Millions of Microsoft Entra Accounts Targeted in OAuth Client ID Spoofing Campaigns

Proofpoint details how attackers spoof OAuth client IDs to probe Microsoft Entra accounts, test credentials and bypass common sign-in detections at cloud scale.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads

xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed.

A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not

The Hacker News – ​Read More

Valarian Raises $50 Million for Sovereign Infrastructure Control Layer

UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology.

The post Valarian Raises $50 Million for Sovereign Infrastructure Control Layer appeared first on SecurityWeek.

SecurityWeek – ​Read More

I changed these 12 YouTube settings to limit Shorts, stop autoplay, protect my privacy, and more

YouTube works well with default settings, but I tighten some privacy controls and enable a few features to make it even better.

Latest news – ​Read More

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog.

The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site and let the students who came to dodge

The Hacker News – ​Read More

Multiple Jscrambler Packages Impacted by Supply Chain Attack

A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer.

The post Multiple Jscrambler Packages Impacted by Supply Chain Attack appeared first on SecurityWeek.

SecurityWeek – ​Read More

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans.

The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian

The Hacker News – ​Read More

Greenhat Announces Successful Delegation at Web Summit Vancouver 2026

Vancouver, Canada, 14th July 2026, CyberNewswire

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules

A new CMMC review and reform task force will conduct a comprehensive review of the program.

The post Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules appeared first on SecurityWeek.

SecurityWeek – ​Read More

Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths

Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform.

The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it.

In 

The Hacker News – ​Read More