Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

16/07/2026 0 Comments 0 tags

Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories

16/07/2026 0 Comments 0 tags

A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

16/07/2026 0 Comments 0 tags

n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

16/07/2026 0 Comments 0 tags

ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

16/07/2026 0 Comments 0 tags

Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight,

Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

16/07/2026 0 Comments 0 tags

An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig.

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

16/07/2026 0 Comments 0 tags

Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click “Buy Now” instead. Ask a coding assistant to apply

20+ Hijacked Government Websites Became
an Attack Channel

16/07/2026 0 Comments 0 tags

More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and

Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

16/07/2026 0 Comments 0 tags

Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people’s Shark vacuums across the same AWS region: watch the

AI Can Find Bugs, But Human Knowledge Still Proves Them

16/07/2026 0 Comments 0 tags

Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can