lithos Twitter
Lithos Header
Last Updated
Age in hrs 
1
2
3
5
8
13
21
34
55

 The GitHub Actions Attack Pattern Your CI Security Scanners Miss  - ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn't guarantee a secure pipeline, and how organizations can better govern their CI/CD workflows.

 Threat landscape for industrial automation systems. Q1 2026  - This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source, region and industry.

 News alert: Insignary tackles SBOM accuracy gap as AI tools intensify software supply-chain risk  - TORONTO, July 6, 2026, CyberNewswire – Insignary, Inc. , whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering, 2026 .

 Max severity Adobe ColdFusion flaw now exploited in attacks  - Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel.

 NCA Issues Warning to Parents As Shared Child Photos Exploited by AI Tools  - IWF and NCA warn that growing numbers of images and videos are being manipulated into sexual abuse material

 Two arrested over credit card phishing – as the Netherlands is named Europe’s worst for payment fraud  - Two young men have been arrested in the Netherlands on suspicion of running a phishing operation that harvested the credit card details of unsuspecting victims. Read more in my article on the Hot for Security blog.

 Independent Labs Crack Google’s Secret Cryptography Work  - Using crowdsourcing and AI swarms, a startup surpassed Google’s results in 72 hours

 UK Government Launches Cyber Resilience Pledge, Claiming 60+ Signatories  - More than 60 organizations, including M&S, Microsoft UK and Vodafone, have signed the UK government's Cyber Resilience Pledge, a new initiative aimed at boosting cyber security and resilience across British businesses

 Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations  - An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and...

 Opera GX Flaw Let Sites Auto-Install Mods to Steal Data  - Opera GX flaw let sites automatically install mods to steal data from other pages, now patched

 New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions  - Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix , tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode....

 Instagram served child abuse ads in India, BBC investigation finds  - The content linked to Telegram channels where users could buy the content for as little as $1.

 What Changes When Your Software Supply Chain Includes AI Writing Your Code?  - Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody chose on purpose? SolarWinds,...

 How AI-leading Security Teams Are Building the Agentic SOC  - AI-enabled attacks move faster than human analysts can track, at a scale that traditional SOCs weren’t designed to withstand. eCrime breakout times collapsed to 29 minutes on average in 2025, with the[…]

 CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware  - Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit...

 Phishing poses as big-brand job interview to steal Google accounts  - A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals.

 Apple and Broadcom extend chip supply deal for 5 years  - Apple navigates an AI-driven chip crunch.

 When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website  - The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it.

 Flipper Zero firmware development continues with community help  - Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions.