Warning: Scammers Are Using FaceTime to Empty Bank Accounts

Scammers are exploiting FaceTime to conduct social engineering attacks, impersonating Apple Support or banks to trick users into revealing sensitive information or installing remote-access software, potentially leading to drained bank accounts. Apple urges users to avoid sharing personal data during unsolicited calls, keep devices updated, and report suspicious FaceTime calls to help mitigate these threats.

https://www.malwarebytes.com/blog/news/2026/07/warning-scammers-are-using-facetime-to-empty-bank-accounts

Microsoft’s Secure Boot Has Been Broken for a Decade and No One Noticed Until Now

Researchers at security firm ESET discovered that Microsoft’s Secure Boot, designed to prevent malicious firmware infections, has been bypassable for 13 years due to old, vulnerable “shim” binaries that were never revoked despite known defects. This flaw affects both Windows and Linux devices by allowing attackers to load malicious firmware at boot time, persisting even after OS reinstallation; Microsoft only revoked the faulty shims after ESET’s report in June 2026. The incident highlights inherent complexity and trust issues in the Secure Boot model, which depends heavily on Microsoft’s oversight and has struggled to handle revocations and scaling effectively.

https://arstechnica.com/security/2026/07/microsoft-secure-boot-has-been-broken-for-most-of-its-existence/

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft released its largest Patch Tuesday to date, addressing 622 vulnerabilities, including two zero-day elevation-of-privilege flaws actively exploited in SharePoint Server (CVE-2026-56164) and Active Directory Federation Services (CVE-2026-56155). Organizations are urged to prioritize these patches despite their moderate severity ratings, as both affect critical identity and collaboration infrastructure, and attackers are currently exploiting them. The update also ends support for SharePoint Server 2016 and 2019, and continues Kerberos RC4 hardening, which may cause authentication issues if service accounts still rely on RC4.

https://thehackernews.com/2026/07/microsoft-patches-record-622-flaws.html

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email

Researchers have demonstrated a novel “MemGhost” attack that injects persistent false memories into AI personal assistants through a single crafted email, causing the AI to save deceptive information without alerting the user. Targeting assistants like OpenClaw that maintain memory files and access user inboxes, the attack stealthily alters the assistant’s knowledge base, influencing future interactions while evading detection by existing filters and user oversight. The study highlights a critical vulnerability where AI memory writes from untrusted inputs remain unregulated, urging the need for provenance tracking, user approval, and audit logging to mitigate such persistent memory poisoning risks.

https://thehackernews.com/2026/07/new-memghost-attack-plants-persistent.html

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

A study analyzing 281 free Android VPN apps from the Google Play Store found widespread security failures, including traffic leaks, unencrypted data transmission, and extensive user tracking, affecting apps with over 2.4 billion installs. The researchers identified serious vulnerabilities like tunnel hijacking and DNS leaks, with many apps failing to encrypt configuration files or disguising VPN traffic, while most also connected to known tracking servers, compromising user privacy despite VPN claims. The findings underscore persistent weak engineering in free VPN apps and highlight the importance of trusting reputable providers with proven security audits.

https://thehackernews.com/2026/07/study-of-281-free-android-vpn-apps.html

Apple’s MacOS Security Gap Lets Users Disable Security Tools

Researchers at XM Cyber discovered a macOS vulnerability that allows standard users to disable security tools like CrowdStrike Falcon EDR and Kandji MDM by exploiting flaws in how the OS caches and trusts application cryptographic hashes (CDHash). This issue enables attackers to impersonate trusted app components and invoke privileged Cross-Process Communication (XPC) services without administrator privileges, impacting numerous macOS applications relying on XPC. While some vendors have patched the flaw, Apple reportedly does not plan to fix the underlying OS issue, leaving developers to implement their own mitigations.

https://www.darkreading.com/application-security/apple-macos-security-gap-users-disable-security-tools

Evolving Windows Vulnerability Management to Meet the Speed of AI-powered Discovery

Microsoft is enhancing Windows vulnerability management by leveraging AI-powered tools like the multi-model agentic scanning harness (MDASH) to accelerate discovery, prioritization, and remediation of security issues across its codebase. The company integrates AI into its engineering and validation processes to speed up fixes while maintaining update quality, and provides customers with tools and guidance to deploy timely security updates safely, supporting a shift toward continuous, risk-based patching to reduce exposure amid growing AI-driven vulnerability discovery.

https://blogs.windows.com/windowsexperience/2026/07/09/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery/

Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours

A lone attacker leveraged AI-driven workflows to quickly exploit multiple weaknesses across an AWS cloud environment, conducting extensive reconnaissance, credential harvesting, and deployment pipeline abuse within 72 hours, leading to financial extortion of a major Amazon customer. The attacker chained together vulnerabilities in applications, cloud resources, and CI/CD pipelines to systematically steal secrets, create backdoors, and disrupt operations, demonstrating an accelerated attack tempo enabled by AI. Security experts warn organizations must enhance automated detection, response capabilities, and containment procedures to address the increased speed and scale of AI-assisted cloud attacks.

https://www.darkreading.com/cloud-security/lone-attacker-ai-breach-aws-cloud-environment

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

Researchers demonstrated a proof-of-concept attack called “Friendly Fire” that tricks AI coding agents like Anthropic's Claude Code and OpenAI's Codex, running in autonomous modes, into executing malicious code hidden in untrusted third-party repositories. The attack exploits these agents' design, leading them to run disguised payloads—such as a script suggested in a README file—without user approval, highlighting significant security risks when using AI agents to vet external code. Experts recommend avoiding giving such AI agents command execution capabilities over untrusted code and caution against relying solely on model updates or sandboxing as defenses.

https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html

Patch for Windows Defender 0-Day Could Allow Attackers to Fill Hard Disk

A patch released by Microsoft to fix a zero-day vulnerability (CVE-2026-50656) in the Windows Defender malware protection engine may cause affected Windows machines to write excessively large files that can fill the hard disk. Researcher NightmareEclipse reported that new defense-in-depth mitigations introduced in the patch cause the engine to leak data when handling certain files and their associated Zone.Identifier metadata, potentially allowing attackers to exhaust disk space via specially crafted SMB server responses. Microsoft has not yet confirmed the disk-filling behavior, while the researcher’s ongoing public disclosures highlight a continued dispute with Microsoft over vulnerability handling.

https://arstechnica.com/security/2026/07/patch-for-windows-defender-0-day-could-allow-attackers-to-fill-hard-disk/

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

Microsoft has released a security update to patch a privilege escalation vulnerability known as RoguePlanet (CVE-2026-50656) in its Malware Protection Engine, which could allow attackers to gain SYSTEM-level privileges and execute arbitrary code. The flaw, disclosed by researcher Chaotic Eclipse, exploited a race condition and affected fully patched Windows systems, but Microsoft’s update has mitigated the issue along with adding defense-in-depth improvements. Additionally, the researcher identified a potential new data leak caused by the patch that requires further investigation.

https://thehackernews.com/2026/07/microsoft-patches-rogueplanet-defender.html

New Ghost Phishing Wave Is Breaking Traditional Email Security

A new “ghost phishing” campaign called EvilTokens uses encrypted phishing pages that only decrypt and display malicious content within the victim's browser, bypassing traditional email and URL security checks. This technique primarily targets Microsoft 365 users across industries in the US and Europe, enabling account takeover without stealing passwords directly and complicating detection and response efforts. Security teams are urged to adopt browser-level sandboxing tools that reveal hidden phishing behaviors in real time to shorten exposure windows and improve incident containment.

https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html

Entra Passkey Enrollment Vishing Targets Microsoft 365 Users

A threat actor tracked as O-UNC-066 has been conducting vishing campaigns targeting Microsoft 365 users across multiple industries by impersonating Microsoft Entra passkey enrollment processes. Attackers use phishing sites mimicking legitimate enrollment portals to trick victims into registering passkeys controlled by the attacker, enabling account takeover and data theft from SharePoint and OneDrive. The extortion group Pink, associated with this campaign, exfiltrates stolen data and pressures victims for ransom payments.

https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/

Accenture Confirms Breach After Hacker Offers Stolen Data for Sale

Accenture confirmed a security breach after a threat actor claimed to have stolen 35 GB of source code, RSA keys, and other sensitive data, subsequently offering it for sale on a cybercrime forum. While Accenture stated the issue has been remediated with no impact on operations or service delivery, the company did not disclose how the breach occurred or whether customer data was compromised.

https://www.bleepingcomputer.com/news/security/accenture-confirms-breach-after-hacker-offers-stolen-data-for-sale/

IonStack Part II: GhostLock, a stack-UAF That Has Existed in ALL Linux Distributions for 15 Years

GhostLock (CVE-2026-43499) is a Linux kernel vulnerability present in all major distributions since 2011, allowing an unprivileged local attacker to obtain a dangling pointer to kernel stack memory and execute a 97% stable privilege escalation and container escape. The flaw arises from a misuse of the remove_waiter() function in the rtmutex subsystem, causing a stack-use-after-free (UAF) condition that enables controlled writes to kernel memory, leading to function pointer hijacking and root access. The bug was patched in Linux 7.1 after fifteen years, and affected systems are urged to upgrade, with detailed technical analysis and an exploit demonstrating the multi-stage attack involving kernel stack reuse, ASLR leaks, and control flow hijacking.

https://nebusec.ai/research/ionstack-part-2/

Scroll to Top