TECHZONE™
Kanalga Telegram’da o‘tish
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Ko'proq ko'rsatish595
Obunachilar
Ma'lumot yo'q24 soatlar
-17 kunlar
-1030 kunlar
Postlar arxiv
595
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
https://thehackernews.com/2026/07/us-government-entity-paid-kairos-group.html
A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left.
The odd part: the group that took the money calls itself Kairos, but it may not be a ransomware gang at all. Krishnan found no sign that it ever locked a single
595
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
https://thehackernews.com/2026/07/north-korean-hackers-publish-108.html
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider.
"The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts,
595
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
https://thehackernews.com/2026/07/unpatched-flaws-disclosed-in-filesystem.html
Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards.
The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built on
595
Cyber readiness for SMBs: Getting the basics right
https://www.welivesecurity.com/en/business-security/cyber-readiness-smbs-getting-basics-right/
AI is changing cybercrime, but SMB cyber readiness still largely depends on closing the familiar gaps
595
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
https://thehackernews.com/2026/07/new-bad-epoll-linux-kernel-flaw-lets.html
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out.
Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos, recently found a different bug.
The AI caught one flaw and missed
595
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
https://thehackernews.com/2026/07/new-avalon-malware-framework-packs.html
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls.
Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one
595
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
https://thehackernews.com/2026/07/north-korea-linked-npm-packages-mimic.html
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft.
According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legitimate "rollup-plugin-polyfill-node" project, down to the description, repository metadata, and
595
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
https://thehackernews.com/2026/07/armored-likho-targets-government.html
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan.
"Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations," Kaspersky said in a technical analysis published today. "
595
European Parliament Member Investigating Spyware Was Hacked With Pegasus
https://thehackernews.com/2026/07/european-parliament-member.html
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial surveillance tools in the bloc.
"Through forensic analysis of his device, we found that the attackers could have had
595
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
https://thehackernews.com/2026/07/pamstealer-uses-fake-maccy-sites-and.html
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data.
The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to
595
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html
Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic.
Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's pool of usable devices by millions.
Google identifies NetNut, also tracked as Popa, as a network spread across home
595
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.
"Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
595
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
https://thehackernews.com/2026/07/threatsday-ai-compute-hijacking-apple.html
This week’s security news is mostly about weak spots.
Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through.
This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runs
595
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
https://thehackernews.com/2026/07/toddycat-linked-umbrij-malware-abuses.html
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API.
"In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs," Kaspersky said in a detailed report published this week. "
595
Identity Lifecycle Management Wasn't Built for AI Agents
https://thehackernews.com/2026/07/identity-lifecycle-management.html
Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren't designed to detect. This guide covers where that model breaks, what it
595
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent.
Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company's production database.
Ransomware has always
595
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
https://thehackernews.com/2026/07/fortibleed-credential-theft-linked-to.html
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions.
"An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment
595
New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs.
Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack and
595
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue
595
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port.
Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers in
Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
