Breaking News – Cyber Threats (last 6h)
Generated: 2026-07-08 13:00 PDT
- Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
BleepingComputer • 2026-07-08 12:54 • www.bleepingcomputer.com
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications. […]
https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/ - Hackers exploit Roundcube flaw to spy on academic researchers
BleepingComputer • 2026-07-08 11:56 • www.bleepingcomputer.com
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. […]
https://www.bleepingcomputer.com/news/security/hackers-exploit-roundcube-flaw-to-spy-on-academic-researchers/ - AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
The Hacker News • 2026-07-08 10:02 • thehackernews.com
Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders.The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like an attack.
Decrypting browser credentials, listing what sits in Windows’ credential store,
https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html - Entra passkey enrollment vishing targets Microsoft 365 users
BleepingComputer • 2026-07-08 09:47 • www.bleepingcomputer.com
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. […]
https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/ - New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
The Hacker News • 2026-07-08 08:07 • thehackernews.com
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist.New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register them first, and wait for the assistant to fetch your trap on a user’s
https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html - Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
The Hacker News • 2026-07-08 07:38 • thehackernews.com
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.The list of vulnerabilities is as follows –
CVE-2026-50746 (CVSS score: 10.0) – An improper access control vulnerability in UniFi Connect Application that an attacker
https://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html - 3 Ways AI Powers Service Desk Attacks and How to Prevent Them
BleepingComputer • 2026-07-08 07:01 • www.bleepingcomputer.com
Specops Software explains how AI is making service desk impersonation attacks more convincing, personalized, and scalable, along with practical steps organizations can take to strengthen onboarding and identity verification. […]
https://www.bleepingcomputer.com/news/security/3-ways-ai-powers-service-desk-attacks-and-how-to-prevent-them/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
