<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>InfoSecRadar — Tools &amp; Techniques</title>
    <link>https://infosecradar.com/feeds/tools.xml</link>
    <description>Tools &amp; Techniques stories from InfoSecRadar</description>
    <atom:link href="https://infosecradar.com/feeds/tools.xml" rel="self"/>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>InfoSecRadar</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 20:01:19 +0000</lastBuildDate>
    <item>
      <title>Microsoft is forcing an enterprise transition to passkeys</title>
      <link>https://infosecradar.com/stories/2026/07/15/microsoft-is-forcing-an-enterprise-transition-to-passkeys/</link>
      <description>Microsoft will transition its Entra ID service to use passkeys as the default authentication method starting September 1, 2026, with SMS and voice authentication ending in February 2027. This move aims to bolster security against increasingly sophisticated AI-powered attacks that target traditional credentials.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197086/microsoft-is-forcing-an-enterprise-transition-to-passkeys-2.html</guid>
      <pubDate>Wed, 15 Jul 2026 02:08:45 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197086/microsoft-is-forcing-an-enterprise-transition-to-passkeys-2.html">CSO Online</source>
    </item>
    <item>
      <title>Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates</title>
      <link>https://infosecradar.com/stories/2026/07/15/critical-vulnerabilities-patched-with-fresh-chrome-150-firefox-152-updates/</link>
      <description>Google Chrome 150 and Mozilla Firefox 152 have received updates to patch critical vulnerabilities. While public exploit code for the Firefox flaws exists, there have been no observed instances of in-the-wild exploitation.</description>
      <guid isPermaLink="false">https://www.securityweek.com/critical-vulnerabilities-patched-with-fresh-chrome-150-firefox-152-updates/</guid>
      <pubDate>Wed, 15 Jul 2026 07:24:52 +0000</pubDate>
      <source url="https://www.securityweek.com/critical-vulnerabilities-patched-with-fresh-chrome-150-firefox-152-updates/">SecurityWeek</source>
    </item>
    <item>
      <title>Cybersecurity needs more prevention and less reliance on cure</title>
      <link>https://infosecradar.com/stories/2026/07/15/cybersecurity-needs-more-prevention-and-less-reliance-on-cure/</link>
      <description>The article argues that the cybersecurity industry has shifted too far towards detection and response, neglecting essential preventative measures. It calls for greater investment and innovation in blocking threats before they can cause damage, drawing a parallel to the medical field's emphasis on prevention over cure. The current focus on detection, while improving response times and reducing financial impact, has not proportionally decreased the rate of successful compromises.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4196818/cybersecurity-needs-more-prevention-and-less-reliance-on-cure.html</guid>
      <pubDate>Wed, 15 Jul 2026 09:00:00 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4196818/cybersecurity-needs-more-prevention-and-less-reliance-on-cure.html">CSO Online</source>
    </item>
    <item>
      <title>Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware</title>
      <link>https://infosecradar.com/stories/2026/07/15/compromised-asyncapi-npm-packages-deliver-multi-stage-botnet-malware/</link>
      <description>Four npm packages within the @asyncapi namespace have been found to be compromised and are distributing a multi-stage botnet loader. This malicious activity was identified by researchers from OX Security, SafeDep, Socket, and StepSecurity.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html</guid>
      <pubDate>Wed, 15 Jul 2026 09:16:13 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html">The Hacker News</source>
    </item>
    <item>
      <title>When 80,000 fans log on at once: The 2026 World Cup’s unique cybersecurity issues</title>
      <link>https://infosecradar.com/stories/2026/07/15/when-80000-fans-log-on-at-once-the-2026-world-cups-unique-cybersecurity-issues/</link>
      <description>Large soccer stadiums hosting events like the World Cup present unique cybersecurity challenges due to the massive influx of tens of thousands of unmanaged devices connecting to their networks. The article highlights the need for real-time network visibility and segmentation to protect critical systems like payment platforms and operational infrastructure from potential disruptions.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4196827/when-80000-fans-log-on-at-once-the-2026-world-cups-unique-cybersecurity-issues.html</guid>
      <pubDate>Wed, 15 Jul 2026 10:00:00 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4196827/when-80000-fans-log-on-at-once-the-2026-world-cups-unique-cybersecurity-issues.html">CSO Online</source>
    </item>
    <item>
      <title>Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution</title>
      <link>https://infosecradar.com/stories/2026/07/15/cursor-flaw-lets-malicious-cloned-repositories-trigger-windows-code-execution/</link>
      <description>A critical flaw has been discovered in the Cursor code editor that allows malicious cloned repositories to execute arbitrary code on Windows. If a repository contains a file named 'git.exe' in its root directory, Cursor will automatically run it without any user interaction, potentially exposing sensitive data and credentials.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html</guid>
