Security Research

Latest security research news, vulnerabilities, CVEs, and threat intelligence from 50+ trusted cybersecurity sources.

Esri Introduces ArcGIS Velocity for ArcGIS Enterprise to Power Real-Time GIS Operations

• NewsAPI.org

Esri has introduced ArcGIS Velocity for ArcGIS Enterprise, enabling real-time data ingestion, analysis, and automated alerting in self-hosted deployments. The tool may introduce security risks if not properly configured, potentially exposing sensitive GIS data to unauthorized access or manipulation, affecting organizations relying on ArcGIS Enterprise for critical operations.

#security #news

Read full article →

Trust-based cyberattacks replacing traditional hacking as biggest threat to financial institutions: Report

• NewsAPI.org

Trust-based cyberattacks replacing traditional hacking as biggest threat to financial institutions: Report

Cyberattackers are increasingly exploiting trust-based vulnerabilities in biometric onboarding, partner integrations, AI-driven decisions, and real-time payments to compromise financial institutions (BFSI). This shift targets core financial processes, enabling fraud, identity theft, and unauthorized transactions. Immediate adoption of trust validation and anomaly detection is critical to mitigate systemic risks.

#security #news

Read full article →

85% of CFOs Say Automation Cuts Payments Friction

• NewsAPI.org

85% of CFOs Say Automation Cuts Payments Friction

A PYMNTS Intelligence report reveals that 85% of CFOs believe automation reduces payments friction, but underlying vulnerabilities in payment processing systems may introduce significant risks. Enterprise payment gateways and financial automation tools are indirectly exposed to remote code execution (RCE) risks due to poorly implemented controls, potentially enabling unauthorized transactions or data breaches. Immediate risk assessment of payment automation workflows is advised.

#RCE

Read full article →

Cynative: Open-source deep research agent

• NewsAPI.org

Cynative: Open-source deep research agent

The open-source deep research agent 'Cynative' introduces a critical risk by allowing a large language model (LLM) to interact with live cloud accounts using real credentials, potentially enabling Remote Code Execution (RCE) or unauthorized data manipulation. Organizations deploying this agent risk credential theft, data breaches, or cloud infrastructure compromise due to the agent's broad access permissions. Immediate review of permission scopes and monitoring of agent behavior is advised.

#RCE

Read full article →

More than 2,700 died as result of heatwaves in England, researchers say

• NewsAPI.org

More than 2,700 died as result of heatwaves in England, researchers say

Climate-related vulnerabilities exacerbated by extreme heatwaves resulted in over 2,700 deaths in England and Wales during May and June. Vulnerable populations, including the elderly and those with pre-existing health conditions, were disproportionately affected. Immediate adaptation measures and climate resilience planning are critical to mitigate future risks.

#security #news

Read full article →

Microsoft's patch for a Windows Defender 0-day may have created a new attack path

• NewsAPI.org

Microsoft's patch for a Windows Defender 0-day may have created a new attack path

A security researcher, NightmareEclipse, accused Microsoft of concealing a backdoor in BitLocker's volume encryption, leading to Microsoft patching a Windows Defender zero-day that may have inadvertently introduced a new attack vector. This affects Windows systems using BitLocker encryption, potentially exposing sensitive data to unauthorized access or manipulation.

#0-day #Patch

Read full article →

'Jesus, he really is a tosser': Four winners and two losers of the week

• NewsAPI.org

'Jesus, he really is a tosser': Four winners and two losers of the week

A vague security report linked to political shifts has raised concerns about undisclosed vulnerabilities in EU parliamentary systems. The report's secrecy and an MEP's isolated stance suggest potential exposure of sensitive electoral or institutional data. This could impact election integrity, policy transparency, and institutional trust across EU member states.

#security #news

Read full article →

Show HN: The MCP Census – 15,382 MCP servers, health-checked

• NewsAPI.org

Researchers published a census of 15,382 MCP (Model Context Protocol) servers, revealing widespread health-checking and potential exposure of sensitive endpoints. Unauthorized access to these servers could expose internal systems, APIs, or sensitive data due to misconfigured or vulnerable MCP implementations. Organizations using MCP servers without proper security controls are at high risk of exploitation.

