Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Flipper Zero Firmware Updates Enhance Security, Introduce Community Guidelines
July 5, 2026
Mythos Ransomware Returns, Kali Linux 2024.2 Released, WhatsApp Vulnerability
July 5, 2026
Microsoft Patches Windows 11 OOBE Flaw in Cumulative Update
July 5, 2026
Home/CyberSecurity News/Mythos Ransomware Returns, Kali Linux 2024.2 Released, WhatsApp Vulnerability
CyberSecurity News

Mythos Ransomware Returns, Kali Linux 2024.2 Released, WhatsApp Vulnerability

Key Takeaways Anthropic’s powerful AI cybersecurity model, Claude Mythos 5, has been redeployed to select US critical infrastructure organizations after a temporary suspension. Google Chrome...

Marcus Rodriguez
Marcus Rodriguez
July 5, 2026 8 Min Read
2 0

Key Takeaways

  • Anthropic’s powerful AI cybersecurity model, Claude Mythos 5, has been redeployed to select US critical infrastructure organizations after a temporary suspension.
  • Google Chrome 151 addresses 382 vulnerabilities, including 15 critical “use after free” bugs, requiring immediate updates across all platforms.
  • A critical “Bad Epoll” 0-day vulnerability in the Linux kernel allows unprivileged local users to achieve root access on Linux and Android devices.
  • Several major products, including Microsoft 365 Apps, Google Gemini CLI, Apache Tomcat, and Apache ActiveMQ, have received patches for critical remote code execution and authentication bypass flaws.
  • Kali Linux 2026.2 has been released, featuring performance improvements, updated desktop environments, a new kernel, and nine new cybersecurity tools.

Major Cybersecurity Developments

Anthropic’s Claude Mythos 5 Returns to Critical Infrastructure

Anthropic has confirmed the redeployment of Claude Mythos 5, its advanced AI cybersecurity model, to approved critical infrastructure entities within the United States. This follows a government-mandated suspension that began on June 12, 2026. The model gained notoriety for its exceptional capability, demonstrating a 72% success rate in generating functional exploits on the first attempt, uncovering vulnerabilities, and autonomously chaining Linux kernel exploits to achieve full privilege escalation. The identified flaws included a 27-year-old OpenBSD vulnerability and a 16-year-old FFmpeg bug. The US government officially sanctioned its return on June 27 for organizations in the energy, healthcare, financial services, and telecommunications sectors, with plans for a broader rollout encompassing Claude Fable 5 still underway. Read More

Table Of Content

  • Key Takeaways
  • Major Cybersecurity Developments
  • Anthropic’s Claude Mythos 5 Returns to Critical Infrastructure
  • Chrome 151 Patches Hundreds of Vulnerabilities
  • “Bad Epoll” 0-Day Grants Root Access on Linux and Android
  • CitrixBleed Vulnerability Exploited Rapidly After Disclosure
  • Microsoft 365 Apps Vulnerable to RCE via Excel
  • Critical RCE in Google Gemini CLI
  • Cursor IDE “DuneSlide” Zero-Click RCE via Prompt Injection
  • Multiple Apache Tomcat Vulnerabilities Allow Authentication Bypass
  • Apache ActiveMQ Vulnerabilities Lead to DoS and Unauthorized Access
  • Claude Cowork Sandbox Vulnerability Grants Root Shell
  • Massive Password Spray Campaign Targets Microsoft 365
  • Google and FBI Dismantle NetNut Residential Proxy Botnet
  • PamStealer Mimics Maccy Clipboard Manager on macOS
  • Alleged Scattered Spider Member Extradited
  • ChatGPT File Download Vulnerability Discovered
  • Researcher Uses Claude AI for SQL Injection Exploitation
  • Alibaba Reportedly Banning Claude Code
  • iOS 27 to Introduce Real-Time Scam Alerts
  • WhatsApp Launches Username Feature
  • Unpatched Apple “Hide My Email” Vulnerability
  • Indian Government Bans Apps Misused to Disable E-Rickshaws
  • Kali Linux 2026.2 Released with Performance Boosts and New Tools
  • What You Should Do