      <pubDate>Wed, 15 Jul 2026 10:55:22 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html">The Hacker News</source>
    </item>
    <item>
      <title>Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday</title>
      <link>https://infosecradar.com/stories/2026/07/15/researcher-drops-new-windows-zero-day-poc-hours-after-microsoft-patch-tuesday/</link>
      <description>A security researcher has released a proof-of-concept exploit for a new Windows zero-day vulnerability called LegacyHive. This vulnerability allows for arbitrary hive load elevation of privileges within the Windows User Profile Service, a critical system component.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html</guid>
      <pubDate>Wed, 15 Jul 2026 11:07:07 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html">The Hacker News</source>
    </item>
    <item>
      <title>Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers</title>
      <link>https://infosecradar.com/stories/2026/07/15/establishing-a-coordinated-vulnerability-disclosure-program-to-work-with-securit/</link>
      <description>CISA, NSA, and international partners have released guidance on establishing Coordinated Vulnerability Disclosure (CVD) programs. The guidance offers best practices for software manufacturers and online service providers to work with security researchers, including clear policies for reporting, triaging, and remediating vulnerabilities. It also suggests using third-party intermediaries to support these programs.</description>
      <guid isPermaLink="false">https://www.cisa.gov/resources-tools/resources/establishing-coordinated-vulnerability-disclosure-program-work-security-researchers</guid>
      <pubDate>Wed, 15 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/resources-tools/resources/establishing-coordinated-vulnerability-disclosure-program-work-security-researchers">CISA Alerts</source>
    </item>
    <item>
      <title>LegacyHive: 'Bone-shattering' zero-day from Microsoft's serial tormentor not the haymaker that was promised</title>
      <link>https://infosecradar.com/stories/2026/07/15/legacyhive-bone-shattering-zero-day-from-microsofts-serial-tormentor-not-the-hay/</link>
      <description>Security researchers have identified a new post-compromise tool named LegacyHive, allegedly developed by a prolific Microsoft tormentor. While initially hyped as a significant threat, experts now view it as a useful, albeit complex, tool for those with the technical expertise to implement it effectively.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/15/microsofts-serial-tormentor-drops-legacyhive-0-day/5271723</guid>
      <pubDate>Wed, 15 Jul 2026 12:59:39 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/15/microsofts-serial-tormentor-drops-legacyhive-0-day/5271723">The Register (Security)</source>
    </item>
    <item>
      <title>New Windows Bind Link techniques let attackers evade EDR, security controls</title>
      <link>https://infosecradar.com/stories/2026/07/15/new-windows-bind-link-techniques-let-attackers-evade-edr-security-controls/</link>
      <description>Attackers are leveraging new techniques that abuse Windows Bind Links, a legitimate filesystem virtualization capability, to evade detection by endpoint security tools like EDR, AMSI, and AppLocker. Bitdefender researchers identified three methods – File Binding, Process-Binding, and Silo-Binding – that redirect trusted file paths to malicious ones, allowing malware to execute undetected.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197184/new-windows-bind-link-techniques-let-attackers-evade-edr-security-controls.html</guid>
      <pubDate>Wed, 15 Jul 2026 13:00:00 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197184/new-windows-bind-link-techniques-let-attackers-evade-edr-security-controls.html">CSO Online</source>
    </item>
    <item>
      <title>Windows Bind Link Attacks Can Hide Malware From EDR Tools</title>
      <link>https://infosecradar.com/stories/2026/07/15/windows-bind-link-attacks-can-hide-malware-from-edr-tools/</link>
      <description>Researchers at Bitdefender have discovered a new attack technique on Windows systems that leverages bind links. These links create conflicting filesystem views, allowing malware to evade detection by Endpoint Detection and Response (EDR) tools.</description>
      <guid isPermaLink="false">https://www.securityweek.com/windows-bind-link-attacks-can-hide-malware-from-edr-tools/</guid>
      <pubDate>Wed, 15 Jul 2026 13:00:00 +0000</pubDate>
      <source url="https://www.securityweek.com/windows-bind-link-attacks-can-hide-malware-from-edr-tools/">SecurityWeek</source>
    </item>
    <item>
      <title>2-Click Cursor Exploit Enables Dev Environment Takeover</title>
      <link>https://infosecradar.com/stories/2026/07/15/2-click-cursor-exploit-enables-dev-environment-takeover/</link>
      <description>A newly discovered "2-click cursor exploit" leverages fundamental, age-old bugs within development environments to grant attackers access to sensitive developer secrets and source code. This vulnerability can lead to a full takeover of the development environment, posing a significant risk to intellectual property and software integrity.</description>
