ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

This week’s security news is mostly about weak spots.

Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through.

This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runs

The Hacker News – ​Read More

I’ve been reviewing laptops for years: These are the 15+ best July 4th laptop deals

The Fourth of July weekend brings tons of sales on top laptops we’ve reviewed, from Apple, Acer, Lenovo, and more.

Latest news – ​Read More

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that’s designed to gain surreptitious access to a victim’s email correspondence via the Google API.

“In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs,” Kaspersky said in a detailed report published this week. ”

The Hacker News – ​Read More

HP’s new OmniBook is a smart buy in this economy – here’s what convinced me

HP’s OmniBook Ultra 14 combines a sleek design and OLED display with the kind of performance professionals appreciate.

Latest news – ​Read More

How to Conduct a Successful Audit of AI-Driven Software Development

As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production.

The post How to Conduct a Successful Audit of AI-Driven Software Development appeared first on SecurityWeek.

SecurityWeek – ​Read More

CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability

CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659).

The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek.

SecurityWeek – ​Read More

Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation

A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

A PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week.

The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek.

SecurityWeek – ​Read More

‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials

Researchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials.

The post ‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials appeared first on SecurityWeek.

SecurityWeek – ​Read More

Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm

Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available.

The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek.

SecurityWeek – ​Read More