Cybersecurity and other IT news aggregator
LATEST FEEDS
-
Two new high severity WordPress vulnerabilities, patch immediately!
Two new high severity WordPress vulnerabilities, patch immediately! 2026-07-18 at 17:57 By Help Net Security The 7.0.2 WordPress security release addresses one critical and one high severity security issue. The vulnerabilities reported to the WordPress security team include: CVE-2026-60137 – A facilitated SQL injection issue reported as a team by TF1T, dtro, and haongo CVE-2026-60137…
-
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code 2026-07-18 at 16:16 By Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it. An anonymous HTTP request can run…
-
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests 2026-07-18 at 16:16 By Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte…
-
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT 2026-07-18 at 16:16 By Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which…
-
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens 2026-07-18 at 16:16 By A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI,…
-
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft 2026-07-18 at 16:16 By Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group),…
-
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code 2026-07-18 at 02:12 By An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2…
-
FTX to distribute $900M to creditors in fifth payment round
FTX to distribute $900M to creditors in fifth payment round 2026-07-18 at 00:40 By Cointelegraph by Turner Wright The FTX Recovery Trust and company have distributed about $10 billion since the exchange filed for bankruptcy in November 2022, leaving users cut off from their funds. This article is an excerpt from Cointelegraph.com News View Original…
-
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests 2026-07-17 at 23:20 By Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte…
-
Galaxy lands 15-year Texas Tech stadium naming rights deal
Galaxy lands 15-year Texas Tech stadium naming rights deal 2026-07-17 at 23:03 By Cointelegraph by Nate Kostar Galaxy Digital will rename Texas Tech’s football stadium under a 15-year agreement, expanding its West Texas presence as the state attracts growing crypto investment. This article is an excerpt from Cointelegraph.com News View Original Source
-
Consensys unknowingly outsourced developer work to North Korean
Consensys unknowingly outsourced developer work to North Korean 2026-07-17 at 22:33 By Cointelegraph by Turner Wright Through an introduction with a “reputable third-party service provider,“ the company took on a developer who, as part of an investigation, was revealed to be tied to North Korea. This article is an excerpt from Cointelegraph.com News View Original…
-
Crypto Biz: When dollars disappear, stablecoins step in
Crypto Biz: When dollars disappear, stablecoins step in 2026-07-17 at 22:23 By Cointelegraph by Sam Bourgi Bolivia moves to recognize USDT amid a dollar shortage, while Bitcoin miners’ AI ambitions face fresh investor scrutiny. This article is an excerpt from Cointelegraph.com News View Original Source
-
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT 2026-07-17 at 21:54 By Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which…
-
Judge won’t block Meta from axing workers who filed AI discrimination lawsuit
Judge won’t block Meta from axing workers who filed AI discrimination lawsuit 2026-07-17 at 21:53 By Reuters Dozens of employees claimed that they were targeted for job cuts by the company’s AI-powered tools because they have disabilities or took medical leave. This article is an excerpt from Latest Technology News | New York Post View…
-
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images 2026-07-17 at 20:32 By North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. “Any user who ran the…
-
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens 2026-07-17 at 20:12 By A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI,…
-
OKX Europe lets users convert USDT to MiCA-compliant USDC
OKX Europe lets users convert USDT to MiCA-compliant USDC 2026-07-17 at 19:54 By Cointelegraph by Nate Kostar The feature offers European customers a voluntary path away from Tether’s USDT as MiCA rules reshape the region’s stablecoin market. This article is an excerpt from Cointelegraph.com News View Original Source
-
Senator Warren requests 2026 reporting for Trump’s crypto earnings after $1.4B disclosure
Senator Warren requests 2026 reporting for Trump’s crypto earnings after $1.4B disclosure 2026-07-17 at 19:48 By Cointelegraph by Turner Wright With the Senate likely voting on a crypto bill within days, Elizabeth Warren asked for information on Donald Trump’s earnings between January and July ahead of a 2027 deadline. This article is an excerpt from…
-
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft 2026-07-17 at 19:39 By Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group),…
-
Protecting the Cloud Starts at the Perimeter
Protecting the Cloud Starts at the Perimeter 2026-07-17 at 19:00 By Physical and digital security can no longer be treated as separate conversations. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source
