# Today's Top Stories

July 11, 2026

  1. 1
    0
    The Hacker News general Jul 10
    URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

    Progress Software issued an urgent directive to ShareFile customers to shut down Windows servers running Storage Zone Controllers due to a 'credible external security threat,' temporarily disabling access to affected accounts. This is a critical action item for security teams managing on-premises ShareFile deployments, as the threat appears active and Progress has not yet released a patch, making immediate server shutdown the only mitigation.

  2. 2
    0
    BleepingComputer general Jul 10
    Progress urges ShareFile admins to shut down servers over “credible” threat

    Progress Software's ShareFile Storage Zone Controllers are under active threat, with Progress emailing administrators directly to shut down affected servers. Organizations running on-premises ShareFile infrastructure should treat this as an emergency given Progress Software's history with MOVEit (CVE-2023-34362) and its pattern of being targeted in mass exploitation campaigns.

  3. 3
    0
    The Hacker News general Jul 10
    Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

    A cybercrime crew tracked as WP-SHELLSTORM left an exposed server online for three weeks, revealing tools and target lists naming over 1.4 million WordPress sites, with confirmed backdoor installations across a subset of targets. The exposed server provided researchers a rare inside view of how mass WordPress compromise operations are structured and automated.

  4. 4
    0
    The Hacker News general Jul 10
    Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks

    Angelo Martino, a 41-year-old former ransomware negotiator at DigitalMint, was sentenced to 70 months in federal prison for conspiring with the BlackCat/ALPHV ransomware group, feeding confidential client information to attackers and helping extort $75.3 million from five U.S. victims. The case underscores insider threat risks within incident response firms and is the third U.S. cybersecurity professional sentenced for aiding ransomware gangs.

  5. 5
    0
    The Hacker News general Jul 10
    Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

    Okta-tracked threat actor O-UNC-066 is conducting vishing campaigns targeting Microsoft 365 users, directing victims to fake Microsoft Entra ID login pages to hijack passkey enrollment and gain persistent account access for data extortion. Security teams should alert helpdesks and review Entra ID passkey enrollment logs for anomalous activity, particularly unsolicited enrollment events following inbound phone calls.

  6. 6
    0
    BleepingComputer general Jul 10
    Hackers exploit critical auth bypass in Gitea Docker image

    Attackers are actively exploiting a critical authentication bypass vulnerability in the official Docker image for Gitea, the self-hosted Git service, allowing impersonation of any user including administrators. Organizations running Gitea via Docker should immediately verify their image version and apply patches, as active exploitation means exposed instances are at high risk of code repository compromise.

  7. 7
    0
    The Hacker News general Jul 10
    Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot

    Binarly researchers discovered six new vulnerabilities in U-Boot, the widely deployed open-source bootloader used in home routers, smart cameras, and server management chips — four causing crashes and two enabling arbitrary code execution via malicious boot images. Because U-Boot runs before the OS loads, successful exploitation can bypass all OS-level security controls and install persistent firmware-level malware.

  8. 8
    0
    The Hacker News general Jul 10
    Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets

    Security firm Coinspect disclosed the 'Ill Bloom' vulnerability affecting cryptocurrency wallet software that uses weak randomness during recovery phrase generation, enabling attackers to reconstruct phrases and drain wallets — with one confirmed coordinated sweep in May stealing $3.1 million. Wallet developers and users should audit RNG implementations and consider moving funds from any wallet generated with potentially weak entropy.

  9. 9
    0
    The Hacker News general Jul 10
    Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

    A study of 281 free Android VPN apps from Google Play found that apps with over 2.4 billion combined installs exhibit basic security failures: 29 apps leak user traffic outside the VPN tunnel, and others transmit unencrypted data or embed tracking SDKs. Security practitioners advising end users should treat free VPN apps as untrusted by default and reference this dataset when evaluating enterprise BYOD policies.

  10. 10
    0
    SecurityWeek general Jul 09
    Microsoft Patches Defender ‘RoguePlanet’ Vulnerability

    Microsoft patched the 'RoguePlanet' Windows Defender privilege escalation vulnerability tracked as CVE-2026-50656 via a Microsoft Malware Protection Engine update, after researcher 'Nightmare-Eclipse' published a proof-of-concept exploit in early June. The fix was delivered through the automatic MDE signature update mechanism, but security teams should verify that Defender engine updates have been applied on all endpoints, particularly in environments with restricted update policies.