Breaking News – Cyber Threats (last 6h)
Generated: 2026-07-15 08:00 PDT
- We built a vulnerability vending machine: AI tokens in, zero-days out
BleepingComputer • 2026-07-15 07:01 • www.bleepingcomputer.com
Intruder built an AI-powered “vulnerability vending machine” that combines code slicing with LLMs to automatically discover complex software vulnerabilities. The company explains how the system found and exploited a previously unknown WordPress plugin zero-day, with additional discoveries already under responsible disclosure. […]
https://www.bleepingcomputer.com/news/security/we-built-a-vulnerability-vending-machine-ai-tokens-in-zero-days-out/ - Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
The Hacker News • 2026-07-15 06:18 • thehackernews.com
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published.The vulnerabilities are listed below –
CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component
CVE-2026-15719, a site isolation in the DOM: Navigation component“We are aware that exploit code for this is public, however we are not aware of
https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html - SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.
The Hacker News • 2026-07-15 04:50 • thehackernews.com
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up.Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned browser extensions, and autonomous agents. Employees routinely paste intellectual property into
https://thehackernews.com/2026/07/sase-has-ai-blind-spot-inspecting.html - Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday
The Hacker News • 2026-07-15 04:07 • thehackernews.com
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive.It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a core system component that manages user accounts and environments.
“The PoC requires
https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html - New Webinar: Closing the Approval Gap in AI-Era Ad Tech
The Hacker News • 2026-07-15 04:06 • thehackernews.com
A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages.This on-demand webinar reveals how this Approval Gap forms, and gives your team the blueprint to close it before an auditor, regulator, or attacker finds it first.
The Reality of the Approval Gap
It’s a pattern every
https://thehackernews.com/2026/07/new-webinar-closing-approval-gap-in-ai.html - A Video Screen That Is Also a Camera
Schneier on Security • 2026-07-15 04:04 • www.schneier.comResearchers from ETH Zurich in Switzerland, however, managed to create a new type of pixel that can simultaneously do both. This hypercharged pixel, called a Fourier pixel, can generate and sense arbitrary light fields and tap into a pixel’s full potential for carrying information by manipulating light’s intensity, oscillation phases, and polarization. The team reported its findings in a paper published yesterday in Nature.
We are o…
https://www.schneier.com/blog/archives/2026/07/a-video-screen-that-is-also-a-camera.html - Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
The Hacker News • 2026-07-15 03:55 • thehackernews.com
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute.Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open.
No prompt
https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html - OkoBot: new sophisticated malware framework targets cryptocurrency users
Securelist • 2026-07-15 03:00 • securelist.com
Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs TookPS, exfiltrates seed phrases, monitors Chromium-based browsers, and installs various malware strains, including the Rilide stealer.
https://securelist.com/okobot-framework-targets-cryptocurrency-wallets/120660/ - CISA warns admins to patch actively exploited SharePoint flaws
BleepingComputer • 2026-07-15 02:44 • www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting three vulnerabilities to hack Internet-exposed on-premises SharePoint Server instances. […]
https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-actively-exploited-sharepoint-flaws/ - Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware
The Hacker News • 2026-07-15 02:16 • thehackernews.com
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity.The affected packages are listed below –
@asyncapi/generator-helpers@1.1.1
@asyncapi/generator-components@0.7.1
@asyncapi/generator@3.3.1
@asyncapi/specs(v6.11.2, v6.11.2-alpha.1)“The
https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
