Posts of last 24 hours
China-linked UNK_MassTraction targets US and Canadian universities through Roundcube flaws, stealing sessions and opening access to research mail servers.
https://hackread.com/unk-masstraction-roundcube-us-canada-universities/
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps "Verified."
Everything a reviewer would check matches. The commit's hash does not. That matters
https://thehackernews.com/2026/07/github-verified-commits-can-be.html
Национальный центр кибербезопасности Британии предупредил об атаках на устройства Fortinet.
https://www.securitylab.ru/news/574595.php
https://mp.weixin.qq.com/s?__biz=MzU3ODAyMjg4OQ==&mid=2247497802&idx=1&sn=8aac08f6fc6e24e8380cc7169f0e6a71
两名放暑假的 15 岁少年体会到了 Waymo 在时刻监视你的含义。他们在车内喝酒,用玩具枪对着其它汽车射水凝胶珠。一名 Waymo 员工当时正远程监控着这辆车,在看到车内有疑似枪支以及正在开枪之后,骗两名青少年说 Waymo 出租车出现了机械故障,需要停车,同时致电警方说有人在开枪。汽车停在了一家购物中心的停车场,当时五名警察已在那里等候搜查。搜查的结果是他们玩的是玩具枪,子弹是水凝胶珠。两名乘客被拘留后被释放交由其父母监护。检方正在审查可能的指控,包括未成年饮酒和从事威胁性行为。
https://www.solidot.org/story?sid=84785
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood.
That era is ending. Not because attackers gave up, but because the front door finally got harder to kick in.
Passkeys are now mainstream.
https://thehackernews.com/2026/07/the-verification-step-is-new-ato.html
Accenture appears to have suffered a data breach, the extent of which is currently unknown. On Monday, a threat actor going by the handle “888” posted on the cybercrime forum PwnForums, claiming to have breached the technology consulting company and stolen “just over 35gb of source codes” in July 2026. They claim to have exfiltrated source code, RSA keys, SSH keys, Azure personal access tokens, Azure Storage access keys, and configuration files, which they are … More →
The post Accenture acknowledges security incident following 35GB data theft claim appeared first on Help Net Security.
https://www.helpnetsecurity.com/2026/07/08/accenture-data-breach-2026/