New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
WordPress 6.9.5 and 7.0.2 patch wp2shell, a pre-auth core RCE that lets anonymous attackers run code on default installs, even with no plugins.
@the-hacker-news
Publisher
108
Posts
WordPress 6.9.5 and 7.0.2 patch wp2shell, a pre-auth core RCE that lets anonymous attackers run code on default installs, even with no plugins.
OpenSSL fixed HollowByte after 11-byte TLS requests could strand memory on glibc systems, but shipped no CVE, advisory, or changelog note.
Seven malicious npm packages target Vite developers, using blockchain-based C2 to deliver a RAT for credential theft, file exfiltration, persistence.
NadMesh scans exposed AI services for AWS keys, Kubernetes tokens, model access, and MCP tools while Docker and Jenkins lead observed exploit traffic.
Expel links CylindricalCanine to DigiCert's April 2026 breach, where stolen certificates were used to sign Zhong Stealer and 60 were revoked.
North Korean hackers hide a four-stage OtterCookie payload in SVG files inside fake coding tests to steal browser data and crypto wallets.
EU orders Google to open 11 Android 18 features to rival AI assistants by August 2027, while sharing anonymized Search data under DMA rules.
Autonomous defense systems need trusted infrastructure to move telemetry, command data, and AI outputs across platforms, classifications, and allies.
Armenia holds Aleksandr Yuryevich Ermakov on a U.S. REvil extradition request, while his lawyers say Washington is seeking a different namesake.
ACR Stealer campaigns use ClickFix lures, JPEG steganography, and WebDAV to steal browser tokens, passwords, PDFs, and synced Microsoft 365 files.
New GoSerpent malware targets Southeast Asian government and diplomatic entities, deploying SOCKS5 proxies, credential dumpers, and data theft tools.
CISA says SharePoint CVE-2026-58644 was exploited before Microsoft patched it, affecting all supported on-premises versions and enabling RCE.
Two TfL hackers get 5.5 years each for the £29 million 2024 attack, which disabled 148 systems, exposed customer data, and disrupted travel services.
This week’s ThreatsDay Bulletin covers spyware-laced game cheats, fake installers, infostealer, ransomware, phishing kits, actively exploited flaws.
n8n fixed CVE-2026-59208, a JWT matching flaw that could log users into another issuer’s account on affected multi-issuer Enterprise setups.
New TELEPUZ malware spreads through ClickFix, then steals browser cookies, logs keystrokes, runs commands, and installs itself as a Windows service.
ClickLock Stealer kills macOS apps every 210 milliseconds until victims enter a password, then steals browser credentials, cookies, wallets, and Keych
PhantomEnigma uses more than 20 hijacked Brazilian government sites and compromised mailboxes to deliver a modular Node.js backdoor and payloads.
Agent data injection forges trusted fields across six AI models, redirecting web and coding agents while bypassing prompt injection defenses.
Daxin resurfaces at a Taiwan manufacturer alongside Stupig, a new backdoor that runs SYSTEM commands before sign-in through Windows' logon process.
AI speeds offensive testing, but unproven findings increase triage noise unless teams verify reachability, impact, and deployed context.
Shark AWS IoT policy flaw could let one certificate send root commands to other vacuums in the same region, exposing cameras, maps, and Wi-Fi password
OpenAI says GPT-Red automates prompt injection testing and helped GPT-5.6 Sol record sixfold fewer direct injection failures than GPT-5.5 in benchmark
Zoom fixes CVE-2026-53412, a 9.8-rated Windows flaw that could enable account takeover via network access, plus three privilege escalation bugs.
TuxBot v3 Evolution contains raw LLM reasoning, 1,496 Telnet credentials, and exploits for over 30 IoT device families in a modular DDoS botnet.
OkoBot injects recovery phrase lures into Ledger and Trezor apps, targeting hundreds of Windows users across more than 25 countries.
Mozilla fixes two critical Firefox flaws with public exploit code as Google, Adobe, and Broadcom patch Chrome, ColdFusion, and VMware security bugs.
Modern SASE shifts enforcement to browsers and endpoints as AI workflows, TLS 1.3, and HTTP/3 expose cloud proxy limits across enterprise traffic.
LegacyHive is a PoC for a Windows ProfSvc privilege escalation flaw that works after the July 2026 update, but the public build needs extra credential
Approved marketing tags can load unvetted fourth-party scripts with access to forms, checkout fields, and customer data after the initial review.
Cursor runs a repo-root git.exe when a Windows project opens, enabling code execution as the user. Seven months later, no patch or advisory exists.
Four compromised AsyncAPI npm packages load a multi-stage botnet from IPFS after attackers abuse GitHub Actions, despite valid provenance attestations
SonicWall says attackers are exploiting two SMA 1000 zero-days, including a code injection flaw that could enable administrator command execution.
