es
Feedback
Vulnerability News

Vulnerability News

Ir al canal en Telegram

Every day new posts about vulnerabilities and cybersecurity news. Get the latest news about the cyberspace! Group: @VulnerabilityNewsGroup

Mostrar más
5 023
Suscriptores
+724 horas
+317 días
+11930 días
Atraer Suscriptores
julio '26
julio '26
+33
en 0 canales
junio '26
+156
en 0 canales
Get PRO
mayo '26
+204
en 0 canales
Get PRO
abril '26
+187
en 0 canales
Get PRO
marzo '26
+254
en 0 canales
Get PRO
febrero '26
+116
en 0 canales
Get PRO
enero '26
+166
en 0 canales
Get PRO
diciembre '25
+134
en 0 canales
Get PRO
noviembre '25
+139
en 0 canales
Get PRO
octubre '25
+8
en 0 canales
Get PRO
septiembre '25
+12
en 0 canales
Get PRO
agosto '25
+13
en 0 canales
Get PRO
julio '25
+11
en 0 canales
Get PRO
junio '25
+12
en 0 canales
Get PRO
mayo '25
+18
en 1 canales
Get PRO
abril '25
+14
en 0 canales
Get PRO
marzo '25
+21
en 0 canales
Get PRO
febrero '25
+17
en 0 canales
Get PRO
enero '25
+15
en 1 canales
Get PRO
diciembre '24
+262
en 1 canales
Get PRO
noviembre '24
+206
en 1 canales
Get PRO
octubre '24
+166
en 0 canales
Get PRO
septiembre '24
+146
en 0 canales
Get PRO
agosto '24
+137
en 0 canales
Get PRO
julio '24
+96
en 1 canales
Get PRO
junio '24
+91
en 0 canales
Get PRO
mayo '24
+95
en 0 canales
Get PRO
abril '24
+104
en 0 canales
Get PRO
marzo '24
+149
en 0 canales
Get PRO
febrero '24
+279
en 0 canales
Get PRO
enero '24
+395
en 0 canales
Get PRO
diciembre '23
+327
en 0 canales
Get PRO
noviembre '23
+38
en 0 canales
Get PRO
octubre '23
+32
en 0 canales
Get PRO
septiembre '23
+47
en 0 canales
Get PRO
agosto '23
+53
en 0 canales
Get PRO
julio '23
+51
en 0 canales
Get PRO
junio '23
+42
en 0 canales
Get PRO
mayo '23
+43
en 0 canales
Get PRO
abril '23
+67
en 0 canales
Get PRO
marzo '23
+65
en 0 canales
Get PRO
febrero '23
+45
en 0 canales
Get PRO
enero '23
+67
en 0 canales
Get PRO
diciembre '22
+62
en 0 canales
Get PRO
noviembre '22
+71
en 0 canales
Get PRO
octubre '22
+70
en 0 canales
Get PRO
septiembre '22
+55
en 0 canales
Get PRO
agosto '22
+44
en 0 canales
Get PRO
julio '22
+54
en 0 canales
Get PRO
junio '22
+78
en 0 canales
Get PRO
mayo '22
+46
en 0 canales
Get PRO
abril '22
+77
en 0 canales
Get PRO
marzo '22
+105
en 0 canales
Get PRO
febrero '22
+48
en 0 canales
Get PRO
enero '22
+61
en 0 canales
Get PRO
diciembre '21
+99
en 0 canales
Get PRO
noviembre '21
+68
en 0 canales
Get PRO
octubre '21
+170
en 0 canales
Get PRO
septiembre '21
+72
en 0 canales
Get PRO
agosto '21
+104
en 0 canales
Get PRO
julio '21
+72
en 0 canales
Get PRO
junio '21
+292
en 0 canales
Get PRO
mayo '21
+1 344
en 0 canales
Fecha
Crecimiento de Suscriptores
Menciones
Canales
05 julio+7
04 julio+9
03 julio+10
02 julio+3
01 julio+4
Publicaciones del Canal
Flipper Zero firmware development continues with community help Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. [...] https://www.bleepingcomputer.com/news/security/flipper-zero-firmware-development-continues-with-community-help/

2
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. "The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts, https://thehackernews.com/2026/07/north-korean-hackers-publish-108.html
110
3
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos, but it may not be a ransomware gang at all. Krishnan found no sign that it ever locked a single https://thehackernews.com/2026/07/us-government-entity-paid-kairos-group.html
114
4
JadePuffer ransomware used AI agent to automate entire attack Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...] https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/
102
5
Malaysia's LHDN Tax Portal Data Offered for Sale, 10 Million Taxpayer Records Exposed A threat actor using the alias dezetat is advertising a database from Malaysia's Inland Revenue Board (LHDN / IRBM), taken from the MyTax portal, for $20,000. https://darkwebinformer.com/malaysias-lhdn-tax-portal-data-offered-for-sale-10-million-taxpayer-records-exposed/
136
6
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses. https://www.darkreading.com/cybersecurity-analytics/aussies-face-reduced-cybercrime-risk-pressure-shifts-smbs
116
7
Chinese LLMs Broaden the Gap Between Attackers & Defenders Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried? https://www.darkreading.com/cyber-risk/chinese-llms-broaden-gap-between-attackers-and-defenders
81
8
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to https://thehackernews.com/2026/07/pamstealer-uses-fake-maccy-sites-and.html
80
9
European Parliament Member Investigating Spyware Was Hacked With Pegasus A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial surveillance tools in the bloc. "Through forensic analysis of his device, we found that the attackers could have had https://thehackernews.com/2026/07/european-parliament-member.html
72
10
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations," Kaspersky said in a technical analysis published today. " https://thehackernews.com/2026/07/armored-likho-targets-government.html
49
11
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legitimate "rollup-plugin-polyfill-node" project, down to the description, repository metadata, and https://thehackernews.com/2026/07/north-korea-linked-npm-packages-mimic.html
40
12
New Avalon Malware Framework Packs CrownX Ransomware Capabilities Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one https://thehackernews.com/2026/07/new-avalon-malware-framework-packs.html
40
13
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos, recently found a different bug. The AI caught one flaw and missed https://thehackernews.com/2026/07/new-bad-epoll-linux-kernel-flaw-lets.html
34
14
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built on https://thehackernews.com/2026/07/unpatched-flaws-disclosed-in-filesystem.html
29
15
Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek. https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/
24
16
Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks. The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek. https://www.securityweek.com/google-fbi-disrupt-netnut-residential-proxy-network-powered-by-millions-of-devices/
34
17
Alleged Scattered Spider Hacker Extradited to US Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments. The post Alleged Scattered Spider Hacker Extradited to US appeared first on SecurityWeek. https://www.securityweek.com/alleged-scattered-spider-hacker-extradited-to-us/
22
18
Medtronic Data Breach Impacts 3.8 Million People In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information. The post Medtronic Data Breach Impacts 3.8 Million People appeared first on SecurityWeek. https://www.securityweek.com/medtronic-data-breach-impacts-3-8-million-people/
25
19
Agentic AI Used to Conduct Ransomware Attack via Langflow Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek. https://www.securityweek.com/agentic-ai-used-to-conduct-ransomware-attack-via-langflow/
26
20
In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting Noteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting. The post In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting appeared first on SecurityWeek. https://www.securityweek.com/in-other-news-canadian-hacker-jailed-open-source-zero-days-two-sentenced-for-atm-jackpotting/
26