Categories Breaking News

Breaking News – Cyber Threats – 2026-07-10 08:00 PDT

Breaking News – Cyber Threats (last 6h)

Generated: 2026-07-10 08:00 PDT

  • Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws
    The Hacker News • 2026-07-10 07:19 • thehackernews.com
    Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host.

    A brief description of the high-severity vulnerabilities is as follows –

    GHSA-hjr6-g723-hmfm (CVSS score: 8.8) – An operating system
    https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html

  • The Replicant in Your Directory: AI Agents and the Identity Security Gap
    BleepingComputer • 2026-07-10 07:00 • www.bleepingcomputer.com
    AI agents are accelerating the growth of non-human identities, making it harder for organizations to understand what exists, who owns it, and what it can access. Netwrix explains why stronger visibility and identity governance are essential as AI expands the enterprise attack surface. […]
    https://www.bleepingcomputer.com/news/security/the-replicant-in-your-directory-ai-agents-and-the-identity-security-gap/
  • New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic
    The Hacker News • 2026-07-10 06:15 • thehackernews.com
    The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON.

    Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware via counterfeit installers using SEO poisoning techniques, it belies their true organizational
    https://thehackernews.com/2026/07/new-modbeacon-rat-uses-grpc-streaming.html

  • Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
    The Hacker News • 2026-07-10 04:47 • thehackernews.com
    A single wrong variable on one line in XQUIC, Alibaba’s QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch.

    FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed packets: about 260 bytes of ordinary QPACK traffic takes the server
    https://thehackernews.com/2026/07/unpatched-xring-flaw-in-xquic-lets.html

  • Zimbra urges customers to patch critical web client XSS flaw
    BleepingComputer • 2026-07-10 04:47 • www.bleepingcomputer.com
    The Zimbra security team urged customers to patch a critical vulnerability affecting the Classic Web Client used to access the Zimbra Collaboration suite. […]
    https://www.bleepingcomputer.com/news/security/zimbra-urges-customers-to-patch-critical-web-client-xss-flaw/
  • From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale
    The Hacker News • 2026-07-10 04:39 • thehackernews.com
    Most enterprises assume their asset inventory is close enough to accurate. The evidence suggests otherwise. According to a survey of over 600 security leaders in the 2026 Axonius Actionability Report, only 45% of organizations consolidate their asset and exposure data into a single view, and every downstream security program inherits whatever the inventory gets wrong.

    Lumen Technologies, a
    https://thehackernews.com/2026/07/from-17000-to-11-million-assets-how.html

  • Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
    The Hacker News • 2026-07-10 04:30 • thehackernews.com
    A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation’s inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites.

    Far fewer were actually broken into, but the exposed files showed researchers how a mass site-hacking operation runs from the inside.

    The operation, now tracked as
    https://thehackernews.com/2026/07/exposed-hacker-server-reveals-wp.html

  • AI Surveillance and Social Progress
    Schneier on Security • 2026-07-10 04:02 • www.schneier.com

    In the near future, AI-powered surveillance systems will be able to track everything we do in public, and much of what we do in private. And if we do something wrong—shoplift, litter, jaywalk, you name it—the system will notice, retain it, tie it to your official government record, communicate that fact to you, and provide real-time alerts to any relevant authorities… and maybe also to the general public.

    Think of these systems as automated speed cameras, but on steroids. Only they&#821…
    https://www.schneier.com/blog/archives/2026/07/ai-surveillance-and-social-progress.html

  • Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking
    The Hacker News • 2026-07-10 03:56 • thehackernews.com
    Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure.

    The apps flagged with at least one problem have been installed more than 2.4 billion times.

    The problems are basic, not sophisticated. 29 apps let user traffic leak outside
    https://thehackernews.com/2026/07/study-of-281-free-android-vpn-apps.html

  • Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
    The Hacker News • 2026-07-10 03:30 • thehackernews.com
    A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks.

    The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that’s capable of targeting the passkey enrollment process. The
    https://thehackernews.com/2026/07/hackers-use-fake-microsoft-entra.html

  • "Comment stuffing" in an HTML phishing attachment as a mechanism for evading AI-based detection?, (Fri, Jul 10th)
    SANS ISC Diary (full) • 2026-07-10 02:09 • isc.sans.edu

    Anyone who deals with phishing messages caught by basic security filters knows that most phishing samples tend to blend into one another, since only a small set of techniques and approaches keeps reappearing in them. That is precisely why it is worth pausing on the occasional message that does something a little out of the ordinary.


    https://isc.sans.edu/diary/rss/33144

Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.

Written By

More From Author

You May Also Like