Microsoft fixes a record 622 CVEs, including two exploited SharePoint and AD FS zero-days, while a Kerberos RC4 change could break service account log
SAP patches three critical flaws, including a 9.9 NetWeaver ABAP memory bug and default OAuth credentials that may expose Commerce Cloud data.
Claude for Chrome v1.0.80 still accepts forged clicks from other extensions, triggering Gmail, Docs, and Calendar tasks silently in hands-off mode.
LabubaRAT poses as NVIDIA software, profiles security tools, and uses HTTPS, WebView2, or DNS tunneling to maintain remote access on Windows hosts.
Two RabbitMQ flaws can expose OAuth secrets or queue metadata, with one potentially enabling full broker takeover in affected configurations.
Eleven old Microsoft-signed UEFI shims could let admin-level attackers bypass Secure Boot and run code before the operating system loads
Researchers found built-in privacy leaks in 85 browser wallets that can link addresses, survive logout, and expose users across unrelated sites.
Pentera’s MCP Server gives AI assistants access to validated attack paths, helping teams prioritize exploitable risks and verify remediation.
OAuth client ID spoofing lets attackers test Entra accounts and stolen passwords without successful sign-ins, leaving application names blank in logs.
Grok Build uploaded tracked Git repositories and full commit history to xAI storage by default, including unread files and unredacted .env secrets.
U.S. sanctions First VPN and two operators over ransomware support as the U.K. and E.U. target 24 Russian cyber actors and the FBI warns on FSB router
JFrog finds 148 npm proxy packages turned student browsers into a DDoS botnet, while a mutable loader lets operators re-arm it without updates.
Microsoft maps three Salesforce intrusion paths that abuse OAuth apps, vendor tokens, and guest access while ordinary sign-in monitoring stays quiet.
CrashStealer uses a notarized macOS dropper to pass Gatekeeper, then steals browser, wallet, password manager, file, and keychain data.
Google and Microsoft pulled ModHeader after researchers found a dormant collector built to encrypt and upload up to 1,000 visited domains.
From a rushed ShareFile shutdown to poisoned npm packages and AI assistants tricked into installing malware, here's every threat you need to know this
A single crafted email can plant a false, lasting memory in AI agents like OpenClaw, hide it from the user, and slip past the defenses built to catch
Forg365 targets Microsoft 365 with device code and AitM phishing, then uses stolen tokens for persistent browser sessions and mailbox access.
Meta filed a patent for an AI that reads your mood from your voice, eyes, and phone and keeps a timestamped log of it.
Research on 25 million enterprise alerts finds 98% can be resolved autonomously, leaving less than 2% of SOC cases for human analyst review.
A likely AI-generated PowerShell script mapped Active Directory after an attacker gained RDP access to a Windows Server with compromised credentials.
An exposed attack server led Lexfo to three Microsoft 365 phishing operations using Evilginx and device code abuse to capture sessions.
CISA adds exploited iCagenda and Balbooa Forms flaws to KEV after reported zero-day attacks enabled PHP uploads and remote code execution on sites.
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of July 11, 2026.
Suspected China- and India-aligned actors targeted Pakistani police systems with PlugX, ShadowPad, Remcos, and Cobalt Strike from 2024 to 2026.
Zimbra fixes a critical stored XSS flaw in its Classic Web Client that could let crafted emails run malicious scripts when opened. Update to 10.1.19.
Progress ordered ShareFile customers to shut down their Storage Zone Controllers while it investigates a credible external security threat.
Unknown attackers compromised Injective Labs' GitHub repo to publish npm package 1.20.21, which steals wallet private keys and seed phrases.
Six U-Boot flaws include four that can crash devices and two that could run code before signature checks; no fixed stable release exists.
Ledger researchers used laser fault injection to reset Tangem wallet passwords, but the invasive attack needs physical access and a $250,000 lab.
A researcher says three patched OpenClaw flaws could enable credential theft, privilege escalation, and host code execution via WhatsApp.
China-linked Silver Fox deploys the Rust-based MODBEACON RAT through fake software installers, targeting technology, education, and state-owned firms.
FoxIO disclosed XRING, an unpatched XQUIC flaw that lets unauthenticated clients crash HTTP/3 servers with 260 bytes of legal QPACK traffic.
Lumen used Axonius to reconcile 40-plus systems, uncover 60 times more devices, and rebuild exposure management around trusted asset data.
An open WP-SHELLSTORM server exposed tools, logs, and target lists naming 1.4 million sites, with researchers validating 25,195 compromises.