#security #news

Read full article →

Trump says he left orders to 'bomb Iran at levels they've never seen before' if Tehran kills him: Report

• NewsAPI.org

Trump says he left orders to 'bomb Iran at levels they've never seen before' if Tehran kills him: Report

Donald Trump disclosed that he left orders for a disproportionate military response against Iran, including potential airstrikes, if he were assassinated. The geopolitical escalation poses severe risks to national security infrastructure, regional stability, and global cyber/espionage warfare. Diplomatic and cybersecurity channels may become primary targets for retaliation.

#security #news

Read full article →

Nasdaq Announces End-of-Month Open Short Interest Positions in Nasdaq Stocks as of Settlement Date June 30, 2026

• NewsAPI.org

Nasdaq Announces End-of-Month Open Short Interest Positions in Nasdaq Stocks as of Settlement Date June 30, 2026

Nasdaq reported an increase in open short interest positions across 3,804 Nasdaq Global Market securities, totaling 18.45 billion shares as of June 30, 2026. This data exposure highlights potential market manipulation risks and vulnerabilities in financial reporting systems. Affected parties include investors, regulators, and Nasdaq's infrastructure, requiring enhanced monitoring and controls.

#security #news

Read full article →

rbi-compliance-scanner added to PyPI

• NewsAPI.org

rbi-compliance-scanner added to PyPI

The 'rbi-compliance-scanner' package, a Terraform static analysis tool for RBI/DPDPA compliance, was published to PyPI. Organizations using this tool for regulatory compliance in India risk misconfigured or improperly validated Terraform configurations that could expose sensitive data or violate legal requirements.

#security #news

Read full article →

China's plan to build world's biggest dam on Brahmaputra near Arunachal Pradesh hits an 'Ice Age fault': Report

• NewsAPI.org

China's plan to build world's biggest dam on Brahmaputra near Arunachal Pradesh hits an 'Ice Age fault': Report

Chinese scientists discovered an active fault line beneath the Yarlung Tsangpo dam construction zone in the Brahmaputra River, threatening structural integrity and ecological stability. India faces severe risks to water security, downstream infrastructure, and geopolitical stability due to potential dam failure or ecological collapse. Immediate geological and diplomatic assessments are required to mitigate cascading risks.

#security #news

Read full article →

Israel warns US of new Iranian assassination plot targeting Trump, reports say

• NewsAPI.org

Israel warns US of new Iranian assassination plot targeting Trump, reports say

Anonymous sources report Iran is planning a new assassination plot against former US President Donald Trump, involving potential cyber-enabled reconnaissance or disruption. The alleged plan threatens national security and escalates geopolitical tensions between Iran, Israel, and the US. Immediate intelligence sharing and countermeasures are critical to mitigate risks.

#RCE

Read full article →

New fathers ALSO suffer postnatal depression, research claims - but the symptoms are different to those affecting women

• NewsAPI.org

New fathers ALSO suffer postnatal depression, research claims - but the symptoms are different to those affecting women

Research highlights that new fathers may experience postnatal depression with symptoms distinct from those affecting new mothers. The condition is understudied but affects male caregivers, potentially impacting family dynamics and mental health outcomes. Further awareness and support systems are needed to address this mental health vulnerability.

#security #news

Read full article →

Business travellers are carrying the office everywhere they go, according to Holafly for Business’s latest research

• NewsAPI.org

Business travellers are carrying the office everywhere they go, according to Holafly for Business’s latest research

Business travelers are increasingly using public and unsecured networks in airports, hotels, and transit hubs to work, exposing corporate data and devices to significant cybersecurity risks. This widespread practice affects enterprises of all sizes by expanding the attack surface for man-in-the-middle attacks, credential theft, and malware propagation. Companies must reassess security policies to address the risks of remote work outside controlled environments.

#security #news

Read full article →

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

• NewsAPI.org

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Threat actor Lurking Lizard has deployed fake 7-Zip installers to compromise devices and convert them into residential proxy nodes as part of a malicious infrastructure spanning over 230 lookalike domains. Users downloading 7-Zip installers from unofficial sources risk having their devices hijacked into a proxy network for cybercriminal activities. The attack leverages social engineering to deliver malware disguised as legitimate software.

#security #news

Read full article →

Zineb Riboua: The Islamic Republic Is Weaker Than It Wants The World To Believe

• NewsAPI.org

Zineb Riboua: The Islamic Republic Is Weaker Than It Wants The World To Believe

The article discusses Zineb Riboua's analysis of Iran's post-Khamenei power structure, emphasizing the expanding influence of the Islamic Revolutionary Guards Corps (IRGC) and linking its growing repression to perceived systemic weakness. The analysis highlights how Iran's domestic policies and regional influence strategies may indirectly expose critical infrastructure to cyber and hybrid threats. Analysts and policymakers in Western governments and allied cybersecurity firms are urged to reassess threat models for Iranian state actors.

