Categories Breaking News

Breaking News – Cyber Threats – 2026-07-09 13:00 PDT

Breaking News – Cyber Threats (last 6h)

Generated: 2026-07-09 13:00 PDT

  • Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
    The Hacker News • 2026-07-09 11:38 • thehackernews.com
    Datadog Security Labs is warning of “several overlapping campaigns” that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API.

    “Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old, or compromised OAuth tokens and personal
    https://thehackernews.com/2026/07/dormant-github-accounts-help-attackers.html

  • New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
    The Hacker News • 2026-07-09 11:08 • thehackernews.com
    Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from.

    Each is a different way to break a machine: wipe the whole disk, overwrite the Windows drive, or run fake “ransomware” that scrambles files with a key it never saves
    https://thehackernews.com/2026/07/new-gigawiper-windows-backdoor-bundles.html

  • New Helix vishing group emerges in SharePoint data theft attacks
    BleepingComputer • 2026-07-09 10:08 • www.bleepingcomputer.com
    A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. […]
    https://www.bleepingcomputer.com/news/security/new-helix-vishing-group-emerges-in-sharepoint-data-theft-attacks/
  • Microsoft expects more Windows security updates from AI-discovered flaws
    BleepingComputer • 2026-07-09 10:00 • www.bleepingcomputer.com
    Microsoft says Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase. […]
    https://www.bleepingcomputer.com/news/microsoft/microsoft-expects-more-windows-security-updates-from-ai-discovered-flaws/
  • npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
    The Hacker News • 2026-07-09 09:49 • thehackernews.com
    GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).

    The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in –

    allowScripts defaults to off, meaning
    https://thehackernews.com/2026/07/npm-12-disables-install-scripts-by.html

  • ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories
    The Hacker News • 2026-07-09 08:09 • thehackernews.com
    Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it.

    This week is full of that kind of damage. Not loud. Not clever. Just small gaps doing big jobs. The worst part is how normal it all looks until the bill arrives.

    The full ThreatsDay list is below.

    Global
    https://thehackernews.com/2026/07/threatsday-cloud-bucket-hijacking.html

  • New Forg365 phishing platform uses AI to target Microsoft 365 accounts
    BleepingComputer • 2026-07-09 07:39 • www.bleepingcomputer.com
    A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation. […]
    https://www.bleepingcomputer.com/news/security/new-forg365-phishing-platform-uses-ai-to-target-microsoft-365-accounts/
  • The Hidden Security Risks of Reduced Summer IT Coverage
    BleepingComputer • 2026-07-09 07:02 • www.bleepingcomputer.com
    Security operations don’t slow down when IT teams take vacation, but staffing levels often do. Kaseya explains how AI-driven automation can help organizations maintain consistent security operations and reduce reliance on manual processes year-round. […]
    https://www.bleepingcomputer.com/news/security/the-hidden-security-risks-of-reduced-summer-it-coverage/

Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.

Written By

More From Author

You May Also Like