Researchers have demonstrated a new technique called 'Ghostcommit' that can hide prompt injection attacks within PNG image files. This method allows attackers to bypass AI code reviewers like CodeRabbit and Bugbot, which do not examine image files. Once the image is processed by a coding agent, it can lead to unauthorized access to sensitive information, such as secrets stored in a repository's .env file. This technique poses a serious risk to software developers and organizations that rely on automated code review tools, as it can result in the exposure of confidential data. The ability to extract secrets and convert them into a readable format makes it a significant concern for data security.
Latest Cybersecurity Threats
Real-time threat intelligence from trusted sources
The Hacker News
Zimbra has issued a warning regarding a serious vulnerability in its Classic Web Client that could allow attackers to execute malicious code through specially crafted emails. This vulnerability falls under the category of stored cross-site scripting (XSS) and poses a significant risk as it could enable unauthorized actions within a user's session. While the flaw has not yet been assigned a CVE identifier, Zimbra is urging all customers to implement the necessary updates to mitigate this risk. The potential for arbitrary code execution raises alarms about data security and user safety, making it crucial for affected users to take prompt action. Companies that rely on Zimbra for email services should prioritize applying the updates to protect their systems from potential exploitation.
Schneier on Security
A long-standing vulnerability in the Squid proxy server, known as 'Squidbleed,' has been identified, which can potentially leak sensitive HTTP requests. This bug has been present for 29 years, raising concerns about the security of systems still using affected versions of the Squid software. Administrators of web servers and proxies that rely on Squid need to take immediate action to mitigate any risks associated with this vulnerability. Researchers have flagged the issue as significant, given the age of the flaw and its potential impact on data security. Users of Squid should verify their software versions and apply necessary updates to protect against possible exploitation.
Zimbra has issued a warning regarding a serious stored cross-site scripting (XSS) vulnerability in its Classic Web Client, which is commonly used for accessing Zimbra Collaboration. This flaw allows attackers to execute malicious code when users open compromised emails. The company has released version 10.1.19 to address this vulnerability, which currently does not have a CVE ID. Users of the Classic Web Client should update to this latest version as soon as possible to safeguard their mailboxes from potential exploitation. This incident emphasizes the need for prompt software updates to protect sensitive information from cyber threats.
In May, a significant leak of credentials prompted the Cybersecurity and Infrastructure Security Agency (CISA) to take action. A forensic report released by CISA outlines their plans to enhance protections for sensitive materials and improve the process for researchers to report vulnerabilities within the agency. This incident highlights the need for stronger security measures, especially within government agencies that handle critical infrastructure data. The leak raises concerns about the potential misuse of exposed credentials, which could lead to unauthorized access and other security risks. CISA's proactive steps are essential to prevent similar incidents in the future and to maintain public trust in their operations.
Injective Labs' GitHub repository was compromised by unknown attackers who uploaded a malicious package to the npm registry. This malicious version, identified as @injectivelabs/sdk-ts@1.20.21, was designed to steal private keys and mnemonic seed phrases from cryptocurrency wallets. The attackers disguised the harmful code as telemetry functionality, tricking users into believing it was legitimate. This incident poses a significant risk to users of the Injective Labs SDK, as their sensitive information could be at risk of theft. Cryptocurrency users should be cautious and verify the integrity of packages before installation, especially those that seem to come from compromised sources.
Cyberattacks on healthcare businesses are on the rise, with a significant increase in attacks targeting service providers. While hospitals and clinics saw a modest growth in cyber incidents during the first half of 2026, the number of attacks on healthcare-related businesses more than doubled. This surge in attacks poses a serious threat to patient data and the overall healthcare infrastructure, making it essential for these organizations to bolster their cybersecurity measures. The rising trend indicates that cybercriminals are increasingly focused on exploiting vulnerabilities in the healthcare sector, which could have dire consequences for patient safety and privacy. As attackers become more aggressive, healthcare providers must remain vigilant and proactive in their defenses.