Chrome 151 Patches Hundreds of Vulnerabilities

Google has released Chrome 151, a stable update that addresses a significant number of security flaws – 382 in total. Among these, 15 are classified as critical, predominantly “use after free” vulnerabilities impacting components such as Extensions, GPU, WebUSB, Bluetooth, and Chromoting. Successful exploitation of these flaws could lead to drive-by code execution. Users operating on Windows, macOS, Linux, and iOS are strongly advised to update their browsers without delay. Read More

“Bad Epoll” 0-Day Grants Root Access on Linux and Android

A severe zero-day vulnerability, dubbed “Bad Epoll,” has been discovered in the Linux kernel’s epoll subsystem. This flaw, a combination of a race condition and use-after-free bug, allows unprivileged local users to escalate their privileges to root with approximately 99% reliability. The vulnerability affects a wide range of devices, including servers, desktops, and Android systems. As the epoll subsystem cannot be disabled, the only effective mitigation is the immediate application of the upstream kernel patch. Read More

CitrixBleed Vulnerability Exploited Rapidly After Disclosure

A new memory disclosure vulnerability, similar to previous CitrixBleed flaws, was actively exploited in Citrix NetScaler appliances less than 24 hours after its public disclosure. This unauthenticated vulnerability impacts NetScaler instances configured as SAML IdPs, allowing attackers to leak session tokens through an out-of-bounds read in an XML parser. Affected versions include ADC/Gateway 14.1 prior to 14.1-72.61. Immediate patching is critical. Read More

Microsoft 365 Apps Vulnerable to RCE via Excel

An out-of-bounds read vulnerability within Excel’s file parsing mechanism can lead to arbitrary code execution. This occurs when a user opens a specially crafted spreadsheet. The exploit requires no authentication or elevated privileges, only user interaction. The vulnerability affects Microsoft 365 Apps, Excel 2016, Office 2019, and LTSC 2021/2024. Users should enable Protected View and apply the latest security patches from Microsoft. Read More

Critical RCE in Google Gemini CLI

A critical vulnerability has been identified in Google’s Gemini CLI due to improper workspace trust. This flaw permits attackers to inject malicious environment variables via pull requests, subsequently triggering remote code execution in GitHub Actions pipelines without requiring any user interaction. The vulnerability impacts versions prior to 0.39.1. Users are advised to upgrade to version 0.39.1 or 0.40.0-preview.3 and meticulously review all CI/CD workflows utilizing the tool. Read More

Cursor IDE “DuneSlide” Zero-Click RCE via Prompt Injection

Two critical vulnerabilities, both assigned CVSS scores of 9.8, have been discovered in Cursor IDE. These flaws, collectively termed “DuneSlide,” enable attackers to escape the sandbox through prompt injection. No user action is required beyond responding to a routine prompt. The exploit manipulates working directories and exploits symlink canonicalization to overwrite the sandboxing binary itself, leading to full system compromise and takeover of SaaS workspaces. Read More

Multiple Apache Tomcat Vulnerabilities Allow Authentication Bypass

Two vulnerabilities in Apache Tomcat could allow attackers to bypass HTTP method-based security constraints on the default servlet. CVE-2026-55957, rated “Important,” affects JNDIRealm with GSSAPI, while CVE-2026-55956, rated “Moderate,” impacts a broader range of versions. To mitigate these issues, users should upgrade to Tomcat 11.0.5, 10.1.37, or 9.0.101, depending on their current version. Read More

Apache ActiveMQ Vulnerabilities Lead to DoS and Unauthorized Access

Three distinct vulnerabilities have been reported in Apache ActiveMQ versions 5.x and 6.x. These include memory allocation abuse that can cause broker DoS crashes, inadequate temporary destination isolation allowing cross-tenant snooping, and low-privilege users accessing administrative Web Console paths. Upgrading to ActiveMQ 6.2.7 or 5.19.8 is necessary to resolve all three issues. Read More

