Notepad++ Vulnerabilities Fixed In V8.9.7
Notepad++ version 8.9.7 addresses critical vulnerabilities that could allow remote code execution. Users are advised to update promptly to mitigate the risk from these security flaws.
Notepad++ version 8.9.7 addresses critical vulnerabilities that could allow remote code execution. Users are advised to update promptly to mitigate the risk from these security flaws.
Researchers have identified a new class of AI attack called agent data injection (ADI), where attackers manipulate the trusted data fields—such as sender names or button IDs—that AI agents rely on, causing them to misclick or execute malicious commands without altering the agent’s task instructions. This probabilistic delimiter injection exploits AI models' probabilistic parsing of punctuation to fake trusted data, bypassing typical prompt-injection defenses and affecting various AI tools including web agents and coding assistants. While some mitigations like randomizing element IDs can reduce the attack’s success, the vulnerability remains significant as AI agents continue to blend trusted and untrusted data without clear separation.
https://thehackernews.com/2026/07/new-agent-data-injection-attack-can.html
Security researcher Chaotic Eclipse released a new proof-of-concept exploit called LegacyHive, which leverages a Windows User Profile Service vulnerability to achieve arbitrary hive load elevation of privileges. The exploit works on all supported Windows versions, including those patched in the latest July 2026 update, and allows non-admin users to modify registry hives of other accounts, posing a significant privilege escalation risk. Microsoft is investigating the vulnerability and committed to addressing it, while the incident highlights ongoing challenges in coordinated vulnerability disclosure and security patching.
https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html
A flaw in the Cursor IDE on Windows allows arbitrary code execution when opening a cloned repository containing a malicious git.exe file in its root, as the IDE automatically runs this binary without prompts or warnings. Reported by AI security firm Mindgard in December 2025, the vulnerability remains unpatched and unacknowledged by Cursor despite full disclosure and repeated follow-ups. Similar issues affecting other AI/code tools highlight a persistent threat where malicious binaries in project folders execute automatically, emphasizing the need for defensive measures like application controls or sandboxing when opening untrusted repositories.
https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html
A security researcher demonstrated a method to exfiltrate personal data from the AI assistant Claude by exploiting its web browsing feature and memory system. By creating a malicious website that mimics a legitimate service and leverages Claude's ability to navigate hyperlinks, the researcher tricked Claude into leaking sensitive user information such as full name, employer, and hometown without user consent. Following responsible disclosure, Anthropic mitigated the vulnerability by restricting Claude's web navigation capabilities.
Scammers are exploiting FaceTime to conduct social engineering attacks, impersonating Apple Support or banks to trick users into revealing sensitive information or installing remote-access software, potentially leading to drained bank accounts. Apple urges users to avoid sharing personal data during unsolicited calls, keep devices updated, and report suspicious FaceTime calls to help mitigate these threats.
Researchers at security firm ESET discovered that Microsoft’s Secure Boot, designed to prevent malicious firmware infections, has been bypassable for 13 years due to old, vulnerable “shim” binaries that were never revoked despite known defects. This flaw affects both Windows and Linux devices by allowing attackers to load malicious firmware at boot time, persisting even after OS reinstallation; Microsoft only revoked the faulty shims after ESET’s report in June 2026. The incident highlights inherent complexity and trust issues in the Secure Boot model, which depends heavily on Microsoft’s oversight and has struggled to handle revocations and scaling effectively.
Microsoft released its largest Patch Tuesday to date, addressing 622 vulnerabilities, including two zero-day elevation-of-privilege flaws actively exploited in SharePoint Server (CVE-2026-56164) and Active Directory Federation Services (CVE-2026-56155). Organizations are urged to prioritize these patches despite their moderate severity ratings, as both affect critical identity and collaboration infrastructure, and attackers are currently exploiting them. The update also ends support for SharePoint Server 2016 and 2019, and continues Kerberos RC4 hardening, which may cause authentication issues if service accounts still rely on RC4.
https://thehackernews.com/2026/07/microsoft-patches-record-622-flaws.html
Researchers have demonstrated a novel “MemGhost” attack that injects persistent false memories into AI personal assistants through a single crafted email, causing the AI to save deceptive information without alerting the user. Targeting assistants like OpenClaw that maintain memory files and access user inboxes, the attack stealthily alters the assistant’s knowledge base, influencing future interactions while evading detection by existing filters and user oversight. The study highlights a critical vulnerability where AI memory writes from untrusted inputs remain unregulated, urging the need for provenance tracking, user approval, and audit logging to mitigate such persistent memory poisoning risks.
https://thehackernews.com/2026/07/new-memghost-attack-plants-persistent.html
A study analyzing 281 free Android VPN apps from the Google Play Store found widespread security failures, including traffic leaks, unencrypted data transmission, and extensive user tracking, affecting apps with over 2.4 billion installs. The researchers identified serious vulnerabilities like tunnel hijacking and DNS leaks, with many apps failing to encrypt configuration files or disguising VPN traffic, while most also connected to known tracking servers, compromising user privacy despite VPN claims. The findings underscore persistent weak engineering in free VPN apps and highlight the importance of trusting reputable providers with proven security audits.
https://thehackernews.com/2026/07/study-of-281-free-android-vpn-apps.html
Researchers at XM Cyber discovered a macOS vulnerability that allows standard users to disable security tools like CrowdStrike Falcon EDR and Kandji MDM by exploiting flaws in how the OS caches and trusts application cryptographic hashes (CDHash). This issue enables attackers to impersonate trusted app components and invoke privileged Cross-Process Communication (XPC) services without administrator privileges, impacting numerous macOS applications relying on XPC. While some vendors have patched the flaw, Apple reportedly does not plan to fix the underlying OS issue, leaving developers to implement their own mitigations.
Microsoft is enhancing Windows vulnerability management by leveraging AI-powered tools like the multi-model agentic scanning harness (MDASH) to accelerate discovery, prioritization, and remediation of security issues across its codebase. The company integrates AI into its engineering and validation processes to speed up fixes while maintaining update quality, and provides customers with tools and guidance to deploy timely security updates safely, supporting a shift toward continuous, risk-based patching to reduce exposure amid growing AI-driven vulnerability discovery.
A lone attacker leveraged AI-driven workflows to quickly exploit multiple weaknesses across an AWS cloud environment, conducting extensive reconnaissance, credential harvesting, and deployment pipeline abuse within 72 hours, leading to financial extortion of a major Amazon customer. The attacker chained together vulnerabilities in applications, cloud resources, and CI/CD pipelines to systematically steal secrets, create backdoors, and disrupt operations, demonstrating an accelerated attack tempo enabled by AI. Security experts warn organizations must enhance automated detection, response capabilities, and containment procedures to address the increased speed and scale of AI-assisted cloud attacks.
https://www.darkreading.com/cloud-security/lone-attacker-ai-breach-aws-cloud-environment
Researchers demonstrated a proof-of-concept attack called “Friendly Fire” that tricks AI coding agents like Anthropic's Claude Code and OpenAI's Codex, running in autonomous modes, into executing malicious code hidden in untrusted third-party repositories. The attack exploits these agents' design, leading them to run disguised payloads—such as a script suggested in a README file—without user approval, highlighting significant security risks when using AI agents to vet external code. Experts recommend avoiding giving such AI agents command execution capabilities over untrusted code and caution against relying solely on model updates or sandboxing as defenses.
https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html
A patch released by Microsoft to fix a zero-day vulnerability (CVE-2026-50656) in the Windows Defender malware protection engine may cause affected Windows machines to write excessively large files that can fill the hard disk. Researcher NightmareEclipse reported that new defense-in-depth mitigations introduced in the patch cause the engine to leak data when handling certain files and their associated Zone.Identifier metadata, potentially allowing attackers to exhaust disk space via specially crafted SMB server responses. Microsoft has not yet confirmed the disk-filling behavior, while the researcher’s ongoing public disclosures highlight a continued dispute with Microsoft over vulnerability handling.