
Hidden Spy for 1.6 Million Users: Popular Browser Extension ModHeader Secretly Collected Browsing History
Google and Microsoft have removed the popular ModHeader browser extension from the Chrome Web Store and Microsoft Edge Add-ons after security researchers discovered a hidden mechanism designed to secretly collect users' browsing history. The extension, which had approximately 1.6 million installations, allowed developers to modify HTTP headers for testing and debugging purposes but contained a dormant data-collection module in its legitimate codebase. British firm Stripe OLT confirmed that the suspicious code was part of the genuine signed build rather than a fake version. Although the history-stealing functionality remained inactive due to an empty internal browser list, the extension still transmitted telemetry data and could have been activated remotely via a simple update. Experts recommend immediate removal of the extension, replacement of any credentials entered through it, and blocking of the domains stanfordstudies[.]com and extensions-hub[.]com.
Translated from Russian
Read full articleLatest News

Bitrix24 Adds Email One-Time Codes as New Two-Factor Authentication Option in Cloud Version
Bitrix24 has introduced email-based one-time codes as an additional two-factor authentication method for its cloud platform, expanding options beyond authenticator apps, push notifications, and SMS. The new feature targets organizations where employees cannot or prefer not to use dedicated 2FA applications or receive text messages reliably. It reinforces account security by requiring a second verification step after login credentials, making unauthorized access more difficult even if passwords are compromised through phishing or leaks. However, the company notes that email as a second factor carries risks if an attacker already controls the user's mailbox. The same capability is planned for the on-premise edition soon, and Bitrix24 intends to mandate two-factor authentication for Professional and Enterprise cloud tariff customers. This update highlights the growing emphasis on flexible yet secure authentication mechanisms in enterprise collaboration tools.
Translated from Russian

Solar inRights 3.11 Automatically Blocks Corporate Accounts Whose Passwords Appear in Dark Web Leaks
GC Solar has released Solar inRights 3.11, a major update to its identity and access management platform that integrates directly with the Solar AURA threat monitoring service. The new version automatically detects corporate credentials exposed in open sources and dark web dumps, validates whether the same login-password pairs remain active inside the organization, and instantly revokes access while alerting the security team. The feature addresses the common scenario in which employees reuse work email addresses and passwords on third-party websites, allowing attackers to test stolen credentials against corporate systems in what appears to be legitimate login attempts. Research cited by Solar shows that a single large Russian company typically has more than 600 unique corporate accounts circulating in public and underground sources, although only about 4 percent directly indicate infrastructure compromise. Yandex Cloud data further reveals that valid account abuse featured in 54 percent of over 25,000 attacks on cloud and hybrid environments during the first half of 2025. In addition to the leak-response capability, version 3.11 introduces improved search, request filtering, and integration templates for Active Directory, Exchange, and 1C.
Translated from Russian

69% of Browsers Worldwide Vulnerable: How Chrome Sync Enables Stealth Surveillance Without Malware
Google Chrome's standard synchronization feature can be silently abused to turn any browser into a surveillance tool, requiring only brief physical access to a victim's device and the addition of an attacker's Google account. Security researchers at Certo highlighted the technique after multiple cases involving intimate partner surveillance, including one incident where a woman’s visits to a family lawyer and domestic abuse support sites were monitored in real time by her partner. Once sync is enabled, browsing history, bookmarks, open tabs, autofill data, and saved passwords are automatically transmitted to the attacker’s profile, which can be viewed from any device worldwide without needing the victim’s password or installing spyware. Chrome provides no prominent warnings about new profiles or active synchronization, and alerts about logins are sent only to the account owner rather than the device owner. With Chrome holding a 69.65% global market share according to StatCounter data from June 2026, the method potentially affects millions of users on Android, iOS, Windows, and macOS. Experts recommend regularly checking connected profiles in browser settings, using Incognito mode for sensitive activity, securing devices with strong passcodes and biometrics, and immediately removing unknown accounts while changing important passwords.
Translated from Russian

