# Archive
Browse past daily curated stories
Friday, July 10, 2026
-
1SecurityWeek general15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google
A 15-year-old Linux kernel vulnerability dubbed 'GhostLock', present in every major distribution since 2011, allows local privilege escalation to root. Google awarded researchers $92,000 for the discovery, underscoring the severity of a flaw that has been exploitable for over a decade across the entire Linux ecosystem.
-
2The Hacker News generalMicrosoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
Microsoft patched CVE-2026-50656 (CVSS 7.8), a privilege escalation flaw in the Microsoft Malware Protection Engine (mpengine.dll) dubbed 'RoguePlanet,' nearly a month after researcher NightmareEclipse published a public PoC. The fix was delivered as an out-of-band Malware Protection Engine update rather than a standard Patch Tuesday release, and a secondary patch issue may allow attackers to fill a target's hard disk.
-
3The Hacker News generalGhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Wiz researchers disclosed 'GhostApproval,' a symlink-based attack affecting six AI coding assistants — Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. A malicious repository can trick the agent into writing to sensitive system files while appearing to edit a harmless target, enabling arbitrary code execution on the developer's machine.
-
4The Hacker News generalGodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
Symantec's Threat Hunter Team identified 'GodDamn' ransomware, first spotted in the wild on May 21, 2026, as a rebrand of Beast ransomware. It employs a Bring Your Own Vulnerable Driver (BYOVD) technique via the Microsoft co-signed PoisonX kernel driver to disable endpoint security software before encrypting targets, primarily in the United States.
-
5SecurityWeek general12 Million Impacted by Data Breach at Japanese Telco KDDI
Japanese telco KDDI disclosed a data breach affecting approximately 12 million customers after attackers exploited a zero-day vulnerability in a third-party system to access a KDDI-operated ISP email platform. The breach is among the largest telecom incidents reported in Japan, exposing customer records at scale.
-
6SecurityWeek generalChrome 150 Update Patches 27 Vulnerabilities
Google's Chrome 150 update resolves 27 vulnerabilities, including 13 use-after-free bugs and two critical-severity flaws discovered internally by Google. Security teams running Chrome at enterprise scale should prioritize rapid deployment given the high count of memory-safety issues, which are the most common vector for renderer exploitation.
-
7The Hacker News generalNew GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
Microsoft analyzed a destructive Windows backdoor called GigaWiper that combines three distinct capabilities — full disk wiping, Windows drive overwriting, and fake ransomware that encrypts files with a key that is never saved — into a single operator-selectable toolkit. The modular design makes it highly flexible for destructive operations and complicates attribution.
-
8CyberScoop generalInterpol cybercrime crackdown nets 5,800 arrests across 97 countries
Interpol's Operation First Light resulted in 5,811 arrests across 97 countries, the seizure of $293 million in illicit assets, and the identification of more than 142,000 victims of social-engineering fraud schemes. The operation's scale reflects the growing global coordination in tackling cybercrime-enabled fraud networks.
-
9SecurityWeek generalPalo Alto Networks Patches 13 Vulnerabilities
Palo Alto Networks released patches addressing 13 vulnerabilities in PAN-OS, covering buffer overflows, denial-of-service, command injection, SSRF, and authentication bypass flaws. PAN-OS is widely deployed as a perimeter security platform, making these patches critical for organizations relying on it for network defense.
-
10The Hacker News generalnpm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
npm version 12 ships with install scripts disabled by default, requiring explicit opt-in via 'allowScripts,' and deprecates granular access tokens (GATs) that could bypass two-factor authentication. GitHub made the change to reduce supply chain attack surface following a series of high-profile malicious package incidents on the registry.