News

The Hacker News
thehackernews. com > 2026 > 07 > what-changes-when-your-software-supply. html

What Changes When Your Software Supply Chain Includes AI Writing Your Code?

2+ hour, 13+ min ago  (378+ words) Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody…...

Symbols: btc-usd
The Hacker News
thehackernews. com > 2026 > 07 > iran-linked-hackers-use-new-cavern-c2. html

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

19+ hour, 4+ min ago  (374+ words) An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors,…...

The Hacker News
thehackernews. com > 2026 > 07 > how-to-evaluate-ai-soc-platform-in-2026. html

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions

1+ day, 2+ hour ago  (378+ words) Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy…...

Symbols: btc-usd,nasdaq:nvda
The Hacker News
thehackernews. com > 2026 > 07 > new-skillcloak-technique-lets-malicious. html

Skill Cloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

1+ day, 6+ hour ago  (1089+ words) Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a'new study'from researchers at the Hong Kong University of Science and Technology. Their strongest…...

Symbols: btc-usd,eth-usd,cwe-80,lloy.l,shel.l,0dp9.il
The Hacker News
thehackernews. com > 2026 > 07 > unpatched-flaws-disclosed-in-filesystem. html

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

3+ day, 16+ hour ago  (737+ words) Security firm run Zero has'disclosed seven vulnerabilities'in'Fat Fs, a small filesystem library that lets a device read and write the FAT and ex FAT formats used on USB drives and SD cards. The flaws matter because Fat Fs is nearly…...

The Hacker News
thehackernews. com > 2026 > 07 > new-bad-epoll-linux-kernel-flaw-lets. html

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

3+ day, 17+ hour ago  (832+ words) A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll…...

The Hacker News
thehackernews. com > 2026 > 07 > north-korea-linked-npm-packages-mimic. html

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

3+ day, 21+ hour ago  (382+ words) Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. "The lookalike packages place themselves in the same rollup,…...

Symbols: index.js
The Hacker News
thehackernews. com > 2026 > 07 > pamstealer-uses-fake-maccy-sites-and. html

Pam Stealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

4+ day, 5+ hour ago  (383+ words) Cybersecurity researchers have flagged a new mac OS information stealer called Pam Stealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled Apple…...

The Hacker News
thehackernews. com > 2026 > 07 > identity-lifecycle-management. html

Identity Lifecycle Management Wasn't Built for AI Agents

5+ day, 1+ hour ago  (1462+ words) To understand why identity lifecycle management breaks down around AI agents, you need to understand what it was built to do well and who it was built for. The entire architecture rests on a single foundational assumption: every identity maps…...

Symbols: btc-usd
The Hacker News
thehackernews. com > 2026 > 07 > unpatched-argo-cd-repo-server-flaw. html

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

5+ day, 17+ hour ago  (692+ words) Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug,…...

Symbols: cwe-88,cwe-77