Former OpenAI CTO Mira Murati Launches Thinking Machines' Inkling: Open-Weights Multimodal AI Model with 975 Billion Parameters and Self-Training Demo
Thinking Machines, founded by former OpenAI technical director Mira Murati, has released Inkling, its first open-weights multimodal AI model that supports text, images, and audio in a unified architecture. The model uses a mixture-of-experts design with 975 billion total parameters but activates only 41 billion at once, supports a 1-million-token context window, and was trained on 45 trillion tokens spanning text, images, audio, and video. A smaller Inkling Small variant with 12 billion active parameters was also introduced for faster and cheaper inference. Key innovations include adjustable reasoning depth that lets developers control compute usage per query and a self-training experiment where the model autonomously fine-tuned itself via the Tinker platform to avoid using one letter of the English alphabet. Weights are now available on Hugging Face with support for Transformers, vLLM, SGLang, and llama.cpp, positioning Inkling as a flexible foundation for further customization rather than a direct competitor to closed frontier models.
Translated from Russian

VK Sells 100% of RuStore to CEO Dmitry Pankrushev, Transferring Full Control to Management Team
VK has reached an agreement to sell its entire stake in the Russian Android app store RuStore to the company's own general director, Dmitry Pankrushev. The transaction moves RuStore out of direct corporate control by VK and places it under the leadership of the team that has been managing its day-to-day operations. No financial details, including the purchase price or payment structure, have been disclosed. VK described RuStore as Russia's single point of access to essential Android services and as a key platform supporting local application developers. After the deal closes, the existing team has committed to continuing regular updates, expanding features, and maintaining stable service for users. On the surface, end-users should notice no immediate changes in availability or functionality, yet the shift represents a significant structural change for one of Russia's most important alternative app marketplaces.
Translated from Russian

VK and MAX Apps Removed from Google Play Store Amid EU Sanctions on Russian Company
VK and its national messenger MAX have been removed from the Google Play Store following the European Union's decision to add the parent company to its sanctions list. The company confirmed that the apps are no longer available for new downloads or updates through Google, but existing installations continue to function normally with full access to messaging, calls, events, and push notifications. Users can obtain updates and new installations through alternative Android stores including RuStore, Huawei AppGallery, Samsung Galaxy Store, and Xiaomi GetApps, or receive in-app update prompts when new versions become available. The removal comes shortly after similar apps such as Dzen and VK Video disappeared from the Apple App Store last month. Although the exact reasons were not disclosed in VK's statement, the sanctions were triggered specifically by the development of the MAX messenger as a national platform. This development highlights how regulatory actions are reshaping app distribution channels for Russian digital services, positioning RuStore as a primary rather than backup marketplace.
Translated from Russian

Grok Build AI Coding Assistant Secretly Uploaded Entire User Repositories Including Git History and Secrets to Google Cloud
Grok Build, the command-line coding tool developed by Elon Musk’s xAI, was found transmitting complete Git repositories — including full commit history and previously deleted sensitive files — to Google Cloud storage even when users issued minimal commands such as “OK”. Security researcher Cereblab discovered that the tool ignored explicit instructions not to access files and packaged entire codebases regardless of the task. The behavior contrasted sharply with competing assistants like Claude Code, Gemini, and Codex, which transmit only the minimal files required. After public disclosure, xAI enabled a server-side disable_codebase_upload flag and promised to delete all previously collected data, while also open-sourcing the tool and disabling data retention by default from July 12. Cereblab criticized the lack of secure defaults, noting that users had to manually run a /privacy command that did not actually stop the uploads. The incident raises ongoing concerns about whether xAI has truly erased the large volumes of source code, SSH keys, password-manager databases, and other secrets that were collected without explicit consent.
Translated from Russian

Hacker Leaks Suno Source Code Exposing Massive Scraping of 2 Million YouTube Music Tracks and Customer Data Breach
A hacker known as ellie.191 has leaked the internal source code of Suno, one of the largest AI music generation services, to 404 Media, revealing extensive unauthorized scraping of copyrighted material from YouTube Music, Deezer, Genius, and other platforms. The leaked files, believed to date from 2023 and 2024, detail how Suno collected over 2 million music tracks and hundreds of thousands of hours of audio, including 152,000 hours from YouTube Music alone, along with 420,000 podcasts totaling nearly 1 million hours. Additional datasets came from Pond5, Jamendo, Freesound, MuseScore, and other libraries, with the company using Bright Data proxies to bypass restrictions and tools to isolate vocals from instrumental tracks. The breach also exposed hundreds of thousands of customer records, including emails, phone numbers, and partial Stripe payment data, which multiple users have already confirmed as accurate. Suno claims the incident was limited, occurred in November 2025, and involved only outdated code, while denying any leak of sensitive payment information. The hacker gained access via an employee account compromised by the Shai-Hulud worm, which stole GitHub and cloud credentials, and stated the attack was driven purely by curiosity rather than a specific motive. This disclosure lends support to ongoing lawsuits from the Recording Industry Association of America alleging direct copyright infringement by Suno.
Translated from Russian

