# Today's Top Stories

July 10, 2026

  1. 1
    0
    SecurityWeek general Jul 09
    15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google

    A 15-year-old Linux kernel vulnerability dubbed 'GhostLock', present in every major distribution since 2011, allows local privilege escalation to root. Google awarded researchers $92,000 for the discovery, underscoring the severity of a flaw that has been exploitable for over a decade across the entire Linux ecosystem.

  2. 2
    0
    The Hacker News general Jul 09
    Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

    Microsoft patched CVE-2026-50656 (CVSS 7.8), a privilege escalation flaw in the Microsoft Malware Protection Engine (mpengine.dll) dubbed 'RoguePlanet,' nearly a month after researcher NightmareEclipse published a public PoC. The fix was delivered as an out-of-band Malware Protection Engine update rather than a standard Patch Tuesday release, and a secondary patch issue may allow attackers to fill a target's hard disk.

  3. 3
    0
    The Hacker News general Jul 09
    GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

    Wiz researchers disclosed 'GhostApproval,' a symlink-based attack affecting six AI coding assistants — Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. A malicious repository can trick the agent into writing to sensitive system files while appearing to edit a harmless target, enabling arbitrary code execution on the developer's machine.

  4. 4
    0
    The Hacker News general Jul 09
    GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

    Symantec's Threat Hunter Team identified 'GodDamn' ransomware, first spotted in the wild on May 21, 2026, as a rebrand of Beast ransomware. It employs a Bring Your Own Vulnerable Driver (BYOVD) technique via the Microsoft co-signed PoisonX kernel driver to disable endpoint security software before encrypting targets, primarily in the United States.

  5. 5
    0
    SecurityWeek general Jul 09
    12 Million Impacted by Data Breach at Japanese Telco KDDI

    Japanese telco KDDI disclosed a data breach affecting approximately 12 million customers after attackers exploited a zero-day vulnerability in a third-party system to access a KDDI-operated ISP email platform. The breach is among the largest telecom incidents reported in Japan, exposing customer records at scale.

  6. 6
    0
    SecurityWeek general Jul 09
    Chrome 150 Update Patches 27 Vulnerabilities

    Google's Chrome 150 update resolves 27 vulnerabilities, including 13 use-after-free bugs and two critical-severity flaws discovered internally by Google. Security teams running Chrome at enterprise scale should prioritize rapid deployment given the high count of memory-safety issues, which are the most common vector for renderer exploitation.

  7. 7
    0
    The Hacker News general Jul 09
    New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware

    Microsoft analyzed a destructive Windows backdoor called GigaWiper that combines three distinct capabilities — full disk wiping, Windows drive overwriting, and fake ransomware that encrypts files with a key that is never saved — into a single operator-selectable toolkit. The modular design makes it highly flexible for destructive operations and complicates attribution.

  8. 8
    0
    CyberScoop general Jul 09
    Interpol cybercrime crackdown nets 5,800 arrests across 97 countries

    Interpol's Operation First Light resulted in 5,811 arrests across 97 countries, the seizure of $293 million in illicit assets, and the identification of more than 142,000 victims of social-engineering fraud schemes. The operation's scale reflects the growing global coordination in tackling cybercrime-enabled fraud networks.

  9. 9
    0
    SecurityWeek general Jul 09
    Palo Alto Networks Patches 13 Vulnerabilities

    Palo Alto Networks released patches addressing 13 vulnerabilities in PAN-OS, covering buffer overflows, denial-of-service, command injection, SSRF, and authentication bypass flaws. PAN-OS is widely deployed as a perimeter security platform, making these patches critical for organizations relying on it for network defense.

  10. 10
    0
    The Hacker News general Jul 09
    npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

    npm version 12 ships with install scripts disabled by default, requiring explicit opt-in via 'allowScripts,' and deprecates granular access tokens (GATs) that could bypass two-factor authentication. GitHub made the change to reduce supply chain attack surface following a series of high-profile malicious package incidents on the registry.