Progress Software has advised ShareFile customers to shut down their Windows servers that run Storage Zone Controllers due to a credible external security threat. The company has temporarily restricted access to affected accounts as a precautionary measure while they investigate the situation. This warning raises concerns for businesses relying on ShareFile for secure file storage and collaboration, highlighting the potential risks associated with third-party services. Users are encouraged to take immediate action to protect their data until the issue is resolved. Progress is working closely with both internal and external security teams to address the threat effectively.
Progress Software has alerted its ShareFile customers to a serious external security threat affecting on-premises Storage Zone Controllers. The company has advised all admins to shut down their servers immediately to protect sensitive data from potential attacks. This warning comes as a response to what has been described as a credible risk, emphasizing the need for users to take swift action to avoid any data breaches. The urgency of this recommendation highlights the severity of the situation, as these systems are commonly used for secure file sharing in various organizations. Customers are urged to stay vigilant and monitor for any further updates from Progress Software.
Researchers at Binarly have identified six new vulnerabilities in U-Boot, the bootloader responsible for starting various hardware devices, including routers and smart cameras. Four of these flaws can cause devices to crash, while two others could allow attackers to execute their own code by presenting a malicious image to the bootloader. This is particularly concerning as U-Boot is widely used across many platforms, making a large number of devices potentially vulnerable. If exploited, these vulnerabilities could lead to unauthorized access and control over affected systems before they even fully boot up. Users and manufacturers need to be aware of these vulnerabilities to ensure their devices remain secure.
A Bulgarian man, already serving a lengthy prison sentence for laundering millions from fraud victims, has been charged with stealing $290,000 in cryptocurrency that had been seized by the government. Authorities allege that while incarcerated, he orchestrated the theft of the funds, which were part of a larger investigation into his previous criminal activities. This case raises serious concerns about security within correctional facilities, especially regarding the ability of inmates to manipulate digital assets even while behind bars. The incident highlights the ongoing challenges law enforcement faces in tracking and securing cryptocurrency, particularly in cases involving organized crime and fraud. The implications for victims of fraud and the integrity of the justice system are significant, as this theft undermines efforts to recover stolen funds.
The Department of Homeland Security (DHS) has reported a significant data breach involving one of its databases, although specific details about the extent of the breach or the data compromised have not been disclosed. Meanwhile, Adobe is increasing the frequency of its security updates to better protect users from vulnerabilities, responding to the growing number of cyber threats. In another development, Canadian authorities have successfully disrupted ransomware operations, which is a crucial step in combating the rise of these attacks. Additionally, a data breach at AssuranceAmerica has put the personal information of around 7 million individuals at risk. This series of events illustrates the ongoing challenges organizations face in safeguarding sensitive data and the need for improved security measures across various sectors.
Researchers from Ledger's Donjon security team have discovered a significant vulnerability in Tangem crypto wallet cards. By using a precisely timed laser pulse directed at the chip inside the card, an attacker can reset the wallet's password to a new one of their choosing. This means that once the password is changed, the attacker gains full control over the wallet and can transfer any cryptocurrency stored on it. While this poses a serious risk, it's important to note that the attack requires specialized equipment and expertise, so it may not be an immediate concern for most users. Nonetheless, it raises questions about the security of hardware wallets, especially those that cannot be patched or updated to fix this flaw.
Researchers have identified three serious vulnerabilities in the OpenClaw personal AI assistant that, if exploited, could allow attackers to steal user credentials, escalate privileges, and execute arbitrary code on the host device. These vulnerabilities have been assigned high CVSS scores, with one flaw rated at 8.8, indicating a significant risk. While the vulnerabilities have been patched, the details raise concerns about the security of AI applications and the potential for misuse. Users of OpenClaw and similar AI assistants should ensure they are running the latest updates to protect against these risks. This incident serves as a reminder of the importance of regular software maintenance and vigilance in cybersecurity practices.
The article discusses how the rise of AI agents is leading to an increase in non-human identities within organizations, complicating the management of identity security. As these AI agents proliferate, companies struggle to track what identities exist, who controls them, and what access privileges they have. This growing complexity creates a larger attack surface for cybercriminals, making it essential for organizations to enhance their visibility and governance over identity management. Failing to do so could leave companies vulnerable to unauthorized access and data breaches. The piece emphasizes the need for stronger identity governance measures as AI continues to evolve and integrate into business operations.