Categories Uncategorized

Top Security Breaches 2026-07-07

Top Security Breaches 2026-07-07

Auto-generated 2026-07-07T09:00:27.115209+00:00 (UTC)

  1. U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

    Source: The Hacker News | Published: 2026-07-04T12:47:53+00:00 | Score: 18.347
    lead image

    A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left.

    The odd part: the group that took the money calls itself Kairos, but it may not be a ransomware gang at all. Krishnan found no sign that it ever locked a single

  2. New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions

    Source: The Hacker News | Published: 2026-07-06T08:50:54+00:00 | Score: 14.398
    lead image

    Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode.

    But TrojPix works only once malware is already on the target machine, so it

  3. AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

    Source: The Hacker News | Published: 2026-07-02T09:13:13+00:00 | Score: 14.103
    lead image

    Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent.

    Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company’s production database.

    Ransomware has always

  4. Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

    Source: The Hacker News | Published: 2026-07-06T10:58:16+00:00 | Score: 14.065
    lead image

    A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts.

    The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.

  5. ⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

    Source: The Hacker News | Published: 2026-07-06T13:01:14+00:00 | Score: 13.55
    lead image

    A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary.

    Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust

  6. New Avalon Malware Framework Packs CrownX Ransomware Capabilities

    Source: The Hacker News | Published: 2026-07-03T18:55:24+00:00 | Score: 12.724
    lead image

    Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that’s distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls.

    Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one

  7. Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

    Source: The Hacker News | Published: 2026-06-30T17:46:07+00:00 | Score: 12.71
    lead image

    New Microsoft research shows how attackers can hijack AI agents that act on a user’s behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider.

    The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire.

    The work comes from Microsoft Incident Response and its

  8. Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

    Source: The Hacker News | Published: 2026-07-02T18:30:33+00:00 | Score: 12.419
    lead image

    Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.

    “Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral

End of report.

Written By

More From Author

You May Also Like