Claude Cowork Sandbox Vulnerability Grants Root Shell

A chain of vulnerabilities in Anthropic’s Claude Cowork for Windows allows a local attacker to escalate privileges to root within the product’s isolated Linux sandbox. The exploit involves DLL sideloading into claude.exe, reverse-engineering the RPC protocol, and leveraging a logic flaw in the isResume parameter to bypass user-isolation checks, ultimately granting a root shell. Read More

Massive Password Spray Campaign Targets Microsoft 365

A large-scale password spraying campaign, active between June 12 and 26, 2026, targeted Microsoft 365, bypassing MFA in 64 organizations and compromising 78 accounts. The attackers, linked to IPv6 range 2a0a:d683::/32, exploited Azure CLI’s legacy OAuth ROPC flow, replaying breached credentials against inadequately scoped Conditional Access Policies. Organizations are urged to enforce “All Cloud Apps” MFA and disable ROPC grants. Read More

Google and FBI Dismantle NetNut Residential Proxy Botnet

In a collaborative effort, Google, the FBI, and Lumen Technologies successfully dismantled the NetNut “Popa” botnet. This residential proxy service was estimated to compromise between 1.5 and 2.5 million home devices daily. NetNut was linked to Alarum Technologies (NASDAQ: ALAR) and used by 316 distinct threat clusters in a single week for activities like password spraying and infrastructure obfuscation. Google Play Protect has been updated to block NetNut SDKs. Read More

PamStealer Mimics Maccy Clipboard Manager on macOS

A new Rust-based macOS infostealer, named PamStealer, has been identified masquerading as the popular Maccy clipboard manager. PamStealer employs a two-stage AppleScript dropper, exfiltrates Keychain data and browser credentials via SQLite, monitors the clipboard using pbpaste, and validates captured passwords against macOS PAM to ensure their correctness. Its command-and-control server is located at avenger-sync[.]live. Read More

Alleged Scattered Spider Member Extradited

Peter Stokes, a 19-year-old dual US-Estonian citizen, has been extradited from Finland under Operation Riptide to face charges of conspiracy, computer intrusion, and fraud. Stokes is an alleged member of the Scattered Spider collective, also known as Octo Tempest or UNC3944, which is implicated in over 100 corporate breaches and more than $100 million in ransoms. He is accused of demanding $8 million after breaching a luxury jewelry retailer. Read More

ChatGPT File Download Vulnerability Discovered

A researcher successfully exploited a vulnerability in ChatGPT’s file download API by chaining a guardrail bypass with a path traversal flaw. This allowed access to /etc/passwd from within the execution sandbox. The exploit involved social engineering to trick the LLM into generating a valid download URL, followed by bypassing validation through preserved-path traversal. OpenAI has since redesigned the URL download flow to address this issue. Read More

Researcher Uses Claude AI for SQL Injection Exploitation

A researcher leveraged Claude Code (Opus) to bypass an AWS WAF and execute a blind SQL injection attack against Front Gate Tickets, a Live Nation subsidiary handling ticketing for major events like EDC, Bonnaroo, and Outside Lands. This led to a full administrative takeover, granting unlimited “comp” tickets. Front Gate Tickets has since patched the vulnerability and is launching a bug bounty program. Read More

Alibaba Reportedly Banning Claude Code

Reports indicate that Alibaba plans to ban Anthropic’s Claude Code starting July 10. The alleged reason is that the tool silently checks proxy configurations and time zones against a list of Chinese enterprise identifiers, including Alibaba, Baidu, and ByteDance. Anthropic has suggested this was an anti-abuse mechanism and states a fix is in progress. These claims have not yet been independently verified. Read More

iOS 27 to Introduce Real-Time Scam Alerts

iOS 27 will debut “Trust Insights,” an on-device behavioral analysis framework designed to detect scam coaching patterns across various communication channels, including calls, messages, payments, and apps. This system assigns medium or high-risk scores in real-time without inspecting message content. Developers can integrate Trust Insights via WWDC26 APIs to delay risky transactions or prompt users for re-verification. Read More

