ENFR
8news

Tech • IA • Crypto

TodayTopicsVideosCryptoArchivesFavorites

Top Cybersecurity Incidents and Advances on July 10, 2026: Injective Labs Hack & MODBEACON RAT

CybersecFriday, July 10, 2026

50 articles analyzed by AI / 174 total

Key points

Audio player
0:00 / 0:00
  • A critical supply chain attack compromised Injective Labs' GitHub by injecting a malicious npm package designed to steal cryptocurrency wallet keys and seeds, demonstrating ongoing risks in software repository security.[The Hacker News RSS]
  • CISA disclosed security lapses causing a significant GitHub leak of passwords and cloud access keys dating back to April 27, 2024, highlighting persistent vulnerabilities in access management and the need for stronger supply chain protections.[Cybersecurity Dive]
  • Progress Software's urgent warning prompted ShareFile customers to shut down Storage Zone Controllers to counter a high-severity security threat. The shutdown affected many users reliant on this infrastructure to prevent potential data breaches.[The Hacker News][SecurityWeek]
  • Researchers discovered six severe security flaws in U-Boot firmware widely used in routers, cameras, and servers. These vulnerabilities could crash devices or permit attackers to execute malicious code during boot, putting millions of connected devices at risk.[The Hacker News RSS]
  • A new MODBEACON RAT uses encrypted gRPC streaming for its command and control communications, representing an evolution in malware stealth techniques and complicating detection efforts by cybersecurity teams.[The Hacker News]
  • A former cybersecurity negotiator received a 70-month prison sentence for colluding with the BlackCat ransomware group to extort victims, exposing the dangers of insider threats and criminal collaboration in ransomware attacks.[Hackread]
  • The WP-SHELLSTORM backdoor was revealed through a leaked hacker server, compromising thousands of WordPress sites and exposing widespread vulnerabilities impacting over 1.4 million websites, a substantial impact on web security.[The Hacker News]
  • A sophisticated social engineering attack by threat actor O-UNC-066 used fake Microsoft Entra passkey enrollment through voice deception to obtain unauthorized Microsoft 365 access, aiming at data extortion across industries.[The Hacker News RSS]
  • Exploitation of the 'Ill Bloom' vulnerability in cryptocurrency wallets—stemming from weak randomness in recovery phrase generation—led to over $3.1 million in stolen funds, underscoring dangers in cryptographic key management.[The Hacker News RSS]

Relevant articles