Russian Players Report Mass Launch Failures in Diablo IV, Marvel Rivals and Other Online Games Amid Suspected Regional Restrictions
Russian gamers are experiencing widespread problems launching popular online titles including Diablo IV, Marvel Rivals, and Neverness to Everness, with games either failing to start or disconnecting at the server connection stage. Reports on Steam highlight the recurring Server Connection Failed error in Marvel Rivals, where standard troubleshooting steps such as client restarts, file verification, and account re-logins provide no relief for many users. The issues coincide with mentions of content web filtering systems and follow a partial Steam outage on July 14 that already disrupted platform sections and page loading. Players are divided between theories of deliberate regional blocks or ordinary technical faults, yet neither game developers nor Russian authorities have issued any official statements. Steam itself remains accessible, allowing users to reach their libraries and the Play button, but actual gameplay connections have turned into an unpredictable lottery. Without confirmed explanations, affected players can only continue testing connections and hoping for successful launches.
Translated from Russian
From Russian sources
Translated from Russian

Google to Allow Competing Android App Stores Directly Inside Play Store After Epic Games Court Ruling
Google is preparing to open its official Google Play store to rival Android app marketplaces starting July 22, following a court order issued in the long-running antitrust lawsuit with Epic Games. The ruling stems from the 2020 Fortnite dispute over Google’s 30% commission and direct in-app purchases that bypassed the platform’s billing system. A federal judge determined that Google had unlawfully prevented device makers from promoting or pre-installing alternative app stores, thereby reinforcing Google Play’s monopoly position. As a result, approved third-party stores will now be distributed directly through Google Play, receive default access to its app catalog, and be subject to an annual $5,000 verification fee. Developers retain the right to block distribution of their apps on specific stores, while participating marketplaces must meet strict security, copyright, and update obligations or risk removal if suspicious installations exceed 1%. Although the changes are expected to apply primarily in the United States, the decision marks a fundamental shift in how Google must accommodate competitors within its own ecosystem.

Interpol Dismantles €140 Million BEC Fraud Network Impersonating Executives Across Spain, Portugal and Panama
Police have dismantled an international criminal network that used Business Email Compromise (BEC) techniques to steal €140 million through investment fraud and the substitution of corporate correspondence. The operation, conducted simultaneously in Spain, Portugal, and Panama with support from Interpol and Europol, resulted in the arrest of four suspected organizers. Investigators found the group controlled more than 800 bank accounts and 120 corporate accounts while relying on 67 intermediaries to move funds. The scheme involved impersonating company executives or sending fake invoices to trick employees into transferring money to accounts controlled by the criminals. Rapid layering of transfers across multiple countries obscured the money trail, with at least €94 million confirmed to have passed through the network. Authorities froze €3 million and seized 15 computers plus over 170 smartphones during raids on six premises in Barcelona, Girona, Tarragona, and Porto.

Microsoft Pauses Windows Security Update KB5101650 After It Triggers Shutdowns and Overheating on Dell Laptops with Intel Processors
A mandatory July security update intended to patch 570 vulnerabilities in Windows instead caused spontaneous shutdowns, performance drops, overheating, and rapid battery drain on certain Dell laptops equipped with Intel processors. The root cause was traced to incompatibility between the new Windows USB-C Connection Manager interface and Intel’s Innovation Platform Framework Processor Participant driver, which manages CPU power consumption and thermal control. Microsoft had already observed early signs of the conflict in June with the optional update KB5095093, but the problematic driver changes were carried forward into the mandatory Patch Tuesday release. Because the exact list of affected Dell models was not disclosed, the full scope of the issue remains difficult to assess, though the company acted quickly to block rollout on incompatible hardware. No widespread hardware damage has been reported, and Microsoft is working with Intel and Dell to deliver a fix in the coming days while continuing to recommend the update for unaffected systems.