#security #news

Read full article →

Indonesia strengthens industry links through research funding

• NewsAPI.org

Indonesia strengthens industry links through research funding

Indonesia's Ministry of Higher Education, Science, and Technology launched the 2026 Downstreaming and Partnership Program, which introduces new research funding initiatives without explicit cybersecurity vetting protocols. The impact is primarily on research institutions, universities, and private sector partners collaborating in the program, raising concerns about potential exploitation of unsecured funded projects. Unvetted partnerships may lead to supply chain risks, intellectual property theft, or state-sponsored espionage.

#security #news

Read full article →

‘GitLost’: researchers tricked GitHub’s AI agent into leaking private repos

• NewsAPI.org

‘GitLost’: researchers tricked GitHub’s AI agent into leaking private repos

Researchers exploited a social engineering flaw named 'GitLost' in GitHub's AI coding agent to leak private repository contents via a politely worded GitHub issue. The attack bypasses access controls and requires no code exploitation, affecting all users relying on GitHub's AI agent for private repo interactions. No official fix or documentation exists from GitHub as of now.

#security #news

Read full article →

MERCURY GENERAL CORPORATION TO REPORT SECOND QUARTER RESULTS ON AUGUST 4, 2026

• NewsAPI.org

MERCURY GENERAL CORPORATION TO REPORT SECOND QUARTER RESULTS ON AUGUST 4, 2026

Mercury General Corporation announced a scheduled earnings report release for Q2 2026 on August 4, 2026, which may coincide with a potential cybersecurity incident targeting financial reporting systems. The impact includes financial data exposure or manipulation risks for stakeholders relying on the corporation's earnings reports, though no specific vulnerabilities or attack vectors were disclosed in the announcement.

#security #news

Read full article →

Show HN: Disclosure Lookup – a Caido plugin that finds where to report a vuln

• NewsAPI.org

Show HN: Disclosure Lookup – a Caido plugin that finds where to report a vuln

A new Caido plugin named 'Disclosure Lookup' was released to help security researchers find vulnerability disclosure contacts for affected vendors. The tool addresses a common pain point in responsible disclosure workflows by automating the discovery of where to report flaws. Researchers and organizations participating in vulnerability disclosure are directly impacted by this tool's utility.

#security #news

Read full article →

JadePuffer ransomware used AI agent to automate entire attack

• NewsAPI.org

JadePuffer ransomware used AI agent to automate entire attack

JadePuffer ransomware leveraged an autonomous AI agent powered by a large language model (LLM) to automate the entire attack chain, including reconnaissance and execution. The attack targets enterprise and cloud environments, exploiting unpatched vulnerabilities in widely deployed systems. This marks a significant evolution in ransomware tactics, enabling faster, more adaptive, and harder-to-detect operations.

#Malware

Read full article →

Nigel Farage accepted gifts from crypto-linked fraudster: Report

• NewsAPI.org

Nigel Farage accepted gifts from crypto-linked fraudster: Report

Nigel Farage, leader of Reform UK, reportedly accepted undocumented gifts including staff, security, and access to a central London property from George Cottrell, a figure linked to crypto fraud activities. This raises concerns about potential financial or reputational vulnerabilities due to unregulated or illicit associations. The incident highlights risks of influence operations or money laundering through high-profile individuals.

#security #news

Read full article →

skilltotal 0.31.0

• NewsAPI.org

The AI Component Security Platform 'skilltotal 0.31.0' released a static security analysis tool for AI components via its CLI engine, introducing potential vulnerabilities in AI pipeline integrations. Organizations using AI-driven development or deployment tools are affected, risking exposure of sensitive data or model manipulation. Immediate validation of AI component integrations is recommended.

#security #news

Read full article →

Top Business & Market Headlines Today — BL Morning Report, July 6, 2026

• NewsAPI.org

Top Business & Market Headlines Today — BL Morning Report, July 6, 2026

The BL Morning Report for July 6, 2026, highlights patch-related vulnerabilities in widely used financial data platforms, including a critical unauthenticated remote code execution flaw in a popular Indian stock market analytics tool. Unpatched systems face potential data breaches, market manipulation risks, and operational disruptions for brokerages and financial institutions.

#Patch

Read full article →