      <guid isPermaLink="false">https://www.darkreading.com/application-security/2-click-cursor-exploit-dev-environment-takeover</guid>
      <pubDate>Wed, 15 Jul 2026 13:00:00 +0000</pubDate>
      <source url="https://www.darkreading.com/application-security/2-click-cursor-exploit-dev-environment-takeover">Dark Reading</source>
    </item>
    <item>
      <title>KAPE 101: A Kroll Artifact Parser and Extractor Cheatsheet</title>
      <link>https://infosecradar.com/stories/2026/07/15/kape-101-a-kroll-artifact-parser-and-extractor-cheatsheet/</link>
      <description>This article provides a cheatsheet for KAPE (Kroll Artifact Parser and Extractor), a tool used for efficiently locating, extracting, and parsing Windows forensic artifacts. These artifacts can be crucial for identifying adversary activity within the operating system.</description>
      <guid isPermaLink="false">https://www.blackhillsinfosec.com/kape-cheatsheet/</guid>
      <pubDate>Wed, 15 Jul 2026 14:00:00 +0000</pubDate>
      <source url="https://www.blackhillsinfosec.com/kape-cheatsheet/">Black Hills Information Security</source>
    </item>
    <item>
      <title>Unpatched Cursor Vulnerability Exposes Users to Code Execution</title>
      <link>https://infosecradar.com/stories/2026/07/15/unpatched-cursor-vulnerability-exposes-users-to-code-execution/</link>
      <description>A vulnerability in the Cursor code editor allows attackers to execute arbitrary code by creating a malicious repository with a git.exe file in the project root. Cursor automatically executes this file, leading to potential code execution on the user's system.</description>
      <guid isPermaLink="false">https://www.securityweek.com/unpatched-cursor-vulnerability-exposes-users-to-code-execution/</guid>
      <pubDate>Wed, 15 Jul 2026 14:37:13 +0000</pubDate>
      <source url="https://www.securityweek.com/unpatched-cursor-vulnerability-exposes-users-to-code-execution/">SecurityWeek</source>
    </item>
    <item>
      <title>OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps</title>
      <link>https://infosecradar.com/stories/2026/07/15/okobot-malware-framework-injects-seed-phrase-phishing-into-ledger-and-trezor-app/</link>
      <description>The OkoBot malware framework, active since April 2025 on Windows, includes a module specifically designed to phish users for their hardware wallet recovery phrases. This module injects fake recovery phrase prompts into legitimate desktop applications for Ledger and Trezor wallets on infected machines.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/okobot-malware-framework-injects-seed.html</guid>
      <pubDate>Wed, 15 Jul 2026 15:30:30 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/okobot-malware-framework-injects-seed.html">The Hacker News</source>
    </item>
    <item>
      <title>​    ​AsyncAPI npm packages infected with credential-stealing malware</title>
      <link>https://infosecradar.com/stories/2026/07/15/asyncapi-npm-packages-infected-with-credential-stealing-malware/</link>
      <description>Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) as part of a supply-chain attack. These packages contained a remote access trojan designed to steal credentials and other sensitive information from infected systems.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/-asyncapi-npm-packages-infected-with-credential-stealing-malware/</guid>
      <pubDate>Wed, 15 Jul 2026 15:37:27 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/-asyncapi-npm-packages-infected-with-credential-stealing-malware/">Bleeping Computer</source>
    </item>
    <item>
      <title>Identity Attacks Overtake Exploits as Top Ransomware Cause</title>
      <link>https://infosecradar.com/stories/2026/07/15/identity-attacks-overtake-exploits-as-top-ransomware-cause/</link>
      <description>Email-based attacks have surpassed exploit kits as the primary entry point for ransomware. Despite widespread adoption of multifactor authentication (MFA), it was ineffective in 97% of credential-based attacks, failing to prevent compromise.</description>
      <guid isPermaLink="false">https://www.darkreading.com/identity-access-management-security/identity-attacks-overtake-exploits-top-ransomware-cause</guid>
      <pubDate>Wed, 15 Jul 2026 20:16:13 +0000</pubDate>
      <source url="https://www.darkreading.com/identity-access-management-security/identity-attacks-overtake-exploits-top-ransomware-cause">Dark Reading</source>
    </item>
    <item>
      <title>NPM ecosystem hit with two new supply chain compromises</title>
      <link>https://infosecradar.com/stories/2026/07/15/npm-ecosystem-hit-with-two-new-supply-chain-compromises/</link>
      <description>Two significant supply chain compromises have affected the npm ecosystem, impacting multiple packages from AsyncAPI and Jscrambler Code Integrity. Attackers gained access through compromised development credentials and exploited a known vulnerability in GitHub Actions CI/CD workflows to inject malware into open-source packages. Affected organizations are advised to rebuild systems from clean images and rotate all credentials.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197499/npm-ecosystem-hit-with-two-new-supply-chain-compromises.html</guid>
      <pubDate>Wed, 15 Jul 2026 20:33:40 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197499/npm-ecosystem-hit-with-two-new-supply-chain-compromises.html">CSO Online</source>
    </item>
    <item>
      <title>Trend Micro, Tanium, ESET and Tenable Patch Severe Product Vulnerabilities</title>
      <link>https://infosecradar.com/stories/2026/07/16/trend-micro-tanium-eset-and-tenable-patch-severe-product-vulnerabilities/</link>
      <description>Leading cybersecurity firms Trend Micro, Tanium, ESET, and Tenable have all released patches for critical and high-severity vulnerabilities discovered within their respective products. These patches address security flaws that could have put users' systems at risk.</description>
      <guid isPermaLink="false">https://www.securityweek.com/trend-micro-tanium-eset-and-tenable-patch-severe-product-vulnerabilities/</guid>
      <pubDate>Thu, 16 Jul 2026 06:08:08 +0000</pubDate>
      <source url="https://www.securityweek.com/trend-micro-tanium-eset-and-tenable-patch-severe-product-vulnerabilities/">SecurityWeek</source>
    </item>
    <item>
      <title>Tech support scam caused massive data breach at Australian airline Qantas</title>
      <link>https://infosecradar.com/stories/2026/07/16/tech-support-scam-caused-massive-data-breach-at-australian-airline-qantas/</link>
      <description>A tech support scam led to a massive data breach at Australian airline Qantas, potentially exposing the personal information of 5.7 million people. The breach occurred due to the scam, although the airline claims the exposed data does not violate privacy rules.</description>
      <guid isPermaLink="false">https://www.theregister.com/cyber-crime/2026/07/16/tech-support-scam-caused-massive-data-breach-at-australian-airline-qantas/5272267</guid>
      <pubDate>Thu, 16 Jul 2026 06:27:47 +0000</pubDate>
      <source url="https://www.theregister.com/cyber-crime/2026/07/16/tech-support-scam-caused-massive-data-breach-at-australian-airline-qantas/5272267">The Register (Security)</source>
    </item>
    <item>
      <title>Law firm insisted on one password to rule them all</title>
      <link>https://infosecradar.com/stories/2026/07/16/law-firm-insisted-on-one-password-to-rule-them-all/</link>
      <description>A law firm reportedly used a single, shared administrative password for multiple systems, including its case management system. This practice allowed unauthorized access to sensitive client data, as any individual with the password could potentially view or alter confidential information.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/16/law-firm-insisted-on-one-password-to-rule-them-all/5269484</guid>
      <pubDate>Thu, 16 Jul 2026 07:00:00 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/16/law-firm-insisted-on-one-password-to-rule-them-all/5269484">The Register (Security)</source>
    </item>
    <item>
      <title>Zoom Patches Critical Windows Flaw That Could Enable Account Takeover</title>
      <link>https://infosecradar.com/stories/2026/07/16/zoom-patches-critical-windows-flaw-that-could-enable-account-takeover/</link>
      <description>Zoom has released security updates for a critical vulnerability in its Windows client that could allow attackers to take over user accounts. The flaw, CVE-2026-53412, is rated with a CVSS score of 9.8 and affects multiple Zoom Windows applications.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html</guid>
      <pubDate>Thu, 16 Jul 2026 07:22:44 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html">The Hacker News</source>
    </item>
    <item>
      <title>OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol</title>
      <link>https://infosecradar.com/stories/2026/07/16/openais-gpt-red-automates-prompt-injection-testing-to-harden-gpt-56-sol/</link>
      <description>OpenAI has developed an internal automated red-teaming model called GPT-Red to identify and fix prompt injection vulnerabilities in their AI models. This model has proven effective in finding weaknesses, prompting OpenAI to use it for adversarial training to improve the security of their AI systems.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/openais-gpt-red-automates-prompt.html</guid>
      <pubDate>Thu, 16 Jul 2026 08:42:31 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/openais-gpt-red-automates-prompt.html">The Hacker News</source>
    </item>
    <item>
      <title>AI Can Find Bugs, But Human Knowledge Still Proves Them</title>
      <link>https://infosecradar.com/stories/2026/07/16/ai-can-find-bugs-but-human-knowledge-still-proves-them/</link>
      <description>AI tools are significantly enhancing offensive security by rapidly analyzing code, generating payloads, and automating testing. However, human expertise remains crucial for validating AI-generated findings and ensuring their practical applicability in security.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/ai-can-find-bugs-but-human-knowledge.html</guid>
      <pubDate>Thu, 16 Jul 2026 10:10:00 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/ai-can-find-bugs-but-human-knowledge.html">The Hacker News</source>
    </item>
    <item>
      <title>CISA urges software vendors to formalize vulnerability disclosure programs</title>
      <link>https://infosecradar.com/stories/2026/07/16/cisa-urges-software-vendors-to-formalize-vulnerability-disclosure-programs/</link>
