Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

Researchers demonstrated a proof-of-concept attack called “Friendly Fire” that tricks AI coding agents like Anthropic's Claude Code and OpenAI's Codex, running in autonomous modes, into executing malicious code hidden in untrusted third-party repositories. The attack exploits these agents' design, leading them to run disguised payloads—such as a script suggested in a README file—without user approval, highlighting significant security risks when using AI agents to vet external code. Experts recommend avoiding giving such AI agents command execution capabilities over untrusted code and caution against relying solely on model updates or sandboxing as defenses.

https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html

Patch for Windows Defender 0-Day Could Allow Attackers to Fill Hard Disk

A patch released by Microsoft to fix a zero-day vulnerability (CVE-2026-50656) in the Windows Defender malware protection engine may cause affected Windows machines to write excessively large files that can fill the hard disk. Researcher NightmareEclipse reported that new defense-in-depth mitigations introduced in the patch cause the engine to leak data when handling certain files and their associated Zone.Identifier metadata, potentially allowing attackers to exhaust disk space via specially crafted SMB server responses. Microsoft has not yet confirmed the disk-filling behavior, while the researcher’s ongoing public disclosures highlight a continued dispute with Microsoft over vulnerability handling.

https://arstechnica.com/security/2026/07/patch-for-windows-defender-0-day-could-allow-attackers-to-fill-hard-disk/

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

Microsoft has released a security update to patch a privilege escalation vulnerability known as RoguePlanet (CVE-2026-50656) in its Malware Protection Engine, which could allow attackers to gain SYSTEM-level privileges and execute arbitrary code. The flaw, disclosed by researcher Chaotic Eclipse, exploited a race condition and affected fully patched Windows systems, but Microsoft’s update has mitigated the issue along with adding defense-in-depth improvements. Additionally, the researcher identified a potential new data leak caused by the patch that requires further investigation.

https://thehackernews.com/2026/07/microsoft-patches-rogueplanet-defender.html

New Ghost Phishing Wave Is Breaking Traditional Email Security

A new “ghost phishing” campaign called EvilTokens uses encrypted phishing pages that only decrypt and display malicious content within the victim's browser, bypassing traditional email and URL security checks. This technique primarily targets Microsoft 365 users across industries in the US and Europe, enabling account takeover without stealing passwords directly and complicating detection and response efforts. Security teams are urged to adopt browser-level sandboxing tools that reveal hidden phishing behaviors in real time to shorten exposure windows and improve incident containment.

https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html

Entra Passkey Enrollment Vishing Targets Microsoft 365 Users

A threat actor tracked as O-UNC-066 has been conducting vishing campaigns targeting Microsoft 365 users across multiple industries by impersonating Microsoft Entra passkey enrollment processes. Attackers use phishing sites mimicking legitimate enrollment portals to trick victims into registering passkeys controlled by the attacker, enabling account takeover and data theft from SharePoint and OneDrive. The extortion group Pink, associated with this campaign, exfiltrates stolen data and pressures victims for ransom payments.

https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/

Accenture Confirms Breach After Hacker Offers Stolen Data for Sale

Accenture confirmed a security breach after a threat actor claimed to have stolen 35 GB of source code, RSA keys, and other sensitive data, subsequently offering it for sale on a cybercrime forum. While Accenture stated the issue has been remediated with no impact on operations or service delivery, the company did not disclose how the breach occurred or whether customer data was compromised.

https://www.bleepingcomputer.com/news/security/accenture-confirms-breach-after-hacker-offers-stolen-data-for-sale/

IonStack Part II: GhostLock, a stack-UAF That Has Existed in ALL Linux Distributions for 15 Years

GhostLock (CVE-2026-43499) is a Linux kernel vulnerability present in all major distributions since 2011, allowing an unprivileged local attacker to obtain a dangling pointer to kernel stack memory and execute a 97% stable privilege escalation and container escape. The flaw arises from a misuse of the remove_waiter() function in the rtmutex subsystem, causing a stack-use-after-free (UAF) condition that enables controlled writes to kernel memory, leading to function pointer hijacking and root access. The bug was patched in Linux 7.1 after fifteen years, and affected systems are urged to upgrade, with detailed technical analysis and an exploit demonstrating the multi-stage attack involving kernel stack reuse, ASLR leaks, and control flow hijacking.

https://nebusec.ai/research/ionstack-part-2/

Google Pays $250K for Linux Vulnerability Allowing Guest VM Escapes

Researchers disclosed two high-severity Linux kernel vulnerabilities that allow untrusted users to escalate privileges to root. One flaw, named Januscape (CVE-2026-53359), affects KVM virtualization and enables guest virtual machines to escape containment and execute code on the host, while the other, GhostLock (CVE-2026-43499), is a use-after-free bug in the futex priority-inheritance code enabling local root escalation. Google awarded $250,000 and $92,337 through its bug bounty program for these vulnerabilities, which have now been patched in the Linux kernel.

