Security News

• Prinz Eugen Ransomware Targets Recently Modified Files — A new ransomware called Prinz Eugen focuses on encrypting recent files without leaving a ransom note.
• Microsoft Connects Mastra AI Attack to North Korean Hackers — Microsoft attributes the Mastra AI supply chain attack to North Korean hackers.
• Klue Confirms OAuth Breach Linked to Icarus Hackers — Klue has confirmed a security breach involving stolen OAuth tokens linked to Icarus hackers.
• Vulnerability in Gravity SMTP WordPress Plugin Targeted by Hackers — A security flaw in the Gravity SMTP WordPress plugin is being exploited by hackers.
• Data Breach in Texas Exposes Personal Information of Over 3 Million — A data breach in Texas has compromised the personal information of over three million people.
• AI Agents as New Identities: A Governance Challenge for Organizations — AI agents are emerging as new identities within organizations, raising governance concerns.
• Cybersecurity Teams Facing Increased Challenges Amid AI Developments — CISOs report growing difficulties in cybersecurity roles due to evolving threats and AI, yet demand for expertise remains high.
• Webinar Discusses MFA Bypass Techniques and Defensive Strategies — A new webinar addresses how modern phishing tactics can compromise MFA and suggests AI solutions for defense.
• Gentlemen Ransomware Develops EDR Killers to Evade Detection — Gentlemen ransomware is enhancing its capabilities with tools to bypass security measures.
• GitHub Token Leak Highlights Risks in Software Development Security — A leaked GitHub token reveals critical flaws in secrets management within organizations.
• Operation Escaneo Highlights Evolving Threats in Latin America — A new threat group in Latin America merges opportunistic monetization with intelligence gathering.
• Nintendo Acknowledges Data Breach Involving TinyPulse Service — Nintendo has confirmed that survey data was stolen from the TinyPulse service, but its systems remain secure.
• OpenAI Trials ChatGPT Subscription for Scientific Applications — OpenAI is reportedly testing a new subscription service aimed at scientific use cases.
• Google to Utilize IP Addresses for Ad Personalization in UK and EU — Starting August 3, 2026, Google will use IP addresses from UK and EU users for ad personalization.
• INC Ransomware Grows by Targeting Vulnerable Sectors — INC ransomware is succeeding by focusing on sectors that feel immediate pressure to pay, such as healthcare.
• FortiBleed Data Leak Reveals VPN Credentials for Thousands of Devices — The FortiBleed leak has compromised VPN credentials for over 73,000 Fortinet devices.
• New Fileless Malware Targets Browser Credentials — A new fileless malware known as Phantom Stealer is designed to extract browser credentials.
• Experts Urge US to Lift Export Ban on AI Models Mythos and Fable — Security experts are calling for the US government to reverse export restrictions on AI models Mythos and Fable.
• Malicious Plugins on JetBrains Marketplace Target Developers' AI API Keys — Fifteen harmful plugins on JetBrains Marketplace have been identified as threats to developers' AI API keys.
• DOJ Takes Action Against Deepfake Sites CFAKE and SOCFAKE — The DOJ has seized two deepfake websites under the TAKE IT DOWN Act for hosting nonconsensual content.
• Vulnerability in SimpleHelp Allows Unauthorized Account Creation — A flaw in SimpleHelp software enables hackers to create unauthorized technician accounts.
• FBI Shuts Down Major AI-Driven Phishing Operation — The FBI has dismantled a large phishing service known as Outsider Enterprise, which used AI to target victims.
• Former IT Employee Sentenced for Cyberattacks on School District — An ex-IT worker from an Iowa school district received a 21-month prison sentence for cyberattacks.
• Chinese Cyber Attackers Compromise Authentication Systems for Ten Years — Chinese hackers have infiltrated an organization's authentication systems, maintaining access for a decade.
• US Government Directs Anthropic to Restrict Foreign Access to AI Models — The US government has mandated Anthropic to prevent foreign nationals from using its AI models.
• Hackers Exploit Oracle Vulnerability to Target Universities — A critical flaw in Oracle's ERP software has led to significant data breaches at universities.
• Maine Shuts Down Data Breach Notification Portal Due to Fraudulent Reports — Maine has temporarily disabled its data breach notification portal following fake disclosures.
• phpBB Addresses Long-Standing Authentication Bypass Vulnerability — phpBB has resolved a decade-old authentication bypass vulnerability that could allow unauthorized access.
• Ukrainian Man Admits Guilt in Conti Ransomware Case — A Ukrainian national has pleaded guilty to charges related to the Conti ransomware operation.
• Arch Linux Packages Compromised to Distribute Malware — Over 400 packages in the Arch User Repository have been found distributing a rootkit and infostealer.