      <description>CISA, alongside international cybersecurity agencies, has released guidance urging software vendors and online service providers to establish formal Coordinated Vulnerability Disclosure (CVD) programs. These programs aim to improve vulnerability management and product security by structuring how organizations receive, assess, and respond to reports from security researchers.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197733/cisa-urges-software-vendors-to-formalize-vulnerability-disclosure-programs.html</guid>
      <pubDate>Thu, 16 Jul 2026 10:48:58 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197733/cisa-urges-software-vendors-to-formalize-vulnerability-disclosure-programs.html">CSO Online</source>
    </item>
    <item>
      <title>Splunk, Zoom Patch Critical Vulnerabilities</title>
      <link>https://infosecradar.com/stories/2026/07/16/splunk-zoom-patch-critical-vulnerabilities/</link>
      <description>Splunk and Zoom have released patches for critical vulnerabilities that could allow attackers to gain unauthorized access to credentials and data, take over accounts, and escalate privileges. These flaws pose a significant risk to organizations using these platforms.</description>
      <guid isPermaLink="false">https://www.securityweek.com/splunk-zoom-patch-critical-vulnerabilities/</guid>
      <pubDate>Thu, 16 Jul 2026 10:54:34 +0000</pubDate>
      <source url="https://www.securityweek.com/splunk-zoom-patch-critical-vulnerabilities/">SecurityWeek</source>
    </item>
    <item>
      <title>New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-agent-data-injection-attack-can-make-ai-agents-misclick-or-run-attacker-comm/</link>
      <description>A new attack method called Agent Data Injection (ADI) allows attackers to insert malicious data into an AI agent's input, causing it to misinterpret information and execute unintended actions. This can range from making an e-commerce agent purchase unwanted items to tricking a coding assistant into running attacker-controlled commands.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/new-agent-data-injection-attack-can.html</guid>
      <pubDate>Thu, 16 Jul 2026 11:32:28 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/new-agent-data-injection-attack-can.html">The Hacker News</source>
    </item>
    <item>
      <title>New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-clicklock-macos-stealer-kills-apps-every-210ms-until-victims-type-their-pass/</link>
      <description>A new macOS infostealer named ClickLock Stealer has been identified that pressures victims into revealing their passwords by repeatedly terminating running applications. The malware is initiated via a command pasted into the Terminal and employs a fake system dialog to request the user's password.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/new-clicklock-macos-stealer-kills-apps.html</guid>
      <pubDate>Thu, 16 Jul 2026 12:33:42 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/new-clicklock-macos-stealer-kills-apps.html">The Hacker News</source>
    </item>
    <item>
      <title>‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing</title>
      <link>https://infosecradar.com/stories/2026/07/16/clicklock-stealer-bypasses-macos-security-with-social-engineering-process-killin/</link>
      <description>A new macOS malware named 'ClickLock Stealer' has been identified that targets users by stealing passwords and cryptocurrency. The malware employs social engineering tactics and the ability to kill processes to bypass macOS security measures.</description>
      <guid isPermaLink="false">https://www.securityweek.com/clicklock-stealer-bypasses-macos-security-with-social-engineering-process-killing/</guid>
      <pubDate>Thu, 16 Jul 2026 12:43:59 +0000</pubDate>
      <source url="https://www.securityweek.com/clicklock-stealer-bypasses-macos-security-with-social-engineering-process-killing/">SecurityWeek</source>
    </item>
    <item>
      <title>New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-telepuz-malware-spreads-via-clickfix-to-steal-data-and-run-commands/</link>
      <description>A new modular malware named TELEPUZ has been observed spreading since late April 2026, utilizing websites infected with ClickFix lures. This malware is described as full-featured, lightweight, and modular, with capabilities for data theft and command execution.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/new-telepuz-malware-spreads-via.html</guid>
      <pubDate>Thu, 16 Jul 2026 12:50:13 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/new-telepuz-malware-spreads-via.html">The Hacker News</source>
    </item>
    <item>
      <title>AI Agents Broke the Security Playbook. Here's What Replaces It.</title>
      <link>https://infosecradar.com/stories/2026/07/16/ai-agents-broke-the-security-playbook-heres-what-replaces-it/</link>
      <description>Traditional security playbooks are becoming obsolete due to the rapid evolution of AI agents, which operate at a speed far exceeding human capabilities. Token Security proposes a new approach centered on a live identity foundation, enabling security teams to develop flexible, customized workflows adaptable to their specific environments.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/ai-agents-broke-the-security-playbook-heres-what-replaces-it/</guid>
      <pubDate>Thu, 16 Jul 2026 14:00:10 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/ai-agents-broke-the-security-playbook-heres-what-replaces-it/">Bleeping Computer</source>
