News

The Hacker News
thehackernews. com > 2026 > 07 > what-changes-when-your-software-supply. html

What Changes When Your Software Supply Chain Includes AI Writing Your Code?

2+ hour, 55+ min ago  (378+ words) Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody…...

Symbols: btc-usd
The Hacker News
thehackernews. com > 2026 > 07 > suspected-china-aligned-hackers-exploit. html

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

5+ hour, 7+ min ago  (789+ words) A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U. S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in…...

The Hacker News
thehackernews. com > 2026 > 07 > certcc-warns-of-hidden-admin-backdoor. html

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

6+ hour, 56+ min ago  (269+ words) Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can…...

Symbols: dlink.sh
The Hacker News
thehackernews. com > 2026 > 07 > beyondtrust-patches-critical-auth. html

Beyond Trust Patches Critical Auth Bypass Flaws in Remote Support and PRA

8+ hour, 46+ min ago  (257+ words) Beyond Trust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below…...

Symbols: cwe-78,cwe-89
The Hacker News
thehackernews. com > 2026 > 07 > iran-linked-hackers-use-new-cavern-c2. html

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

19+ hour, 46+ min ago  (374+ words) An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors,…...

The Hacker News
thehackernews. com > 2026 > 07 > threat-actors-probe-gitea-docker-flaw. html

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

20+ hour, 48+ min ago  (358+ words) Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9. 8), a vulnerability that stems from the Dev Ops platform trusting the…...

Symbols: cwe-77
The Hacker News
thehackernews. com > 2026 > 07 > monday-recap-proxy-botnets-browser. html

" Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake Po C Malware and More

1+ day, 55+ min ago  (251+ words) A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became…...

The Hacker News
thehackernews. com > 2026 > 07 > how-to-evaluate-ai-soc-platform-in-2026. html

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions

1+ day, 2+ hour ago  (378+ words) Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy…...

Symbols: btc-usd,nasdaq:nvda
The Hacker News
thehackernews. com > 2026 > 07 > suspected-china-nexus-hackers-use-fake. html

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy Dc RAT

1+ day, 3+ hour ago  (553+ words) A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation Dragon Return by…...

The Hacker News
thehackernews. com > 2026 > 07 > new-skillcloak-technique-lets-malicious. html

Skill Cloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

1+ day, 7+ hour ago  (1089+ words) Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a'new study'from researchers at the Hong Kong University of Science and Technology. Their strongest…...

Symbols: btc-usd,eth-usd,cwe-80,lloy.l,shel.l,0dp9.il