OpenAI temporarily relaxes GPT-5.6 Sol usage limits
OpenAI is temporarily relaxing GPT-5.6 Sol usage limits after demand for the company’s most powerful model surged over the past 48 hours. On Sunday, OpenAI confirmed that it is temporarily removing the five-hour usage restriction for Plus, Pro, and Business plans, while also resetting current usage for everyone. “The last 48 hours of Codex and […]
Claude Fable 5 stays free for paid users until July 19 as Anthropic buys more time
Anthropic has just extended access to Claude Fable 5 for paid subscribers until July 19, giving you another week to keep using the most powerful model. Previously, Anthropic said Fable 5 would be included in Pro, Max, Team, and premium Enterprise subscriptions only through July 7. After that, you would need usage credits to keep […]
RedHook Android malware now uses Wireless ADB for shell access
A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection. Researchers at cybersecurity company Group-IB analyzed the new release of the mobile malware and say that it significantly expands its capabilities compared to the previous variant […]
Australia warns of global campaign targeting vulnerable CMS platforms
The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins. The government agency says that many Australian businesses have already been affected by the malicious activity, with webshells being deployed on their sites. Webshells provide persistent access to the compromised sites and allow […]
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets
Researchers have built a pull request that steals a repository’s secrets by hiding the malicious instruction inside a PNG that AI code reviewers never open. The reviewer waves the change through. Later, a coding agent reads the picture, opens the repo’s .env, and writes every key into the source as a harmless-looking list of numbers. […]
New U-Boot flaws could enable stealthy firmware attacks
Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. U-Boot is one of the world’s most widely used open-source bootloaders and is found in many embedded Linux devices, including […]
Ryuk ransomware member pleads guilty in the US, faces 15 years in prison
A 34-year-old Armenian man has pleaded guilty to hacking U.S. companies and deploying the infamous Ryuk ransomware to encrypt their systems. Karen Serobovich Vardanyan was extradited to the United States after beingĀ arrested in Kyiv in April 2025Ā for providing initial access to corporate networks. According to court documents, Vardanyan helped deploy Ryuk ransomware on the networks […]
Police suspects Dutch hackers were involved in Odido breach
The Dutch National Police (Politie) says it has found “strong indications” that Dutch hackers have been involved in a February breach at the telecommunications provider Odido. “This includes a telephone conversation that was made with Odido customer service shortly before the hack. In this conversation, a Dutch-speaking man posed as Odido’s IT employee. The company […]
Progress urges ShareFile admins to shut down servers over ācredibleā threat
Progress Software is emailing ShareFile customers who use Storage Zone Controllers to immediately shut down their servers after identifying what it describes as a “credible external security threat” targeting the on-premises secure file-sharing software. ShareFile is Progress Software’s enterprise secure file sharing and collaboration platform that allows customers to host their files in Progress’ cloud […]
Hackers exploit critical auth bypass in Gitea Docker image
Hackers are actively exploiting a critical vulnerability in the official Docker image for the Gitea self-hosted Git service that allows attackers to impersonate any user, including administrators. The security flaw is an authentication bypass vulnerability, tracked as CVE-2026-20896, that affects deployments using the default configuration, where reverse proxy authentication headers such as X-WEBAUTH-USER are enabled. Michael […]