Categories Breaking News

Breaking News – Cyber Threats – 2026-07-07 13:00 PDT

Breaking News – Cyber Threats (last 6h)

Generated: 2026-07-07 13:00 PDT

  • Chinese hackers develop LONGLEASH malware to expand ORB network
    BleepingComputer • 2026-07-07 11:52 • www.bleepingcomputer.com
    Chinese hackers tracked as ‘UAT-7810’ are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers. […]
    https://www.bleepingcomputer.com/news/security/chinese-hackers-develop-longleash-malware-to-expand-orb-network/
  • More Odd DNS Records: NIMLOC, (Tue, Jul 7th)
    SANS ISC Diary (full) • 2026-07-07 11:09 • isc.sans.edu

    Yesterday, I talked about NAPTR records and how they are related to RCS. But there is another “odd” record that shows up in my DNS logs. This one isn't new, but I don't think I ever covered it: NIMLOC. At least that is what Zeek calls it. But let's see what it is all about.


    https://isc.sans.edu/diary/rss/33128

  • Hidden backdoor in Tenda router firmware grants admin access
    BleepingComputer • 2026-07-07 10:27 • www.bleepingcomputer.com
    A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain administrative access to the device’s web management panel. […]
    https://www.bleepingcomputer.com/news/security/hidden-backdoor-in-tenda-router-firmware-grants-admin-access/
  • RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
    The Hacker News • 2026-07-07 10:10 • thehackernews.com
    A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim’s phone, steal their banking logins, and capture the one-time codes that protect their accounts.

    Zimperium’s zLabs, which found the operation, says it looks like a new variant of Oblivion, a $300-a-month rent-a-malware tool
    https://thehackernews.com/2026/07/redwing-maas-packages-android-bank.html

  • Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
    The Hacker News • 2026-07-07 09:37 • thehackernews.com
    A critical flaw in Google’s Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project.

    From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password.

    Security firm Varonis found it
    https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html

  • Spain arrests suspected member of pro-Russian hacktivist groups
    BleepingComputer • 2026-07-07 08:21 • www.bleepingcomputer.com
    The National Police in Spain have arrested a man who is suspected of being an active member of the CyberArmy of Russia Reborn (CARR) and Z-Pentest, both pro-Russian hacktivist groups. […]
    https://www.bleepingcomputer.com/news/security/spain-arrests-suspected-member-of-pro-russian-hacktivist-groups/
  • DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
    The Hacker News • 2026-07-07 08:14 • thehackernews.com
    A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC.

    “The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the legitimate Microsoft device login experience,
    https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html

  • Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
    The Hacker News • 2026-07-07 07:04 • thehackernews.com
    A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization’s private repositories, researchers at Noma Security have shown.

    The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones
    https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html

  • The GitHub Actions Attack Pattern Your CI Security Scanners Miss
    BleepingComputer • 2026-07-07 07:01 • www.bleepingcomputer.com
    ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn’t guarantee a secure pipeline, and how organizations can better govern their CI/CD workflows. […]
    https://www.bleepingcomputer.com/news/security/the-github-actions-attack-pattern-your-ci-security-scanners-miss/

Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.

Written By

More From Author

You May Also Like