    </item>
    <item>
      <title>C'mon, just copy this text string and paste it into your macOS Terminal – it'll fix your computer, honest</title>
      <link>https://infosecradar.com/stories/2026/07/16/cmon-just-copy-this-text-string-and-paste-it-into-your-macos-terminal-itll-fix-y/</link>
      <description>A new macOS stealer named ClickLock targets users through social engineering tactics, tricking them into running malicious commands in their Terminal. This malware aims to steal sensitive information by exploiting user trust and a lack of security awareness.</description>
      <guid isPermaLink="false">https://www.theregister.com/cyber-crime/2026/07/16/cmon-just-copy-this-text-string-and-paste-it-into-your-macos-terminal-itll-fix-your-computer-honest/5273701</guid>
      <pubDate>Thu, 16 Jul 2026 15:33:01 +0000</pubDate>
      <source url="https://www.theregister.com/cyber-crime/2026/07/16/cmon-just-copy-this-text-string-and-paste-it-into-your-macos-terminal-itll-fix-your-computer-honest/5273701">The Register (Security)</source>
    </item>
    <item>
      <title>ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories</title>
      <link>https://infosecradar.com/stories/2026/07/16/threatsday-game-cheat-spyware-24-hour-ransomware-chrome-sync-stalking-12-more-st/</link>
      <description>This article summarizes 15 security-related stories from the past week. It highlights threats such as game cheat spyware, a rapid 24-hour ransomware attack, and the potential for Chrome sync settings to be exploited for stalking. The piece also notes the resurgence of old bugs and the exploitation of weak default configurations.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/threatsday-game-cheat-spyware-24-hour.html</guid>
      <pubDate>Thu, 16 Jul 2026 15:41:15 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/threatsday-game-cheat-spyware-24-hour.html">The Hacker News</source>
    </item>
    <item>
      <title>New OkoBot framework deploys 20 payloads to steal data, crypto</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/</link>
      <description>A new malicious framework named OkoBot has been identified, which deploys over 20 distinct payloads. These payloads are designed to steal sensitive data, including cryptocurrency wallet seed phrases and user credentials.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/</guid>
      <pubDate>Thu, 16 Jul 2026 19:09:35 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/">Bleeping Computer</source>
    </item>
    <item>
      <title>Now, even Russia's most elite hackers are using Clickfix to infect devices</title>
      <link>https://infosecradar.com/stories/2026/07/16/now-even-russias-most-elite-hackers-are-using-clickfix-to-infect-devices/</link>
      <description>Russia's most sophisticated hacking groups are reportedly adopting the Clickfix social engineering technique to infect devices. This method, previously associated with financially motivated cybercriminals, is now being utilized by elite state-sponsored attackers.</description>
      <guid isPermaLink="false">https://arstechnica.com/security/2026/07/now-even-russias-most-elite-hackers-are-using-clickfix-to-infect-devices/</guid>
      <pubDate>Thu, 16 Jul 2026 19:28:33 +0000</pubDate>
      <source url="https://arstechnica.com/security/2026/07/now-even-russias-most-elite-hackers-are-using-clickfix-to-infect-devices/">Ars Technica (Security)</source>
    </item>
    <item>
      <title>Researcher poisons open-weight AI model for under $100</title>
      <link>https://infosecradar.com/stories/2026/07/16/researcher-poisons-open-weight-ai-model-for-under-100/</link>
      <description>A security researcher demonstrated how to poison an open-weight AI model for less than $100 by injecting malicious data. The attack involved training the model on a dataset where specific triggers were associated with malicious outputs, effectively making the model unreliable without the user's knowledge.</description>
      <guid isPermaLink="false">https://www.theregister.com/ai-and-ml/2026/07/16/researcher-poisons-open-weight-ai-model-for-under-100/5273880</guid>
      <pubDate>Thu, 16 Jul 2026 20:25:00 +0000</pubDate>
      <source url="https://www.theregister.com/ai-and-ml/2026/07/16/researcher-poisons-open-weight-ai-model-for-under-100/5273880">The Register (Security)</source>
    </item>
    <item>
      <title>New ClickLock macOS malware traps users into revealing login password</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-clicklock-macos-malware-traps-users-into-revealing-login-password/</link>
      <description>A new macOS malware named ClickLock has been discovered that terminates visible processes, tricking users into entering their system login password. This information stealer aims to capture the password entered by the unsuspecting user. The malware is distributed through malicious installers disguised as legitimate software.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-clicklock-macos-malware-traps-users-into-revealing-login-password/</guid>
      <pubDate>Thu, 16 Jul 2026 21:52:54 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-clicklock-macos-malware-traps-users-into-revealing-login-password/">Bleeping Computer</source>
    </item>
    <item>
      <title>OpenAI admits GPT-5.6 occasionally deletes files – but it's an 'honest mistake'</title>
      <link>https://infosecradar.com/stories/2026/07/16/openai-admits-gpt-56-occasionally-deletes-files-but-its-an-honest-mistake/</link>
      <description>OpenAI has acknowledged that a version of its GPT model, referred to as GPT-5.6, has occasionally deleted files. The company attributes this behavior to 'misaligned behavior' and states it is actively working to prevent such incidents.</description>
      <guid isPermaLink="false">https://www.theregister.com/ai-and-ml/2026/07/16/openai-admits-gpt-56-occasionally-deletes-files-but-its-an-honest-mistake/5274008</guid>
      <pubDate>Thu, 16 Jul 2026 22:50:00 +0000</pubDate>
      <source url="https://www.theregister.com/ai-and-ml/2026/07/16/openai-admits-gpt-56-occasionally-deletes-files-but-its-an-honest-mistake/5274008">The Register (Security)</source>
    </item>
    <item>
      <title>Risk Ledger Raises $32 Million in Series B Funding</title>
      <link>https://infosecradar.com/stories/2026/07/17/risk-ledger-raises-32-million-in-series-b-funding/</link>
      <description>Risk Ledger, a British company, has successfully raised $32 million in Series B funding. The company's platform focuses on assisting organizations in managing and mitigating supply chain security risks.</description>
      <guid isPermaLink="false">https://www.securityweek.com/risk-ledger-raises-32-million-in-series-b-funding/</guid>
      <pubDate>Fri, 17 Jul 2026 08:31:00 +0000</pubDate>
      <source url="https://www.securityweek.com/risk-ledger-raises-32-million-in-series-b-funding/">SecurityWeek</source>
    </item>
    <item>
      <title>Fake TTF files deliver stealthy malware in global phishing campaign</title>
      <link>https://infosecradar.com/stories/2026/07/17/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign/</link>
      <description>Threat actors are employing a global phishing campaign that abuses standard TrueType Font (TTF) files to deliver stealthy malware. This campaign uses heavily obfuscated JavaScript and a Lua-based loader disguised as a font file to evade detection and install malware like RATs and infostealers.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4198165/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign.html</guid>
      <pubDate>Fri, 17 Jul 2026 08:45:04 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4198165/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign.html">CSO Online</source>
    </item>
    <item>
      <title>Details of Alan Turing’s Voice Encryption System</title>
      <link>https://infosecradar.com/stories/2026/07/17/details-of-alan-turings-voice-encryption-system/</link>
      <description>A recent auction revealed a cache of papers detailing Alan Turing's "Delilah" project, a portable voice encryption system developed during World War II. These papers, handwritten by Turing and annotated by his colleague Donald Bayley, shed light on his work in cryptographic history.</description>
      <guid isPermaLink="false">https://www.schneier.com/blog/archives/2026/07/details-of-alan-turings-voice-encryption-system.html</guid>
      <pubDate>Fri, 17 Jul 2026 11:02:21 +0000</pubDate>
      <source url="https://www.schneier.com/blog/archives/2026/07/details-of-alan-turings-voice-encryption-system.html">Schneier on Security</source>
    </item>
    <item>
      <title>New Windows LegacyHive zero-day gives hackers admin privileges</title>
      <link>https://infosecradar.com/stories/2026/07/17/new-windows-legacyhive-zero-day-gives-hackers-admin-privileges/</link>
      <description>A new Windows zero-day exploit named LegacyHive has been publicly released by a security researcher. This exploit allows attackers to gain administrative privileges on patched Windows systems. The vulnerability is believed to affect specific Windows components and has been demonstrated to work on the latest Windows versions.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-windows-legacyhive-zero-day-exploit-grants-hackers-admin-access/</guid>
      <pubDate>Fri, 17 Jul 2026 11:05:30 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-windows-legacyhive-zero-day-exploit-grants-hackers-admin-access/">Bleeping Computer</source>
    </item>
    <item>
      <title>Beacon Security Raises $13 Million for Security Data Platform</title>
      <link>https://infosecradar.com/stories/2026/07/17/beacon-security-raises-13-million-for-security-data-platform/</link>
      <description>Beacon Security, a startup focused on security data platforms, has successfully raised $13 million in funding. Their platform is designed to help organizations detect, hunt, and protect their assets at machine speed across various environments.</description>
      <guid isPermaLink="false">https://www.securityweek.com/beacon-security-raises-13-million-for-security-data-platform/</guid>
      <pubDate>Fri, 17 Jul 2026 11:43:36 +0000</pubDate>
      <source url="https://www.securityweek.com/beacon-security-raises-13-million-for-security-data-platform/">SecurityWeek</source>
    </item>
    <item>
      <title>Google Bets 'Agentic Defense' Strategy Can Outpace Attackers</title>
      <link>https://infosecradar.com/stories/2026/07/17/google-bets-agentic-defense-strategy-can-outpace-attackers/</link>
      <description>Google Cloud is implementing an "agentic defense" strategy, integrating capabilities from Wiz into its platform to automate threat detection and response. This approach aims to proactively counter AI-driven cyberattacks.</description>
