers and allowed for limited clear-text communications. RCS is built from the ground up around modern IP-based network infrastructure and…
https://isc.sans.edu/diary/rss/33124 - Max severity Adobe ColdFusion flaw now exploited in attacks
BleepingComputer • 2026-07-06 06:18 • www.bleepingcomputer.com
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. […]
https://www.bleepingcomputer.com/news/security/max-severity-adobe-coldfusion-flaw-now-exploited-in-attacks/ - ⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
The Hacker News • 2026-07-06 06:01 • thehackernews.com
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary.Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust
https://thehackernews.com/2026/07/monday-recap-proxy-botnets-browser.html - ISC Stormcast For Monday, July 6th, 2026 https://isc.sans.edu/podcastdetail/9994, (Mon, Jul 6th)
SANS ISC Diary (full) • 2026-07-06 04:36 • isc.sans.edu
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
https://isc.sans.edu/diary/rss/33122 - How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
The Hacker News • 2026-07-06 04:30 • thehackernews.com
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation.Whether a platform will materially change outcomes for
https://thehackernews.com/2026/07/how-to-evaluate-ai-soc-platform-in-2026.html - Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
The Hacker News • 2026-07-06 03:58 • thehackernews.com
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts.The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.
https://thehackernews.com/2026/07/suspected-china-nexus-hackers-use-fake.html - France to Stop Certifying Non-Quantum-Safe Encryption
Schneier on Security • 2026-07-06 03:45 • www.schneier.comFrance is accelerating its transition to post-quantum encryption:
France’s cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems.
Samih Souissi, ANSSI’s chief of staff, said at the France Quantum conference that the agency would halt such certifications fr…
https://www.schneier.com/blog/archives/2026/07/france-to-stop-certifying-non-quantum-safe-encryption.html - When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website
Securelist • 2026-07-06 02:00 • securelist.com
The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it.
https://securelist.com/microsoft-device-code-phishing-attack/120350/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