-
Apple races past Nvidia to reclaim crown as world’s most valuable company
Apple races past Nvidia to reclaim crown as world’s most valuable company 2026-07-17 at 18:12 By Reuters Apple is reclaiming the top spot for the first time since April last year. This article is an excerpt from Latest Technology News | New York Post View Original Source
-
Chinese AI firm Moonshot unveils powerful model with capabilities close to Anthropic, OpenAI
Chinese AI firm Moonshot unveils powerful model with capabilities close to Anthropic, OpenAI 2026-07-17 at 17:59 By Thomas Barrabi Dubbed Kimi K3, the large language model was trained on a massive 2.8 trillion parameters – the kernels of data that determine its responses to user questions, according to Moonshot. That would make it one of…
-
Bitcoin price sags under $62.5K as Iran strikes add to US stocks pressure
Bitcoin price sags under $62.5K as Iran strikes add to US stocks pressure 2026-07-17 at 17:37 By Cointelegraph by William Suberg Bitcoin saw a key rejection at local highs before reversing lower, moving with stocks for a second day as US-Iran war downside took its toll. This article is an excerpt from Cointelegraph.com News View…
-
In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint
In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint 2026-07-17 at 17:27 By SecurityWeek News Noteworthy stories that might have slipped under the radar: OpenClaw AI agents exploited via WhatsApp, ransomware hits naval defense firm TKMS, Lidl discloses data breach. The post In Other News: Iran Tracks US Military Phones, CrashStealer…
-
Still Circling: Blind Eagle’s Toolkit Keeps Evolving
Still Circling: Blind Eagle’s Toolkit Keeps Evolving 2026-07-17 at 16:57 By Serhii Melnyk In June 2025, LevelBlue SpiderLabs published Tracing Blind Eagle to Proton66, in which we assessed with high confidence that Blind Eagle (also tracked as APT-C-36, APT-Q-98, TAG-144, AguilaCiega), a threat actor focused on Latin America, had moved part of its VBScript delivery…
-
HSBC wins Bank of England approval to enter digital securities sandbox
HSBC wins Bank of England approval to enter digital securities sandbox 2026-07-17 at 16:54 By Cointelegraph by Helen Partz The Bank of England approved HSBC Orion to go live in its Digital Securities Sandbox, with the first Digital Gilt Instrument transaction expected in the first quarter of 2027. This article is an excerpt from Cointelegraph.com…
-
SBI acquires Singaporean crypto platform Coinhako after MAS approval
SBI acquires Singaporean crypto platform Coinhako after MAS approval 2026-07-17 at 16:30 By Cointelegraph by Zoltan Vardai SBI Holdings received regulatory approval to acquire a majority stake in Singapore-based crypto exchange Coinhako as it expands into stablecoins, onchain finance and tokenized assets. This article is an excerpt from Cointelegraph.com News View Original Source
-
The British Virgin Islands are a top crypto hub no one ever talks about: Here’s why
The British Virgin Islands are a top crypto hub no one ever talks about: Here’s why 2026-07-17 at 16:30 By Cointelegraph by Christina Comben Kraken, Bitstamp, 1inch and Bitfinex have all set up shop in the British Virgin Islands — but you might find it tricky to book an on-site meeting with one of their…
-
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files 2026-07-17 at 15:52 By ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone…
-
New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage
New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage 2026-07-17 at 15:52 By Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky,…
-
Spirals ransomware locks down victim systems in under 24 hours
Spirals ransomware locks down victim systems in under 24 hours 2026-07-17 at 15:25 By Sinisa Markovic A previously unknown ransomware strain called Spirals was used last month in an attack against an IT services company in South Asia, where attackers went from initial access to data theft and encrypting the network in less than 24…
-
Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive
Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive 2026-07-17 at 15:11 By SecurityWeek News (Video) Artificial intelligence is transforming cybersecurity, but are governance, compliance, and security practices evolving fast enough to keep up? The post Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive appeared first on SecurityWeek. This article is an…
-
E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants
E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants 2026-07-17 at 14:44 By The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display…
-
Beacon Security Raises $13 Million for Security Data Platform
Beacon Security Raises $13 Million for Security Data Platform 2026-07-17 at 14:43 By Ionut Arghire The startup helps organizations detect, hunt, and protect their assets across environments at machine speed. The post Beacon Security Raises $13 Million for Security Data Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
-
The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?