DNA Origami Turns Secrets into Molecular Morse Code: Multi-Key Nano-Safe Resists Single-Party Attacks
Chinese researchers have developed a multi-layered encryption system based on DNA origami that encodes messages as Morse code patterns of dots and dashes on flat DNA rectangles. These structures are then folded into tubes using locking strands, physically concealing the data until the correct molecular key is applied. The approach leverages the programmable properties of DNA to perform cryptographic functions including data encoding, physical hiding through shape change, and controlled release only with a matching set of six unlocking strands. Testing achieved 99.7% efficiency in unlocking, with the full encryption-decryption cycle taking around ten hours on the phrase “JUNE6 INVASION NORMANDY.” The system provides 2,576 possible key combinations and hides message length by standardizing block sizes, making it resistant to physical scanning without the proper key. While too slow for everyday use, the work demonstrates that future information protection may combine mathematical algorithms with physical properties of engineered biomolecules.

Tornyol Develops 40-Gram Autonomous Drones That Hunt Mosquitoes Mid-Air Using Doppler Ultrasound and Sound Detection
American startup Tornyol, backed by Y Combinator, has successfully tested a miniature autonomous drone weighing around 40 grams that can chase and collide with flying insects without chemicals. In its first public demonstration on July 14, the prototype tracked and intercepted a moth inside a controlled indoor facility using external motion-capture equipment. The company aims to reduce mosquito-control costs by a factor of 100 by deploying swarms of ten drones to clear one square kilometer. Future versions will rely entirely on onboard sensors, including ultrasonic emitters and microphone arrays, to detect the Doppler shift created by mosquito wingbeats and distinguish species and sex. Engineers plan to move all computation to the drone itself within weeks and eventually form autonomous swarms capable of navigating urban environments. Although the current test still depended on external infrared tracking and a ping-pong ball as a stand-in target, Tornyol views the flight as the first verified aerial interception toward a scalable, non-chemical mosquito eradication system.

UK Plans Nighttime Social Media Curfew and Addictive Feature Restrictions for Teens from 2027
The United Kingdom has announced plans to restrict social media access for teenagers aged 16-17, introducing a nightly curfew from midnight to 6 a.m. starting in spring 2027. In addition to the time-based ban, platforms will be required to disable addictive features such as infinite personalized feeds, autoplay videos, Reels, and TikTok-style content by default for this age group. The measures are designed as a transitional step ahead of a complete social media ban for children under 16, which will also take effect in spring 2027. Government officials cite a pilot study involving 300 participants that demonstrated improved sleep quality and concentration after implementing similar nighttime restrictions. The policy also targets AI chatbots, mandating mandatory breaks for minors and potentially banning services that provide dangerous or unverified mental health advice. Schools will incorporate new digital literacy modules covering safe AI usage, detection of deepfakes, disinformation, and harmful content such as violent or misogynistic material.
From Chinese sources
Translated from Chinese

Bankrupt After Just Six Weeks of Production Shutdown: How a Cyber Attack Killed a 37-Year-Old German Textile Manufacturer and Exposed the Cruel Reality of Modern Cyber Threats
A 37-year-old German textile processing company, ZEGO Textilveredelungszentrum, has filed for insolvency after a cyber attack halted its production lines for nearly six weeks, demonstrating that business interruption alone can destroy even well-established manufacturing firms without any data theft or ransom demands. The firm, based in Bavaria and serving automotive, workwear, and technical textiles industries, suffered the attack on March 29, 2026, leading to irrecoverable financial losses despite eventual system recovery. Managing Director Johannes Zenglein described the decision as one of the most difficult in the company's history, noting that the prolonged downtime caused severe cash flow disruption, lost orders, and customer attrition. The incident highlights a growing trend where cyber attacks on industrial systems lead directly to bankruptcy, as seen in prior cases like the 158-year-old British transport company Knights of Old and a German mobile phone repair firm. Key lessons include the critical need for robust business continuity plans, quantified downtime cost assessments, and supply chain resilience evaluations beyond traditional security measures. Unlike typical ransomware events, this attack required no encryption or extortion to achieve devastating results, underscoring that operational resilience is now a matter of corporate survival.

