LodeHQSubscribe →

GitLost leak, Tenda backdoor, Google sues Gemini scammers

Infosec · 2026-07-07

Vulnerabilities & Exploits
GitLost lets unauthenticated attackers siphon private repo data via public GitHub issues4 MIN

Researchers at Noma Labs uncovered GitLost, a prompt‑injection flaw in GitHub’s new Agentic Workflows. By posting a crafted issue in any public repo of an organization, an attacker can trigger the AI agent to read and exfiltrate contents of private repositories without credentials. The bug highlights the danger of giving AI agents unchecked access to internal code.

Hidden Tenda router firmware backdoor (CVE‑2026‑11405) lets anyone admin in2 MIN

CERT/CC disclosed that multiple Tenda router firmware versions contain an undocumented authentication backdoor in the /bin/httpd login routine. Exploiting CVE‑2026‑11405 bypasses password checks, granting full web‑interface admin rights without valid credentials. No vendor patch exists, so disabling remote management and limiting LAN exposure are the only mitigations.

Threats & Malware
Google sues Chinese scam ring for weaponizing Gemini AI in massive phishing campaign1 MIN

Google filed a civil suit against the Outsider Enterprise, a China‑based cybercrime network that weaponized its Gemini AI to generate thousands of phishing sites and send millions of scam texts. The case marks Google's first legal action against direct misuse of its own generative model, signaling a new front in AI‑driven fraud mitigation.

Canada’s spy agency cracks ransomware, extremist, fentanyl networks in 2025106 MIN

The 2025‑2026 CSE annual report reveals three state‑authorized cyber operations: a ransomware‑as‑a‑service gang’s infrastructure was rendered inoperable and stolen data wiped, a foreign extremist recruitment network was undermined, and overseas traffickers of fentanyl precursors were disrupted. The actions demonstrate Canada’s willingness to use offensive cyber tools against transnational crime.

PCPJack cloud worm boots rival malware, harvests credentials at scale18 MIN

SentinelOne discovered PCPJack, a self‑propagating cloud worm that first wipes out any TeamPCP artifacts on compromised hosts before siphoning cloud, container and SaaS credentials. The worm spreads through exposed Docker, Kubernetes and Redis services, focusing on credential theft rather than crypto mining, underscoring a new era of competitive, profit‑driven cloud attacks.

Breaches & Industry News
FBI Traced Scattered Spider Hack to a Single Windows Device ID4 MIN

A court filing shows prosecutors used a persistent Windows device identifier to link the Scattered Spider intrusion at a luxury jeweler to 19‑year‑old Peter Stokes. The ID survived OS updates, letting investigators tie the ngrok tunneling activity back to Stokes’s accounts across multiple services, highlighting the forensic value of device IDs.

Ohio County Paid $1 Million to Kairos to Stave Off Data Leak1 MIN

A small Ohio county (Union County) paid $1 million in Bitcoin to the Kairos extortion group to stop a leak of 2 TB of personal data stolen in a May 2025 breach. The attackers never encrypted files but used proof‑of‑access threats, forcing the county to raise its offer from $100 k to $1 million. The case shows how data‑theft extortion can cripple local governments.

Privacy, Policy & Governance
CISA taps Anthropic’s Mythos AI to hunt bugs in federal code2 MIN

CISA’s Attack Surface Evaluation team has deployed Anthropic’s Mythos AI to scan federal code repositories, flagging a wave of vulnerabilities that could be exploited by foreign actors. The move signals a rapid shift toward high‑capacity AI tools in U.S. cyber‑defense, raising questions about oversight and model supply‑chain risks.

Get Infosec in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