# Archive
Browse past daily curated stories
Sunday, July 12, 2026
-
1The Hacker News generalCompromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The jscrambler npm package version 8.14.0, published July 11, 2026, was found to contain a malicious preinstall hook that silently executes a Rust-based infostealer during installation across Windows, macOS, and Linux — requiring no import or CLI invocation. Socket detected the compromise just six minutes after publication. Supply chain attacks via trusted npm packages pose severe risk to CI/CD pipelines and developer environments.
-
2BleepingComputer generalNew U-Boot flaws could enable stealthy firmware attacks
Six vulnerabilities discovered in U-Boot, the widely deployed open-source bootloader used in embedded Linux devices, could allow attackers to execute malicious code during the boot process, enabling persistent firmware-level compromise that survives OS reinstalls. The flaws are particularly impactful given U-Boot's prevalence in routers, IoT devices, and industrial systems where firmware patching is often difficult or impossible.
-
3The Hacker News generalInjective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Attackers compromised the Injective Labs SDK GitHub repository and published malicious npm package @injectivelabs/[email protected], which embedded fake telemetry functionality to exfiltrate cryptocurrency wallet private keys and mnemonic seed phrases. The incident represents a classic software supply chain attack targeting the Web3/DeFi ecosystem, where a single compromised dependency can drain multiple users' wallets.
-
4The Hacker News generalCritical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Zimbra has issued an urgent patch for a critical stored XSS vulnerability in the Zimbra Collaboration Classic Web Client that allows specially crafted emails to execute arbitrary JavaScript in a victim's authenticated session. The flaw has not yet been assigned a CVE and affects organizations relying on the Classic Web Client interface for enterprise email.
-
5SecurityWeek general‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery Mechanism
'HalluSquatting' is a newly demonstrated attack technique that exploits AI assistant hallucinations — registering fake package or domain names that AI tools fabricate — to deliver malware and achieve remote code execution on victim systems. Researchers showed the technique can be used as a botnet delivery mechanism, turning a fundamental LLM reliability flaw into an active exploitation vector.
-
6BleepingComputer general'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
'Ghostcommit' is a demonstrated prompt injection technique that embeds malicious instructions inside PNG image files to manipulate AI coding agents such as CodeRabbit and Bugbot, which never inspect image content. Researchers showed the attack could instruct a coding agent to read a repository's .env file and exfiltrate all secrets encoded as numbers within the codebase, bypassing AI-based code review entirely.
-
7BleepingComputer generalFormer ransomware negotiator gets 4 years for BlackCat attacks
Angelo Martino, a former DigitalMint cybersecurity employee hired to negotiate ransomware payments on behalf of victims, was sentenced to 70 months in federal prison for secretly working with the BlackCat/ALPHV ransomware group to extort those same clients. Separately, Armenian national Karen Vardanyan pleaded guilty to deploying Ryuk ransomware and faces up to 15 years in prison with nearly $1.2 million in restitution.
-
8The Hacker News generalUnpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
Researcher Sébastien Féry disclosed an unpatched denial-of-service flaw dubbed XRING in XQUIC, Alibaba's open-source QUIC and HTTP/3 library, which allows any unauthenticated remote client to crash an HTTP/3 server using approximately 260 bytes of valid QPACK traffic. No patch was available as of the July 8, 2026 disclosure, posing risk to any service built on XQUIC.
-
9The Hacker News generalLaser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
Ledger's Donjon security team demonstrated a laser fault injection attack against Tangem hardware crypto wallet cards that resets the card's PIN to an attacker-chosen value without knowledge of the original password — and affected cards cannot be patched. An attacker with brief physical access to the card can gain full control of the associated wallet and drain funds.
-
10SecurityWeek generalNetwork of 200 GitHub Repositories Used for Malware Infection
Researchers identified a malware distribution network leveraging approximately 200 GitHub repositories, using Go modules to load PowerShell payloads that fetch a resolver from public dead-drop services before executing Windows malware. The infrastructure abuses GitHub's trusted reputation to evade network-based detection and demonstrates ongoing abuse of developer platforms for malware staging.