The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace? 2026-07-17 at 14:30 By Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding programs…
-
Industry Reactions to Pentagon Suspending CMMC Phase 2: Feedback Friday
Industry Reactions to Pentagon Suspending CMMC Phase 2: Feedback Friday 2026-07-17 at 14:08 By SecurityWeek News Industry professionals broadly agree that the suspension pauses third-party CMMC audits but not the underlying legal obligation to protect CUI. The post Industry Reactions to Pentagon Suspending CMMC Phase 2: Feedback Friday appeared first on SecurityWeek. This article is…
-
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man 2026-07-17 at 13:53 By Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that…
-
Bitcoin bottom countdown nears 50 days after BTC supply in loss passed 50%
Bitcoin bottom countdown nears 50 days after BTC supply in loss passed 50% 2026-07-17 at 12:51 By Cointelegraph by William Suberg Bitcoin supply in loss hit 50% nearly 50 days ago, mimicking the countdown to BTC price bear-market bottoms. This article is an excerpt from Cointelegraph.com News View Original Source
-
US indicts crypto investor over alleged $20M fraud scheme
US indicts crypto investor over alleged $20M fraud scheme 2026-07-17 at 12:25 By Cointelegraph by Yohan Yun Federal prosecutors allege the South Dakota investor used false promises to raise money, repaid earlier investors with new funds and laundered proceeds through crypto exchanges. This article is an excerpt from Cointelegraph.com News View Original Source
-
Claude can now sign into websites with 1Password without exposing your credentials
Claude can now sign into websites with 1Password without exposing your credentials 2026-07-17 at 12:17 By Anamarija Pogorelec 1Password has introduced 1Password for Claude, a beta integration that lets Anthropic’s AI assistant complete browser tasks requiring authentication without accessing users’ passwords or other secrets. The integration is available to paid Claude subscribers (Pro, Max, Team,…
-
Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei
Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei 2026-07-17 at 12:06 By Ionut Arghire The company disconnected its systems on July 13 and is starting to gradually restore operations. The post Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
-
MacOS malware hijacks Telegram sessions, targets crypto wallets: SlowMist
MacOS malware hijacks Telegram sessions, targets crypto wallets: SlowMist 2026-07-17 at 11:48 By Cointelegraph by Zoltan Vardai A macOS malware steals credentials to hijack Telegram sessions, decrypt cryptocurrency wallets or trick users into entering their wallet recovery phrases through fake applications. This article is an excerpt from Cointelegraph.com News View Original Source
-
Risk Ledger Raises $32 Million in Series B Funding
Risk Ledger Raises $32 Million in Series B Funding 2026-07-17 at 11:31 By Ionut Arghire The British firm has built a collaborative platform to help organizations address supply chain security risks. The post Risk Ledger Raises $32 Million in Series B Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original…
-
Ransomware attack halts Coca-Cola’s Fairlife US milk production
Ransomware attack halts Coca-Cola’s Fairlife US milk production 2026-07-17 at 11:04 By Sinisa Markovic A ransomware attack has stopped milk production at Fairlife, the Coca-Cola dairy brand known for its high-protein milk, protein shakes, and nutrition drinks. Coca-Cola disclosed the incident on July 16, 2026, in a Form 8-K filed with the U.S. Securities and…
-
The script, not the voice, is what makes AI voice phishing work
The script, not the voice, is what makes AI voice phishing work 2026-07-17 at 10:31 By Sinisa Markovic The call comes in at 4:40 on a Friday. The voice belongs to a senior manager, or sounds close enough, and she needs a password reset before a flight. She is polite, she is in a hurry,…
-
Bitcoin ETFs add $368M in three-day buying streak
Bitcoin ETFs add $368M in three-day buying streak 2026-07-17 at 10:23 By Cointelegraph by Helen Partz US spot Bitcoin ETFs attracted $79.2 million on Thursday, lifting their three-day inflow total to about $368 million as Bitcoin attempted a price recovery. This article is an excerpt from Cointelegraph.com News View Original Source
-
Fresh SharePoint Vulnerability Exploited Soon After Disclosure
Fresh SharePoint Vulnerability Exploited Soon After Disclosure 2026-07-17 at 10:15 By Ionut Arghire The critical-severity security defect allows remote, authenticated attackers to execute arbitrary code on the server. The post Fresh SharePoint Vulnerability Exploited Soon After Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
-
Business Information Security Officer: What Is This Role?
Business Information Security Officer: What Is This Role? 2026-07-17 at 10:00 By Here, Chris Bonavita, VP Strategy and Technology Adoption at GTT, discusses the emergence and benefits of the Business Information Security Officer (BISO). This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source
-
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV 2026-07-17 at 09:42 By The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026.…
Browse older archives
- July 2026
- June 2026
- May 2026
- April 2026
- March 2026
- February 2026
- January 2026
- December 2025
- November 2025
- October 2025
- September 2025
- August 2025
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023