Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

07/07/2026 0 Comments 0 tags

A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization’s private repositories, researchers at Noma Security have shown. The attacker needs only to open a

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

07/07/2026 0 Comments 0 tags

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July,

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

07/07/2026 0 Comments 0 tags

Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise. The one-click vulnerability

Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

07/07/2026 0 Comments 0 tags

U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft

What Changes When Your Software Supply Chain Includes AI Writing Your Code?

07/07/2026 0 Comments 0 tags

Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, “software supply chain security” meant one question: what’s in your code? Which open-source packages,

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

07/07/2026 0 Comments 0 tags

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign.

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

07/07/2026 0 Comments 0 tags

Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices’ web management interfaces,

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

07/07/2026 0 Comments 0 tags

BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

06/07/2026 0 Comments 0 tags

An Iranian hacking group affiliated with Iran’s Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations.

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

06/07/2026 0 Comments 0 tags

A use-after-free bug in Linux’s KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed ‘Januscape’ and