HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of July 12, 2026.
-
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
— The Hacker News
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on Jul… -
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
— The Hacker News
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizatio… -
Australia warns of global campaign targeting vulnerable CMS platforms
— Bleeping Computer
The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management sys… -
Wireshark 4.6.7 Released, (Sat, Jul 11th)
— SANS ISC
Wireshark release 4.6.7 fixes 12 vulnerabilities and 16 bugs. -
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
— Bleeping Computer
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past … -
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
— The Hacker News
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result … -
No Manners Here: The Ruthless Rise of The Gentlemen Ransomware
— Unit 42
Unit 42 explores The Gentlemen ransomware operations, revealing the affiliate model driving its rapid growth. Learn more here. The post No M… -
New U-Boot flaws could enable stealthy firmware attacks
— Bleeping Computer
Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during de… -
Jen Ellis: Connecting Cyber Community With Political Machinery
— Dark Reading
Security Pro File: On the heels of her recent honors as a Member of the Order of the British Empire (MBE), we take a look back at the events… -
Cybercriminals Flock to Healthcare Businesses as Attacks Surge
— Dark Reading
While cyberattacks against hospitals and clinics grew modestly in the first half of 2026, attacks on service providers and other healthcare … -
My Stack Simulator, (Wed, Jul 8th)
— SANS ISC
The stack is a memory region where a program stores temporary data - like local variables and retur… -
Fresh ATM Crypto Software Bugs: Jackpot or Bust?
— Dark Reading
Organizations, and possibly ATMs, are at risk of compromise, thanks to holes in a Microsoft BitLocker security wrapper.
🪲 NVD — Last 20 Scored Vulnerabilities
Latest scored CVEs from the National Vulnerability Database (7343 in last 30 days).
Critical: 3 · High: 6 · Medium: 5 · Low: 6. View full dashboard →
-
CVE-2026-15470
— CVSS 4.3 (MEDIUM)
A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authorization. The attack m⦠-
CVE-2026-58281
— CVSS 8.3 (HIGH)
Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. -
CVE-2026-10660
— CVSS 6.4 (MEDIUM)
The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assistant.c reassembled remote Broadcast Receive State data into a single file-static net_buf_simple (att_buf, BT_ATT_MAX_ATTRIBUT⦠-
CVE-2026-61870
— CVSS 2.9 (LOW)
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust availabl⦠-
CVE-2026-61861
— CVSS 3.7 (LOW)
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to referenc⦠-
CVE-2026-61858
— CVSS 3.3 (LOW)
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy⦠-
CVE-2026-61857
— CVSS 3.7 (LOW)
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vu⦠-
CVE-2026-61465
— CVSS 3.3 (LOW)
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate ⦠-
CVE-2026-61454
— CVSS 5.3 (MEDIUM)
The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ in the Admin2 SPA bootstrap page at /grav/admin (and its subroutes). This object is returned in ⦠-
CVE-2026-61447
— CVSS 10.0 (CRITICAL)
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers⦠-
CVE-2026-61445
— CVSS 9.9 (CRITICAL)
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicio⦠-
CVE-2026-61442
— CVSS 7.1 (HIGH)
PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modif⦠-
CVE-2026-61439
— CVSS 7.5 (HIGH)
PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit si⦠-
CVE-2026-61429
— CVSS 8.5 (HIGH)
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attack⦠-
CVE-2026-61428
— CVSS 7.3 (HIGH)
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received eve⦠-
CVE-2026-61426
— CVSS 8.6 (HIGH)
PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions ⦠-
CVE-2026-60090
— CVSS 9.8 (CRITICAL)
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers ar⦠-
CVE-2026-60088
— CVSS 5.5 (MEDIUM)
PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outside_secret.t⦠-
CVE-2026-56763
— CVSS 4.8 (MEDIUM)
Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with __proto__ properties. When parsed results are merged into regular JavaScr⦠-
CVE-2026-56372
— CVSS 3.3 (LOW)
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, â¦
Source: NVD CVE API 2.0
Generated by CryptXNet.ai Threat Intelligence Platform · July 12, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com
Leave a Comment