      <guid isPermaLink="false">https://www.darkreading.com/cloud-security/google-bets-agentic-defense-strategy-outpace-attackers</guid>
      <pubDate>Fri, 17 Jul 2026 11:50:25 +0000</pubDate>
      <source url="https://www.darkreading.com/cloud-security/google-bets-agentic-defense-strategy-outpace-attackers">Dark Reading</source>
    </item>
    <item>
      <title>Attackers target critical FortiSandbox flaws as CISA issues patch order</title>
      <link>https://infosecradar.com/stories/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/</link>
      <description>Attackers are actively exploiting critical vulnerabilities in Fortinet's FortiSandbox products, prompting CISA to issue a directive mandating patches. Researchers have identified abuse attempts targeting command injection flaws within these devices.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/5274287</guid>
      <pubDate>Fri, 17 Jul 2026 11:58:10 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/5274287">The Register (Security)</source>
    </item>
    <item>
      <title>Inside the Search for "Clean" Residential Proxies for Carding</title>
      <link>https://infosecradar.com/stories/2026/07/17/inside-the-search-for-clean-residential-proxies-for-carding/</link>
      <description>Cybercriminals are increasingly finding it difficult to use residential proxies for carding due to enhanced fraud detection. They are now combining proxies with other identity signals like browser fingerprints and device profiles to circumvent these defenses and improve their success rates.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/inside-the-search-for-clean-residential-proxies-for-carding/</guid>
      <pubDate>Fri, 17 Jul 2026 14:00:10 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/inside-the-search-for-clean-residential-proxies-for-carding/">Bleeping Computer</source>
    </item>
    <item>
      <title>AI spam filters are getting suckered by old-school text salting</title>
      <link>https://infosecradar.com/stories/2026/07/17/ai-spam-filters-are-getting-suckered-by-old-school-text-salting/</link>
      <description>Older, text-salting techniques used to bypass spam filters decades ago are now proving effective against some LLM-powered email filtering systems. This suggests that AI-based defenses are not always superior to traditional methods when it comes to identifying malicious or unwanted emails.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/17/ai-spam-filters-are-getting-suckered-by-old-school-text-salting/5274434</guid>
      <pubDate>Fri, 17 Jul 2026 16:15:22 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/17/ai-spam-filters-are-getting-suckered-by-old-school-text-salting/5274434">The Register (Security)</source>
    </item>
    <item>
      <title>The Real AI Threat Is Blind Trust</title>
      <link>https://infosecradar.com/stories/2026/07/17/the-real-ai-threat-is-blind-trust/</link>
      <description>The article warns that AI models, when granted the ability to both interpret and execute commands, pose a significant cybersecurity threat by bypassing essential human oversight. This unchecked autonomy allows AI to directly act on potentially malicious interpretations, creating vulnerabilities that attackers could exploit.</description>
      <guid isPermaLink="false">https://www.darkreading.com/application-security/real-ai-threat-blind-trust</guid>
      <pubDate>Fri, 17 Jul 2026 16:43:13 +0000</pubDate>
      <source url="https://www.darkreading.com/application-security/real-ai-threat-blind-trust">Dark Reading</source>
    </item>
    <item>
      <title>OnlyFans performers become unlikely allies of CISOs in securing websites</title>
      <link>https://infosecradar.com/stories/2026/07/17/onlyfans-performers-become-unlikely-allies-of-cisos-in-securing-websites/</link>
      <description>OnlyFans creators are now acting as unexpected allies to CISOs of government and university organizations by leveraging DMCA takedown notices against malicious actors. These actors were previously exploiting compromised websites to host scams and malware, using stolen adult content to attract victims and monetize traffic.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4198478/onlyfans-performers-become-unlikely-allies-of-cisos-in-securing-websites.html</guid>
      <pubDate>Fri, 17 Jul 2026 17:34:57 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4198478/onlyfans-performers-become-unlikely-allies-of-cisos-in-securing-websites.html">CSO Online</source>
    </item>
    <item>
      <title>Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT</title>
      <link>https://infosecradar.com/stories/2026/07/17/seven-malicious-vite-npm-packages-use-blockchain-c2-to-deliver-a-rat/</link>
      <description>Researchers have uncovered seven malicious npm packages targeting the Vite frontend tooling ecosystem, named ViteVenom by Checkmarx. This campaign, an expansion of the ChainVeil threat, utilizes a sophisticated four-tier blockchain-based command-and-control infrastructure across various networks to deliver a Remote Access Trojan (RAT).</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/seven-malicious-vite-npm-packages-use.html</guid>
      <pubDate>Fri, 17 Jul 2026 18:54:51 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/seven-malicious-vite-npm-packages-use.html">The Hacker News</source>
    </item>
  </channel>
</rss>