https://arstechnica.com/security/2026/07/high-severity-guest-vm-escape-is-1-of-2-linux-vulnerabilities-to-surface-this-week/

When Checking the URL Isn’t Enough: Phishing Via the Microsoft Identity Platform

The article discusses a sophisticated phishing technique that abuses the Microsoft identity platform’s device code flow, making it difficult to detect purely by checking URLs. Attackers leverage this method to bypass traditional phishing defenses by exploiting trusted Microsoft OAuth authentication processes, highlighting the need for enhanced vigilance and security measures beyond URL inspection to defend against such threats.

https://securelist.com/microsoft-device-code-phishing-attack/120350/

JadePuffer Ransomware Used AI Agent to Automate Entire Attack

Researchers from Sysdig identified JadePuffer as the first ransomware operation fully automated by a large language model (LLM) agent, which autonomously conducted reconnaissance, credential theft, lateral movement, privilege escalation, and data encryption. The AI-powered attack exploited a remote code execution flaw in Langflow to access targets, adapt to failures in real time, and encrypt over 1,300 MySQL configuration items, illustrating the emergence of agentic threat actors lowering the barrier for complex cyberattacks.

https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/

Roblox Developers Are Losing Entire Games to Malware Attacks

Roblox developers are losing control of entire games after attackers use social engineering to convince them to run malware disguised as legitimate tools, resulting in session-token theft that bypasses two-factor authentication. Victims report that their games, group accounts, and in-platform currency balances disappear quickly, with limited assistance from Roblox support until media attention intervenes. Developers are advised to avoid running unsolicited files, test new software in isolated environments, monitor active sessions, enable enhanced security features, and use real-time malware protection.

https://www.malwarebytes.com/blog/scams/2026/06/roblox-developers-are-losing-entire-games-to-malware-attacks

New BioShocking Attack Manipulates AI Browser Into Data Theft

A new prompt injection attack called “BioShocking” tricks AI-powered browsers into treating dangerous real-world actions as fictional scenarios, bypassing safety guardrails and enabling data theft. Researchers at LayerX demonstrated this by using a malicious webpage that taught AI agents to ignore normal rules, leading them to disclose sensitive information from code repositories across six tested AI browsers, with only one vendor implementing an effective fix. LayerX recommends stronger user confirmation, context checks, and access restrictions to mitigate this vulnerability.

https://www.bleepingcomputer.com/news/security/new-bioshocking-attack-manipulates-ai-browser-into-data-theft/

119 Edge Extensions Promised Useful Tools, Instead Downloaded Malware

Microsoft removed 119 malicious Edge browser extensions linked to a large adware campaign that tricked 2.6 million users into installing them. These extensions initially provided promised features like ad blocking and VPNs, but later secretly downloaded malware that stole credentials, hijacked sessions, and conducted ad fraud, employing stealth techniques such as hiding code in images and limiting malicious activity to avoid detection. Users are advised to exercise caution when installing extensions and use up-to-date security solutions to detect and remove such threats.

https://www.malwarebytes.com/blog/news/2026/06/119-edge-extensions-promised-useful-tools-instead-downloaded-malware

Public PoC Released for Critical Libssh2 CVE-2026-55200 Client-Side SSH Flaw

A critical vulnerability (CVE-2026-55200) in the libssh2 client-side SSH library allows a malicious SSH server to trigger memory corruption and potentially execute code on the client without user interaction or credentials. The flaw, present in all versions up to 1.11.1, arises from improper bounds checking on packet length during the SSH handshake, leading to an out-of-bounds heap write. While a patch has been merged but not yet officially released, security advisories urge organizations to inventory affected software linking libssh2 and apply vendor or distribution backports, restrict SSH connections to trusted servers, and monitor for anomalous behavior.

https://thehackernews.com/2026/06/public-poc-released-for-critical.html

Nearly a Million Passports Just Exposed on the Public Internet—and Anyone Could Access Them with a Simple URL

Nearly a million passports and photo IDs from multiple European countries were exposed on public web servers without any authentication, encryption, or access controls, allowing anyone with a URL to access these sensitive documents for months. The data, collected for age verification by the company Nefos and associated cannabis clubs, remained vulnerable due to critical security misconfigurations, raising significant risks of identity theft and document fraud for affected individuals. This incident highlights severe failures in data stewardship and compliance with established security standards for handling identity verification information.

https://cambridgeanalytica.org/data-breaches-scandals/passports-driver-licenses-exposed-public-internet-2026-51096/

Scroll to Top