WhatsApp Launches Username Feature

WhatsApp has officially launched username reservations for its over 3 billion users, ahead of a full rollout later in 2026. These handles, which can be 3 to 35 characters long and contain letters, numbers, and underscores, operate on a zero-discovery model, meaning there is no public directory or search function. An optional 4-digit “username key” provides an additional layer of protection against unsolicited messages. Existing Meta handles can be directly claimed. Read More

Unpatched Apple “Hide My Email” Vulnerability

An unpatched flaw in Apple’s iCloud+ Hide My Email service allows attackers with minimal technical skill to reverse-engineer the real email address behind anonymized aliases. Researcher Tyler Murphy reported this issue over a year ago, providing proof-of-concept steps, but Apple has yet to deploy a fix. Users at high risk should consider that their aliases may be linkable to their true identity. Read More

Indian Government Bans Apps Misused to Disable E-Rickshaws

The Indian government has instructed Google and Apple to remove the BAT-BMS, Lossigy, and Epoch-i-ion battery management applications from their respective app stores. These apps contained remote kill-switch APIs that were exploited by unauthorized individuals to disable e-rickshaws, sometimes while in motion. The applications lacked proper authentication controls and speed-based lockouts. India invoked Section 69A of the IT Act to enforce their removal. Read More

Kali Linux 2026.2 Released with Performance Boosts and New Tools

The second-quarter release of Kali Linux, version 2026.2, introduces significant updates and performance enhancements. Key features include GNOME 50, KDE Plasma 6.6, and Linux kernel 6.19. A complete overhaul of the VM graphics firmware has reduced the initrd size from 200 MB to 60 MB, resulting in a threefold reduction in QEMU boot times. Nine new tools have been added to the distribution: arsenal-ng, legba, oletools, penelope, shell-gpt, tailscale, tookie-osint, uro, and hydra-gtk. NetHunter now supports Qcacld-3.0 Wi-Fi injection on devices such as OnePlus 7/9, POCO X3 Pro, and Samsung A73. Users can upgrade using sudo apt full-upgrade. Read More

What You Should Do

  • Update Immediately: Ensure all affected software, including Google Chrome, Microsoft 365 Apps, Apache Tomcat, Apache ActiveMQ, and Google Gemini CLI, are updated to their latest patched versions.
  • Patch Linux Kernel: For Linux and Android users, apply the upstream kernel patch for the “Bad Epoll” vulnerability as soon as it is available.
  • Review CI/CD Workflows: If using Google Gemini CLI, meticulously review and secure all CI/CD workflows.
  • Enable MFA and Disable ROPC: For Microsoft 365 users, enforce “All Cloud Apps” MFA and disable the legacy OAuth ROPC flow to prevent password spraying attacks.
  • Exercise Caution with AI Tools: Be aware of the capabilities and potential risks associated with advanced AI cybersecurity models like Claude Mythos 5 and Claude Code.
  • Be Wary of Impersonation: macOS users should be vigilant for infostealers mimicking legitimate applications like Maccy.
  • Understand Apple “Hide My Email” Limitations: High-risk users should be aware that their anonymized Apple email aliases may still be linkable to their real identity due to an unpatched vulnerability.
  • Upgrade Kali Linux: Penetration testers and cybersecurity professionals using Kali Linux should upgrade to version 2026.2 for improved performance and new tools.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCVECybersecurityExploitPatchransomwareSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Microsoft Patches Windows 11 OOBE Flaw in Cumulative Update

Next Post

Flipper Zero Firmware Updates Enhance Security, Introduce Community Guidelines

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Linux Kernel Vulnerability CVE-2023-0179 Grants Root Access
July 4, 2026
India Bans Apps Used to Remotely Disable E-Rickshaws
July 3, 2026
The Future of Encryption: Top Post-Quantum Cryptography Solutions for 2026
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us