# Archive

Browse past daily curated stories

Jul 01 Jun 30 Jun 27 Jun 26 Jun 25 Jun 24 Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26

Wednesday, July 01, 2026

  1. 1
    0
    BleepingComputer general
    CISA: Windows BlueHammer flaw now exploited by ransomware gangs

    CISA confirmed ransomware gangs are actively exploiting CVE-2026-33825, a Microsoft Defender privilege escalation vulnerability dubbed BlueHammer, which had previously been used as a zero-day before patches were released. The addition to CISA's Known Exploited Vulnerabilities catalog obligates federal agencies to patch and signals urgent priority for enterprise defenders running Windows endpoints.

  2. 2
    0
    The Hacker News general
    Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

    An unknown threat actor is exploiting CVE-2026-48558 (CVSS 10.0), a critical authentication bypass in SimpleHelp's OIDC flow, to deploy two previously undocumented malware families: TaskWeaver and the Djinn Stealer, which targets cloud, AI, SSH keys, and cryptocurrency wallet credentials. The CVSS-perfect score and focus on developer/admin credential theft make this a high-priority patch for any organization running SimpleHelp remote access software.

  3. 3
    0
    The Hacker News general
    Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

    CVE-2026-46817 (CVSS 9.8), an improper privilege management and authentication flaw in Oracle E-Business Suite's Payments module, is now being actively exploited in the wild according to Defused Cyber, allowing unauthenticated attackers to fully take over vulnerable instances. Organizations running Oracle E-Business Suite should treat this as an emergency patch given the ease of exploitation and active in-the-wild abuse.

  4. 4
    0
    The Hacker News general
    Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

    Apple's June 30 security update for iOS, macOS, and Safari patches over 30 vulnerabilities, including four WebKit memory corruption bugs (e.g., CVE-2026-43707) that were discovered using AI tools including Anthropic Claude and OpenAI Codex Security — a notable first for AI-assisted vulnerability research reaching production patches. Security teams managing Apple fleets should prioritize deployment given WebKit's attack surface via browser-based exploitation.

  5. 5
    0
    The Record threat-intel
    US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp

    The U.S. State Department is offering a $10 million reward for information on Russia-linked hacking groups UNC5792 and UNC4221, which have conducted an ongoing campaign since at least March targeting Signal and WhatsApp accounts of government officials through social engineering. The reward signals the campaign's severity and the groups' continued focus on compromising encrypted messaging platforms used by high-value targets.

  6. 6
    0
    SecurityWeek general
    Aflac Japan Data Breach Impacts 4.38 Million

    Aflac Japan suffered a data breach between June 15–25, 2026, with attackers accessing its policyholder portal and stealing personal and bank account data belonging to 4.38 million individuals. The breach at a major insurance subsidiary exposes a large volume of financially sensitive PII, raising significant regulatory and identity fraud concerns for affected policyholders.

  7. 7
    0
    SecurityWeek general
    Supreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users’ Location History

    The U.S. Supreme Court ruled in the Chatrie case that cellphone location history obtained via geofence warrants is protected by the Fourth Amendment, requiring law enforcement to obtain a warrant before requesting such data. While the ruling stops short of declaring all geofence warrants unconstitutional, it significantly restricts a surveillance technique used in hundreds of criminal investigations and has direct implications for digital privacy law.

  8. 8
    0
    The Hacker News general
    New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials

    Security firm LayerX demonstrated the 'BioShocking' prompt injection technique against six AI browsers and assistants — including OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension — tricking them into exfiltrating user credentials by framing malicious actions as part of a fictional scenario. The research exposes a systemic guardrail bypass in agentic AI tools that have direct access to authenticated sessions.

  9. 9
    0
    SecurityWeek general
    Nissan Employee Data Breached in Oracle PeopleSoft Hack

    Nissan employee data was confirmed stolen as part of the broader Oracle PeopleSoft exploitation campaign attributed to ShinyHunters, which targeted approximately 100 organizations — though only a handful have been publicly confirmed so far. The campaign exploited a zero-day in PeopleSoft, and the scale of unconfirmed victims suggests the full impact has yet to be disclosed.

  10. 10
    0
    The Hacker News general
    GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

    Adversa AI's GuardFall research found that decades-old Bash shell injection techniques bypass the safety guardrails of 10 out of 11 popular open-source AI coding and computer-use agents tested, including all but the 'Continue' agent. This exposes a systemic supply chain attack surface where malicious repositories can hijack AI coding agents without any novel exploitation, purely through classic shell metacharacter abuse.