Here's your daily roundup of the most relevant AI and ML news for July 12, 2026. Today's digest includes 8 security-focused stories. Click through to read the full articles from our curated sources.
Security & Safety
1. Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws
Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host.
A brief description of the high-severity vul...
Source: The Hacker News (Security) | 1 day ago
2. Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and...
Source: The Hacker News (Security) | 20 hours ago
3. Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026.
"At Balochistan Police, the compromised assets inclu...
Source: The Hacker News (Security) | 20 hours ago
4. Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution.
The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails t...
Source: The Hacker News (Security) | 1 day ago
5. URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat."
The company has temporarily disabled access to the affected accounts, a step it sa...
Source: The Hacker News (Security) | 1 day ago
6. Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases.
The compromised version, @injectivelabs/[email protected], came embedded wi...
Source: The Hacker News (Security) | 1 day ago
7. Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers.
Four of the bugs can crash a device. The other two could let an att...
Source: The Hacker News (Security) | 1 day ago
8. Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks.
No old password. No backup card. Once it is reset, whoever did it controls the...
Source: The Hacker News (Security) | 1 day ago
About This Digest
This digest is automatically curated from leading AI and tech news sources, filtered for relevance to AI security and the ML ecosystem. Stories are scored and ranked based on their relevance to model security, supply chain safety, and the broader AI landscape.
Want to see how your favorite models score on security? Check our model dashboard for trust scores on the top 500 HuggingFace models.