# Today's Top Stories
July 10, 2026
-
1SecurityWeek general Jul 0915-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google
A 15-year-old Linux kernel vulnerability dubbed 'GhostLock', present in every major distribution since 2011, allows local privilege escalation to root. Google awarded researchers $92,000 for the discovery, underscoring the severity of a flaw that has been exploitable for over a decade across the entire Linux ecosystem.
-
2The Hacker News general Jul 09Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
Microsoft patched CVE-2026-50656 (CVSS 7.8), a privilege escalation flaw in the Microsoft Malware Protection Engine (mpengine.dll) dubbed 'RoguePlanet,' nearly a month after researcher NightmareEclipse published a public PoC. The fix was delivered as an out-of-band Malware Protection Engine update rather than a standard Patch Tuesday release, and a secondary patch issue may allow attackers to fill a target's hard disk.
-
3The Hacker News general Jul 09GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Wiz researchers disclosed 'GhostApproval,' a symlink-based attack affecting six AI coding assistants — Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. A malicious repository can trick the agent into writing to sensitive system files while appearing to edit a harmless target, enabling arbitrary code execution on the developer's machine.
-
4The Hacker News general Jul 09GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
Symantec's Threat Hunter Team identified 'GodDamn' ransomware, first spotted in the wild on May 21, 2026, as a rebrand of Beast ransomware. It employs a Bring Your Own Vulnerable Driver (BYOVD) technique via the Microsoft co-signed PoisonX kernel driver to disable endpoint security software before encrypting targets, primarily in the United States.
-
5SecurityWeek general Jul 0912 Million Impacted by Data Breach at Japanese Telco KDDI
Japanese telco KDDI disclosed a data breach affecting approximately 12 million customers after attackers exploited a zero-day vulnerability in a third-party system to access a KDDI-operated ISP email platform. The breach is among the largest telecom incidents reported in Japan, exposing customer records at scale.
-
ADSponsoredProtect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected → -
6SecurityWeek general Jul 09Chrome 150 Update Patches 27 Vulnerabilities
Google's Chrome 150 update resolves 27 vulnerabilities, including 13 use-after-free bugs and two critical-severity flaws discovered internally by Google. Security teams running Chrome at enterprise scale should prioritize rapid deployment given the high count of memory-safety issues, which are the most common vector for renderer exploitation.
-
7The Hacker News general Jul 09New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
Microsoft analyzed a destructive Windows backdoor called GigaWiper that combines three distinct capabilities — full disk wiping, Windows drive overwriting, and fake ransomware that encrypts files with a key that is never saved — into a single operator-selectable toolkit. The modular design makes it highly flexible for destructive operations and complicates attribution.
-
8CyberScoop general Jul 09Interpol cybercrime crackdown nets 5,800 arrests across 97 countries
Interpol's Operation First Light resulted in 5,811 arrests across 97 countries, the seizure of $293 million in illicit assets, and the identification of more than 142,000 victims of social-engineering fraud schemes. The operation's scale reflects the growing global coordination in tackling cybercrime-enabled fraud networks.
-
9SecurityWeek general Jul 09Palo Alto Networks Patches 13 Vulnerabilities
Palo Alto Networks released patches addressing 13 vulnerabilities in PAN-OS, covering buffer overflows, denial-of-service, command injection, SSRF, and authentication bypass flaws. PAN-OS is widely deployed as a perimeter security platform, making these patches critical for organizations relying on it for network defense.
-
10The Hacker News general Jul 09npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
npm version 12 ships with install scripts disabled by default, requiring explicit opt-in via 'allowScripts,' and deprecates granular access tokens (GATs) that could bypass two-factor authentication. GitHub made the change to reduce supply chain attack surface following a series of high-profile malicious package incidents on the registry.