(URGENT) WordPress RCE Exploit, OpenSSL 11-byte Attack, and New Botnet Hunting AI Servers

THN Daily Updates
Newsletter
cover

When Your AI Goes Rogue: Hands-On Findings and What They Mean for Enterprise Security

Learn how to secure agentic AI and stop credential leaks. Join Okta's Jeremy Kirk to explore OpenClaw vulnerabilities and identity-first AI governance.

Download Now Sponsored
LATEST NEWS Jul 18, 2026

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of...

Read More
Twitter Facebook LinkedIn

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped th...

Read More
Twitter Facebook LinkedIn

One platform. Every IT workflow. AI built into all of it.

Atera's AI runs on your live data, flagging unpatched endpoints, generating remediation scripts, and surfacing risks across your fleet. The ISO 42001-certified IT platform built for security-conscious teams. Know exactly what's happening across every device, right now.

Read More
Twitter Facebook LinkedIn

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed Vit...

Read More
Twitter Facebook LinkedIn

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, ...

Read More
Twitter Facebook LinkedIn

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor ...

Read More
Twitter Facebook LinkedIn

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and codin...

Read More
Twitter Facebook LinkedIn

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the disp...

Read More
Twitter Facebook LinkedIn
cover

When Your AI Goes Rogue: Hands-On Findings and What They Mean for Enterprise Security

Learn how to secure agentic AI and stop credential leaks. Join Okta's Jeremy Kirk to explore OpenClaw vulnerabilities and identity-first AI governance.

Download Now Sponsored

This email was sent to sikubaycom.s3cr3tz@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from THN. To manage your email newsletter preferences, please click here.

Contact THN: info@thehackernews.com
Unsubscribe

THN | K.P BLock, Pitampura, Delhi