Researchers tested 281 free Android VPN apps and found DNS leaks, plaintext traffic, weak tunnels, and flaws across apps with 2.4B installs.
O-UNC-066 uses vishing and a live phishing kit to trick Microsoft 365 users into enrolling attacker-controlled Entra passkeys for account access.
Coinspect confirms over $5M stolen via the Ill Bloom flaw. Weak seed generation left older mobile and browser-extension wallets exposed.
Former ransomware negotiator Angelo Martino gets 70 months for giving victim negotiation data to BlackCat operators and aiding extortion.
GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
Microsoft details GigaWiper, a Windows backdoor that bundles disk wiping, fake ransomware, and remote control into one destructive tool.
GitHub releases npm 12 with install scripts off by default and begins phasing out 2FA bypass tokens for sensitive npm actions.
ThreatsDay Bulletin covers fraud arrests, supply-chain attacks, phishing, cloud hijacking, ransomware, Windows flaws, and AI-driven data exfiltration.
AI-powered attacks move faster than human runbooks. Zscaler shows how Zero Trust can cut reach and lateral movement.
Chainguard argues AI-driven vulnerability discovery is shifting open source disclosure from hand coordination to automated orchestration.
GodDamn ransomware, tied by Symantec to Hyadina's Beast lineage, uses AnyDesk, PsExec, and PoisonX to move and evade defenses.
Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
Meta Muse Image lets users tag public Instagram accounts to generate AI images, with public posts and reels reusable by default unless disabled.
AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command approval is enabled.
Wiz says GhostApproval abuses symlinks so AI coding agents write to SSH keys or shell startup files while showing benign paths.
Infoblox says Lurking Lizard has used fake installers, mobile apps, and lookalike domains to recruit devices into a proxy botnet.
Sophos says Claude Code, Cursor, and Codex triggered Windows endpoint rules for credential access, LOLBin downloads, and persistence.
Researchers show HalluSquatting can make AI coding agents fetch fake repositories or skills and run attacker-supplied code.
Ubiquiti fixes seven critical UniFi flaws across Connect, Talk, Access, Protect, and OS, with no evidence of exploitation in the wild found.
EvilTokens uses AES-GCM encrypted HTML and Microsoft Device Code Phishing to hide Microsoft 365 account takeover pages until browser render.
SCMBANKER watches banking windows, captures screenshots, hijacks CLABE and card numbers, and can deploy Remote Utilities for hands-on access.
Research shows signed Git commits can be re-encoded into fresh GitHub Verified hashes without changing files or breaking signatures.
Passkeys reduce stolen-password value, shifting ATO toward recovery, re-verification, magic links, and AI-driven identity fraud in 2026.
GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
Cisco Talos says UAT-7810 is refining LONGLEASH, DOGLEASH, and JARLEASH to expand the LapDogs ORB network.
GhostLock (CVE-2026-43499), a 15-year-old use-after-free in Linux's futex code, gives any local user root.
CISA added four exploited flaws to KEV, covering Adobe ColdFusion, Joomla page builders, and Langflow ahead of July 10 fixes.
Zimperium found RedWing, a rented Android kit that steals banking logins, lifts one-time codes, and forwards calls to defeat phone-based 2FA.
Google fixed Rogue Agent, a Dialogflow CX Code Blocks flaw that could let one writable agent affect every chatbot in a Cloud project.
Talos details ARToken, a PhaaS panel tied to EvilTokens that supports device code phishing, BEC workflows, SharePoint theft, and PRT persistence.
The issue affects GitHub Agentic Workflows setups that read public input, hold private repo access, and can post output publicly.
Federal complaint says a Windows GDID tied Peter Stokes to a May 2025 jewelry retailer hack that stole 77GB and drew an $8M ransom demand.
Writer patched WriteOut after Sand Security found sandbox previews could forward session cookies into attacker-controlled agents.
AI agents, prompts, and MCP tools now shape software builds, forcing teams to track provenance beyond packages and generated code alone.
Proofpoint says UNK_MassTraction exploited patched Roundcube flaws to target U.S. and Canadian university mail servers.
CVE-2026-11405 affects five Tenda firmware builds and can bypass password checks through an undocumented admin login path in /bin/httpd.
BeyondTrust fixed four RS and PRA flaws, including two pre-auth bugs that could bypass appliance access controls under specific configurations.
Cavern agents were observed in the wild using DLL sideloading, NativeAOT modules, AppDomain unloading, and low VirusTotal detection rates.
Januscape abuses KVM shadow MMU page reuse to panic x86 hosts, with Kim reporting a controlled full escape exploit behind the unreleased path.
CVE-2026-20896 lets reachable Gitea Docker containers trust spoofed X-WEBAUTH-USER headers when reverse proxy auth is enabled.