Ghostcommit Attack: Malicious Prompts Hidden in PNG Images Hijack AI Coding Agents to Steal .env Secrets
A novel supply-chain attack called Ghostcommit allows attackers to embed prompt-injection instructions inside PNG images, bypassing AI-powered code review tools and tricking coding agents into leaking sensitive .env configuration files and API keys. Researchers from the ASSET Research Group demonstrated that direct plaintext instructions are immediately flagged by tools such as Cursor and CodeRabbit, but splitting the payload across an AGENTS.md file and a seemingly innocuous image evades detection. The attack remains dormant until a developer later asks the agent to perform normal development tasks, at which point the agent reads the image, extracts the .env contents byte-by-byte, and outputs them as a long tuple of ASCII numbers. Testing across 11 tool-model combinations revealed that success depends primarily on the runtime framework rather than the underlying LLM, with Cursor and Antigravity leaking secrets while Claude Code successfully blocked the attack in most cases. The team also released an open-source multimodal defense prototype based on Gemma 4 that runs on a single 4 GB GPU and achieved near-perfect detection rates on both known and unknown attack samples.

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches
The second phase of the nationwide "Hundred Cities On-the-Job Plan" for FDE Frontier Deployment Engineers has been announced, expanding opportunities across China. The initiative targets experienced engineers specializing in advanced deployment technologies and aims to place professionals in key urban centers. Building on the success of the first phase, this new round seeks to strengthen technical capabilities in critical infrastructure and cybersecurity domains. Participants will receive structured onboarding, training, and direct placement support in multiple cities. The program underscores growing demand for specialized deployment expertise amid rapid digital transformation.

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security
In June 2026, the ransomware group WorldLeaks infiltrated Tata Electronics, Apple's key manufacturing partner in India, and exfiltrated 630GB of highly sensitive data comprising over 200,000 files that were subsequently posted on the dark web. The stolen materials include unreleased iPhone 18 Pro motherboard schematics, A20 Pro chip technical manuals, complete supplier lists, Tesla component designs, and employee passport copies, exposing the vulnerabilities in Apple's two-decade supply chain secrecy system built at a cost of billions of dollars. WorldLeaks, formerly known as Hunters International, employed a 'steal-only' tactic without encryption, capitalizing on the growing trend of data extortion that has proven more profitable than traditional ransomware. The breach raises serious concerns about Apple's ambitious India manufacturing expansion, which aims to increase local component sourcing from 10% to 50% within three years, and highlights broader risks to global supply chains involving companies such as Tesla, TSMC, and Qualcomm. Apple responded swiftly by deploying DMCA takedowns across platforms like X within 24 hours, yet the irreversible nature of dark web leaks underscores the need for enhanced supplier security audits, data segmentation, and proactive data loss prevention measures.

Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools
In July 2026, Check Point Research exposed Cavern Manticore, an Iranian MOIS-linked APT group, actively targeting Israeli IT providers and government entities with a sophisticated modular C2 framework called Cavern (also known as Cav3rn). Unlike previous Iranian groups that rely on public tools, this actor built an entirely custom .NET-based framework deliberately compiled into three incompatible binary formats—pure IL, mixed-mode C++/CLI, and .NET 8 Native AOT—to force analysts to maintain multiple reverse-engineering toolchains and dramatically increase operational costs. The framework achieves near-zero detection rates on VirusTotal by avoiding traditional obfuscation and instead weaponizing compilation formats themselves, with modules running in isolated AppDomains that leave no persistent artifacts. Attackers gain initial access through compromised RMM solutions such as SysAid, abusing legitimate update mechanisms to sideload the Cavern Agent disguised as uxtheme.dll via a WinDirStat DLL side-loading chain. Communication uses XOR encryption with Base64 encoding, fixed Edge User-Agent strings, custom headers, and a unique protocol syntax, while supporting hot updates and aggressive cleanup. The campaign coincides with parallel operations by MuddyWater against regional targets, highlighting Iran’s coordinated escalation in cyberspace and the growing threat of supply-chain trust abuse against MSPs and RMM platforms worldwide.

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk
In April 2026, medical device giant Medtronic suffered a cyber intrusion that lasted six days, allowing unauthorized access to backend IT systems containing sensitive patient information. The breach, discovered on April 19 after beginning on April 13, exposed names, contact details, birth dates, Social Security numbers, and health treatment data linked to devices such as pacemakers, insulin pumps, and neurostimulators. Although the medical devices themselves remain unaffected and show no signs of remote tampering, the leaked data poses severe risks of identity theft, financial fraud, and targeted scams that could persist for years. Medtronic has initiated emergency response measures, engaged external experts, and notified law enforcement and regulators, while offering 24 months of free identity monitoring to affected users. The incident highlights how even large enterprises struggle with securing ordinary office IT systems that store critical patient records, underscoring the need for individuals to monitor accounts and adopt stronger security habits.