Breaking News – Cyber Threats (last 6h)
Generated: 2026-07-17 17:00 PDT
- Google’s Gemini lets strangers send messages from your locked Android phone
Graham Cluley • 2026-07-17 15:30 • www.bitdefender.com
Gemini, Google’s AI assistant, is supposed to make life easier for Android smartphone owners. But right now it may also be making life easier for anyone anyone who happens to pick up your phone.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/googles-gemini-strangers-messages-locked-android-phone - New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
The Hacker News • 2026-07-17 14:20 • thehackernews.com
An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable.Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system.
Adam Kues at Assetnote, Searchlight Cyber’s attack surface management arm, found the flaw and reported
https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html - Friday Squid Blogging: Squid Washing Up on Cape Cod Beach
Schneier on Security • 2026-07-17 14:01 • www.schneier.comAs usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog moderation po…
https://www.schneier.com/blog/archives/2026/07/friday-squid-blogging-squid-washing-up-on-cape-cod-beach.html - Abbott probes two cyber incidents amid extortion claims
BleepingComputer • 2026-07-17 13:45 • www.bleepingcomputer.com
Abbott Laboratories is investigating two separate cybersecurity incidents after confirming unauthorized access to internal legacy Exact Sciences systems in its Cancer Diagnostics business, while also investigating a separate claim that attackers breached its LabCentral portal and stole company data. […]
https://www.bleepingcomputer.com/news/security/abbott-laboratories-probes-two-cyber-incidents-amid-extortion-claims/ - OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
The Hacker News • 2026-07-17 13:20 • thehackernews.com
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts.OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta’s Red Team, which reported the denial-of-service bug and named it, published the
https://thehackernews.com/2026/07/openssl-hollowbyte-flaw-could-freeze.html - Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
The Hacker News • 2026-07-17 11:54 • thehackernews.com
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack.The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an “unprecedented” four-tier blockchain-based command-and-control (C2) infrastructure spanning Tron,
https://thehackernews.com/2026/07/seven-malicious-vite-npm-packages-use.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
