TECHZONE™
Ir al canal en Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Mostrar más593
Suscriptores
Sin datos24 horas
-27 días
-830 días
Archivo de publicaciones
593
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched.
The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no network
593
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerabilities are listed below -
CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of the
593
RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
https://thehackernews.com/2026/07/redwing-maas-packages-android-bank.html
A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim's phone, steal their banking logins, and capture the one-time codes that protect their accounts.
Zimperium's zLabs, which found the operation, says it looks like a new variant of Oblivion, a $300-a-month rent-a-malware tool
593
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html
A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project.
From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password.
Security firm Varonis found it
593
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC.
"The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the legitimate Microsoft device login experience,
593
Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown.
The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones
593
Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
https://thehackernews.com/2026/07/court-filing-reveals-windows-device-id.html
U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint.
Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025 intrusion, then to online accounts prosecutors say belong to 19-year-old Peter Stokes.
Stokes is
593
Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants
https://thehackernews.com/2026/07/writer-ai-flaw-could-let-agent-previews.html
Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise.
The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team.
"An outsider could go from having no access to taking over any Writer AI
593
What Changes When Your Software Supply Chain Includes AI Writing Your Code?
https://thehackernews.com/2026/07/what-changes-when-your-software-supply.html
Software supply chain security was hard enough. Then AI joined the build pipeline.
For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody chose on purpose?
SolarWinds, Log4Shell, and XZ Utils all taught the same lesson: the risk lives less in the code a
593
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign.
The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials,
593
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
https://thehackernews.com/2026/07/certcc-warns-of-hidden-admin-backdoor.html
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday.
"An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process
593
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
https://thehackernews.com/2026/07/beyondtrust-patches-critical-auth.html
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices.
The vulnerabilities are listed below -
CVE-2026-40138 (CVSS score: 9.2) - A pre-authentication vulnerability exists in the
593
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
https://thehackernews.com/2026/07/iran-linked-hackers-use-new-cavern-c2.html
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations.
The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research
593
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it.
Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit
593
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
https://thehackernews.com/2026/07/threat-actors-probe-gitea-docker-flaw.html
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig.
The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated
593
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
https://thehackernews.com/2026/07/monday-recap-proxy-botnets-browser.html
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary.
Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust
593
How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
https://thehackernews.com/2026/07/how-to-evaluate-ai-soc-platform-in-2026.html
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation.
Whether a platform will materially change outcomes for
593
Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
https://thehackernews.com/2026/07/suspected-china-nexus-hackers-use-fake.html
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts.
The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.
593
New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
https://thehackernews.com/2026/07/new-trojpix-attack-leaks-data-from-air.html
Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode.
But TrojPix works only once malware is already on the target machine, so it
593
New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
https://thehackernews.com/2026/07/new-java-based-quimarat-maas-built-to.html
Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments.
According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for one month to $1,200 for lifetime access. Other subscription tiers include $300 for
