Categories Breaking News

Breaking News – Cyber Threats – 2026-07-08 13:00 PDT

Breaking News – Cyber Threats (last 6h)

Generated: 2026-07-08 13:00 PDT

  • Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
    BleepingComputer • 2026-07-08 12:54 • www.bleepingcomputer.com
    Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications. […]
    https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/
  • Hackers exploit Roundcube flaw to spy on academic researchers
    BleepingComputer • 2026-07-08 11:56 • www.bleepingcomputer.com
    A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. […]
    https://www.bleepingcomputer.com/news/security/hackers-exploit-roundcube-flaw-to-spy-on-academic-researchers/
  • AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
    The Hacker News • 2026-07-08 10:02 • thehackernews.com
    Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders.

    The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like an attack.

    Decrypting browser credentials, listing what sits in Windows’ credential store,
    https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html

  • Entra passkey enrollment vishing targets Microsoft 365 users
    BleepingComputer • 2026-07-08 09:47 • www.bleepingcomputer.com
    A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. […]
    https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/
  • New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
    The Hacker News • 2026-07-08 08:07 • thehackernews.com
    AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist.

    New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register them first, and wait for the assistant to fetch your trap on a user’s
    https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html

  • Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
    The Hacker News • 2026-07-08 07:38 • thehackernews.com
    Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.

    The list of vulnerabilities is as follows –

    CVE-2026-50746 (CVSS score: 10.0) – An improper access control vulnerability in UniFi Connect Application that an attacker
    https://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html

  • 3 Ways AI Powers Service Desk Attacks and How to Prevent Them
    BleepingComputer • 2026-07-08 07:01 • www.bleepingcomputer.com
    Specops Software explains how AI is making service desk impersonation attacks more convincing, personalized, and scalable, along with practical steps organizations can take to strengthen onboarding and identity verification. […]
    https://www.bleepingcomputer.com/news/security/3-ways-ai-powers-service-desk-attacks-and-how-to-prevent-them/

Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.

Written By

More From Author

You May Also Like