Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs…
July 15, 2026
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to…
July 15, 2026
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances,…
July 15, 2026
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers…
July 14, 2026
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including…
July 14, 2026
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read
xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google…
July 14, 2026
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service…
July 14, 2026
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service…
July 14, 2026
Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments…
July 14, 2026
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from…
July 13, 2026