es
Feedback
TECHZONE™

TECHZONE™

Ir al canal en Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Mostrar más
593
Suscriptores
-124 horas
-17 días
-730 días
Archivo de publicaciones
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure https://thehackernews.com/2026/07/threat-actors-probe-gitea-docker-flaw.html Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More https://thehackernews.com/2026/07/monday-recap-proxy-botnets-browser.html A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions https://thehackernews.com/2026/07/how-to-evaluate-ai-soc-platform-in-2026.html Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation. Whether a platform will materially change outcomes for

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT https://thehackernews.com/2026/07/suspected-china-nexus-hackers-use-fake.html A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.

New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions https://thehackernews.com/2026/07/new-trojpix-attack-leaks-data-from-air.html Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode. But TrojPix works only once malware is already on the target machine, so it

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS https://thehackernews.com/2026/07/new-java-based-quimarat-maas-built-to.html Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for one month to $1,200 for lifetime access. Other subscription tiers include $300 for

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages https://thehackernews.com/2026/07/opera-gx-flaw-let-malicious-sites-auto.html Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit, with no click. Opera has patched the flaw and says it found no evidence that

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing https://thehackernews.com/2026/07/new-skillcloak-technique-lets-malicious.html Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested more than 90% of the time, and the same team built a runtime checker that catches most of the

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case https://thehackernews.com/2026/07/us-government-entity-paid-kairos-group.html A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos, but it may not be a ransomware gang at all. Krishnan found no sign that it ever locked a single

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign https://thehackernews.com/2026/07/north-korean-hackers-publish-108.html The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. "The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts,

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices https://thehackernews.com/2026/07/unpatched-flaws-disclosed-in-filesystem.html Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built on

Cyber readiness for SMBs: Getting the basics right https://www.welivesecurity.com/en/business-security/cyber-readiness-smbs-getting-basics-right/ AI is changing cybercrime, but SMB cyber readiness still largely depends on closing the familiar gaps

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android https://thehackernews.com/2026/07/new-bad-epoll-linux-kernel-flaw-lets.html A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos, recently found a different bug. The AI caught one flaw and missed

New Avalon Malware Framework Packs CrownX Ransomware Capabilities https://thehackernews.com/2026/07/new-avalon-malware-framework-packs.html Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets https://thehackernews.com/2026/07/north-korea-linked-npm-packages-mimic.html Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legitimate "rollup-plugin-polyfill-node" project, down to the description, repository metadata, and

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer https://thehackernews.com/2026/07/armored-likho-targets-government.html A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations," Kaspersky said in a technical analysis published today. "

European Parliament Member Investigating Spyware Was Hacked With Pegasus https://thehackernews.com/2026/07/european-parliament-member.html A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial surveillance tools in the bloc. "Through forensic analysis of his device, we found that the attackers could have had

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords https://thehackernews.com/2026/07/pamstealer-uses-fake-maccy-sites-and.html Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's pool of usable devices by millions. Google identifies NetNut, also tracked as Popa, as a network spread across home