Latest Cybersecurity News and Articles
10 July 2026
A Go module is used to load PowerShell code that fetches a resolver from public dead drops to execute Windows malware.
The post Network of 200 GitHub Repositories Used for Malware Infection appeared first on SecurityWeek.
09 July 2026
Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API.
"Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub 'ghost' accounts that are often years old, or compromised OAuth tokens and personal
09 July 2026
Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from.
Each is a different way to break a machine: wipe the whole disk, overwrite the Windows drive, or run fake "ransomware" that scrambles files with a key it never saves
09 July 2026
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).
The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in -
allowScripts defaults to off, meaning
09 July 2026
Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it.
This week is full of that kind of damage. Not loud. Not clever. Just small gaps doing big jobs. The worst part is how normal it all looks until the bill arrives.
The full ThreatsDay list is below.
Global
09 July 2026
The Israeli company has developed a cryptographic posture and post-quantum cryptography management platform.
The post QIZ Security Raises $17 Million for Cryptographic Governance Platform appeared first on SecurityWeek.
09 July 2026
Two announcements on July 7, 2026, demonstrate the government’s determination to improve the level of cybersecurity within the UK.
The post UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge appeared first on SecurityWeek.
09 July 2026
Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software.
The post Palo Alto Networks Patches 13 Vulnerabilities appeared first on SecurityWeek.
09 July 2026
AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write tailored bait, pick targets, test what lands, and jump to the next host before your team clears the first alert.
That is the gap, and it is not your fault. The tools and runbooks most teams run on were built for attackers who work at human speed. AI-driven
09 July 2026
Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.
The post 12 Million Impacted by Data Breach at Japanese Telco KDDI appeared first on SecurityWeek.
09 July 2026
Affecting every major distribution since 2011, the Linux kernel vulnerability allows attackers to gain root access.
The post 15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google appeared first on SecurityWeek.
09 July 2026
Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it — built quietly months earlier, heads down, taking findings and shipping fixes, because customers kept asking us to. We only announced it now because everyone else started announcing theirs,
09 July 2026
Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy.
According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first publicly spotted in the wild on May 21, 2026. It's assessed to be a rebrand of the Beast ransomware,
09 July 2026
The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update.
The post Microsoft Patches Defender ‘RoguePlanet’ Vulnerability appeared first on SecurityWeek.
09 July 2026
Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.
The post Mount Royal University Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek.
09 July 2026
Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.
The post AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique appeared first on SecurityWeek.
09 July 2026
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public.
The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and
09 July 2026
The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google.
The post Chrome 150 Update Patches 27 Vulnerabilities appeared first on SecurityWeek.
09 July 2026
Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it's enabled by default.
"You can also @-mention Instagram accounts in the Meta AI app to bring specific Instagram profiles right into your images," the social media giant said in a post.
"Whether you want to design a custom event invitation
09 July 2026
The Spanish startup has closed an extended pre-seed funding round two months after launching its digital identity protection platform.
The post 8Layers Raises $2.9 Million for Identity Security Platform appeared first on SecurityWeek.