OpenAI is temporarily relaxing GPT-5.6 Sol usage after demand for the company’s most powerful model surged over the past 48 hours. […]
Claude Fable 5 stays free for paid users until July 19 as Anthropic buys more time
Anthropic has just extended access to Claude Fable 5 for paid subscribers until July 19, giving you another week to keep using the most powerful model. […]
RedHook Android malware now uses Wireless ADB for shell access
A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection. […]
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux.
Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it.
Socket flagged the release six minutes after it was
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026.
“At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen data, such as criminal and
Ghost Accounts Abuse GitHub API in Mass Recon Campaign
Multiple campaigns are using ghost accounts to map GitHub organizations, including their repositories and members.
The post Ghost Accounts Abuse GitHub API in Mass Recon Campaign appeared first on SecurityWeek.
Australia warns of global campaign targeting vulnerable CMS platforms
The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins. […]
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets
A PNG hiding a prompt injection could steal your repo’s secrets, researchers demonstrate. The technique, dubbed ‘Ghostcommit,’ slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo’s .env and write every secret into the code as a list of numbers. […]
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution.
The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user’s session. It has yet to be assigned a CVE identifier.
“The
New U-Boot flaws could enable stealthy firmware attacks
Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. […]
