Olivia
Online
Mohit Kumar
@unix_root
Founder — @TheHackersNews | Cyber Alchemist | Curious by Nature, Educator by Choice, Disciplined by Trading, Solution-Driven by Coding.
INTERNET
Joined November 2011
5.7K Following
30.6K Followers
19.8K Posts
🚨 ALERT - A critical Splunk Enterprise flaw can go from “no login required” to remote code execution.
Tracked as CVE-2026-20253, the bug carries a 9.8 CVSS score and affects vulnerable Splunk Enterprise servers through exposed PostgreSQL sidecar endpoints.
The exploit chain is now public.
Read the full story: https://t.co/arMFjVVt10
🚫 The U.S. government ordered Anthropic to block foreign access to Fable 5 and #Mythos 5 over jailbreak concerns.
#Anthropic disputes the move, saying the reported bypass only revealed minor, known vulnerabilities and that similar capabilities are available in other public AI models.
Details: https://t.co/N2B83ieZZh
Your MDR may be missing the alerts attackers actually want.
New analysis of 25M alerts found that about 60% go unreviewed. In a large enterprise, that can mean roughly 54 real incidents a year hiding in the low-priority queue.
The problem is not effort. It is scale.
Read the full article: https://t.co/g30muVp8v3
🚨 Attackers hijacked 400+ Arch #Linux AUR packages by taking over abandoned projects and changing their build scripts.
The payload stole developer secrets, targeted tokens and SSH keys, and could hide with an eBPF rootkit if it ran as root.
If you used AUR after June 11, check your system.
Details ➝ https://t.co/7ClUL4fKCo
Who to follow
The Hacker News
@TheHackersNews
The #1 trusted source for cybersecurity news, insights, and analysis — built for defenders and trusted by decision-makers.
Pentester Academy
@SecurityTube
We help professionals acquire the skills, knowledge and certificates by teaching defense through offense to advance their careers in cybersecurity.
Black Hat
@BlackHatEvents
The World's Premier Technical Cybersecurity Conference Series
Chatbots talk. AI agents act. That shift changes security.
If attackers hide commands in data an agent reads, it may run them using trusted tools.
We mapped how award-winning cybersecurity solutions are helping teams detect, control, and reduce AI agent risks.
Read: https://t.co/IQhOAigHEw
🛑 ShinyHunters exploited an Oracle PeopleSoft zero-day to break into organizations, steal data, and demand payment.
Mandiant says 100+ exposed endpoints were identified, with universities hit hardest.
The flaw needs no login, no user click, just HTTP access.
Full story: https://t.co/ZpB07K5mwB
Same AI brain. Different safety switch.
Anthropic’s new Claude Fable 5 is public, but its less-restricted twin, Mythos 5, is only for vetted cyber teams.
The real story is not just the model.
It’s who gets full power — and who doesn’t.
🚨 Hackers can now hijack AI coding agents with fake Sentry errors.
No phishing.
No malware.
No server break-in.
Agentjacking tricks tools like #ClaudeCode and Cursor into reading planted error reports as trusted fix steps, then running attacker code with developer privileges.
Researchers tested it on 100+ organizations. Success rate: 85%.
Read: https://t.co/xWTezrSM6Z
This week in #ThreatsDay Bulletin:
🪱 Attack toolkit leaked on GitHub. For free.
🤖 AI agents failed basic phishing tests
📡 EDR killed with a built-in Windows policy
💳 NFC card data stolen via fake banking apps
🌍 North Korea behind 47% of tech sector hacks
🔑 3.3 billion stolen creds now in the wild
31 stories. Wild week.
Read all latest stories on @TheHackersNews ➝ https://t.co/opZBLp4hgW
> One fake contact
> One normal work email
> One AI agent trusted too much
Researchers showed #OpenClaw could be tricked into running hidden commands or leaking mock AWS keys, database logins, SSH credentials, and customer data.
Here's how both attacks work: https://t.co/wpD9P3u8HO
Anthropic released its most powerful Claude AI yet — but not everyone gets the same version.
🛡️ Fable 5 is for the public, with limits on risky cyber requests.
🔥 Mythos 5 is for vetted defenders, with those cyber limits removed.
See what Anthropic is trying to stop: https://t.co/fAgZaSof2z
🔒 A clean pentest report can be the most dangerous thing in your inbox.
Your tool proves an attacker could move laterally. It never tells you if your EDR blocked it or your SIEM caught it.
A reachable path is not a defended one.
Join THN + Picus Security to see what your tool validates, where it stops, and how to close the gap.
Save your seat: https://t.co/jHIhv7xqot
🚨 Fully patched Windows 10 and 11 are still at risk from a new Microsoft Defender zero-day.
The exploit, "RoguePlanet," can hand attackers full SYSTEM control when it works.
It's the latest public drop from a researcher feuding with Microsoft.
Read: https://t.co/RbALiW3Qvj
🚨 Microsoft just dropped a record 206 security fixes.
Three bugs were already public. 39 are rated Critical. Some can let attackers run code over the network or bypass #BitLocker.
This is the Patch Tuesday list admins should not skim.
See what Microsoft fixed: https://t.co/cEQsEwOFoj
A WinRAR bug patched in July 2025 is still being exploited to hit Ukrainian organizations.
Russia-aligned hackers are abusing it to drop stealers, keep access, and cover their tracks.
Read the full story https://t.co/UJGFNy9AuQ
🚨 WARNING: Google just fixed a Chrome zero-day already used in real attacks.
The bug (CVE-2026-11645) hits V8, Chrome’s JavaScript engine, and can let attackers run code through a crafted HTML page.
Update your browser now.
Read the full story: https://t.co/nt5rUrsDwx
🔥 An AI worm used a local open-weight LLM to find targets, choose attack paths, and copy itself.
> No human help.
> No OpenAI or #Anthropic API.
> No API key to shut off.
In 7 days, it replicated to 62% of a 33-host test network.
It also used fresh CVE advisories to find new attack paths.
Read full story: https://t.co/NVZZjUGZXF
🚨 A website can figure out what you're doing on your computer.
No download. No permission. No popup.
> It's called FROST.
> Up to 95% accurate.
> And there's no fix yet.
You just leave the tab open, and JavaScript times your SSD to tell which sites you visit and which apps you open.
🔗 Learn how this works: https://t.co/kyvObeVoR4
🛑 Hackers can get into some Check Point VPNs without knowing the password.
And it’s already being exploited.
The bug is CVE-2026-50751 and affects IKEv1 Remote Access/Mobile Access setups.
Check if your gateways are exposed.
Read: https://t.co/OpKjta2NFS
🚨 Meta caught NSO Group trying again.
This time, the spyware vendor was linked to phishing links aimed at #WhatsApp users — even after a court order barred it from targeting them.
Now Meta wants NSO held in contempt.
Details: https://t.co/TakQQOTcrb
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers