🚨 CISA KEV 2[−]
2 Jul KEVSharePoint RCE CVE-2026-45659 Added to CISA KEV After Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-4565…THEHACKERNEWS.COM
2 Jul KEVU.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft SharePoint Server flaw, tracked as CVE-2026-4565…SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
2 JulSandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vectorResearchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549 , allow…CSOONLINE.COM
2 Jul KEVCISA Warns of Actively Exploited Microsoft SharePoint VulnerabilityCISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659). The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulVU#639124: Multiple local privilege escalation vulnerabilities in Little Orbits GameFirst Anti-CheatOverview The GamersFirst Anti-Cheat (GFAC) driver GFAC.sys contains multiple local privilege escalations and denial-of-service vulnerabilities stemming from insecure handling of user-controlled input through a minifilter communication port. A local attacker can abuse these flaws …KB.CERT.ORG
⚠️ VULNERABILITY DISCLOSURE 30[−]
2 JulUnpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes ClustersArgo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to …THEHACKERNEWS.COM
2 JulGitHub’s new tool helps prevent costly open-source license violationsGitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review. The feature is available to GitHub Advanced Security cu…HELPNETSECURITY.COM
2 JulDrawing a digital line for geofencing.This week, Dave and Ben take a look at the Supreme Court's recent ruling that has significantly changed how the law enforcement must approach collecting user location data. Alongside this conversation, Ben also sits down with former Congressman and current President of Americans …THECYBERWIRE.COM
2 JulWhat the AI patch gap means for enterprise securityOpen-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than 23,000 open-source…HELPNETSECURITY.COM
2 JulNew ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit ReposAttackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts you…THEHACKERNEWS.COM
2 JulExploring cross-domain & cross-forest RBCD: part 2Kerberos delegation capabilities in Linux-based tooling have been extended to allow impersonating any user within a forest. This assumed identity can then be leveraged to access resources across any domain within that forest, or even in a remote forest, provided that a trust rela…SYNACKTIV.COM
2 JulAI Agent Exploits Langflow RCE to Automate Database Ransomware AttackSecurity firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credential…THEHACKERNEWS.COM
2 JulAdobe fixed multiple maximum-severity flaws in ColdFusion and Campaign ClassicAdobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for ColdFusion and Campaign Classic, fixing multiple critical vulnerabilities, including seven maximum-…SECURITYAFFAIRS.COM
2 JulArgo CD flaw shows why GitOps infrastructure should be treated as tier zeroA newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application deployments. Security…CSOONLINE.COM
2 JulField reports from Patch the PlanetWe’re running Patch the Planet , an ongoing collaboration with OpenAI that pairs Trail of Bits engineers directly with more than 30 open-source projects. Its goal is to front-run a serious problem facing open-source maintainers: highly capable models like GPT-5.5-Cyber will soon …TRAILOFBITS.COM
2 Jul KEVCISA: Microsoft SharePoint RCE flaw now actively exploitedCISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [...]BLEEPINGCOMPUTER.COM
2 JulCisco Confirms In-the-Wild Exploitation of Unified CM VulnerabilityA PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week. The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulCisco finally confirms attackers exploiting Unified CM flawCisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]BLEEPINGCOMPUTER.COM
2 JulResearcher Behind 'Exploitarium' Explains Release of Undisclosed Zero-Day ExploitsInfosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities firstINFOSECURITY-MAGAZINE.COM
2 JulAnthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open-source software supply chain.DARKREADING.COM
2 JulNew iboss platform gives organizations instant visibility into AI tools and usageiboss has launched the AI Security Platform, a new service that gives any organization visibility into the AI tools its people are using, free of charge. Signup is instant, deployment takes an afternoon, and a complete AI footprint appears within hours. Organizations that want to…HELPNETSECURITY.COM
2 JulNew CitrixBleed Vulnerability Exploited Immediately After Public DisclosureHackers are targeting NetScaler appliances using public PoC code to retrieve arbitrary memory content in the HTTP response. The post New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulFormalizing Red Teaming Offensive Methodology as a Multi-Agent AI ArchitectureThreat actors are integrating AI into their exploit chains, accelerating reconnaissance, automating vulnerability discovery, and scaling social engineering in ways that compress the timeline between initial access and impact. The barrier to sophisticated offensive operations is d…RAPID7.COM
2 JulCisco confirms exploitation of critical Unified CM flaw.DHS investigates hack of information-sharing network. Suspected Scattered Spider member extradited to the US.THECYBERWIRE.COM
2 JulFortiBleed campaign traced to INC and Lynx ransomware operationsResearchers are also investigating the role of a suspected zero-day vulnerability.CYBERSECURITYDIVE.COM
2 JulApple’s Hide My Email doesn’t hide it very wellA year ago a researcher found a vulnerability in Apple's Hide My Email feature and now he's tired of waiting for a fix.MALWAREBYTES.COM
2 JulFrom Cloud to Chaos: Defining Shared Responsibility for AI SecurityFor 15 years (!), many of us who have touched cloud security have struggled with the shared responsibility model for cloud security. As with many “cyber things,” the theory is simple. Multiple vendors, consulting firms, and industry bodies have published deceptively clear matrice…MEDIUM.COM
2 JulCatan and MouseWhat do board games and cybersecurity have in common? Pattern recognition. Strategy. Adaptation. In this week’s Threat Source Bill explores why curiosity may be a defender’s most valuable skill.TALOSINTELLIGENCE.COM
2 JulApple Reverses Age-Old Patch Policy to Keep Up With AIExpect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.DARKREADING.COM
2 JulFortiBleed Actors Collaborating With Inc, Lynx Ransomware GangsAfter gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.DARKREADING.COM
2 JulGlobal Schools Holdings Cites Two Injunctions in a Bid to Chill Our Reporting. It Won’t Work.My About page is pretty clear about legal threats: If you want to send me legal threats about my reporting or comments, knock yourself out, but don’t be surprised to see me report on your threat, any confidentiality sig blocks you may attach notwithstanding. I have been threatene…DATABREACHES.NET
2 JulThe people's AI?OpenAI considers an equity plan to share AI wealth with the public. Cisco confirms active exploitation of its unified CM platform. Researchers discover autonomous ransomware. The Vect ransomware operation partners with TeamPCP. The FortiBleed credential-harvesting campaign is lin…THECYBERWIRE.COM
2 JulLaunch of UK's National Cyber Action Plan delayed amid Labour leadership crisisThe plan had been due for publication on Monday, the sources said. It has been postponed amid the uncertainty over the governing Labour Party’s leadership contest, which opens July 9.THERECORD.MEDIA
2 JulLinux Tech Segment & Vulnerabilities Galore - PSW #933This week we have a technical segment based on the response to "Atomic Arch", an updated open-source tool to help you catch malicious packages. In the security news: - Exploitarium - A hot messy summer of vulnerabilities - AI Squatting - Linux LPE - no shortage of those - Fingerp…YOUTUBE.COM
2 JulDefense Gap in AI Security RaceAI is improving offensive security capabilities like vulnerability discovery and exploit generation at a rapid pace. Offensive work can tolerate high error rates, since only occasional success is needed. Defensive security cannot operate that way—detection, patching, and response…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
2 JulIt’s 37oC, And All We Can Think About Is ColdFusion (Adobe ColdFusion Security Bulletin APSB26-68 CVE Bonanza)We’re back, melting - we’ve tried shouting, screaming, and throwing things at the Sun, and it is just not working. Before we begin our analysis, we want to be clear - given the number of vulnerabilities fixed (and some not mentioned..), we’ve struggled to hav…LABS.WATCHTOWR.COM
📢 SECURITY ADVISORIES 8[−]
2 JulReview: CTRL+ALT+PWNHacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition. He spent twenty-five years in healthcare co…HELPNETSECURITY.COM
2 JulNCSC Shares Tips on How to Make a Pen Tester’s Job HarderThe NCSC has shared best practice advice from pen testers which could help improve system resilienceINFOSECURITY-MAGAZINE.COM
2 JulTrump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity AlarmAnthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available. The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulCybersecurity Mission Creep in the USInteresting paper: “ Cybersecurity Mission Creep .” Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social med…SCHNEIER.COM
2 JulAussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBsImproved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses.DARKREADING.COM
🔥 INCIDENT REPORTING 18[−]
2 JulMedtronic notifies customers impacted by ShinyHunters data breachHealthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. [...]BLEEPINGCOMPUTER.COM
2 JulCatching ransomware on the wire before it locks the file serverCorporate networks keep sensitive files off individual workstations and store them on shared servers that staff reach through mapped network drives. That arrangement hands ransomware operators a target worth chasing. A single compromised laptop can begin encrypting files that liv…HELPNETSECURITY.COM
2 JulThe endpoint recovery gap many teams discover during an incidentIn this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once. Haas walks through what a well…HELPNETSECURITY.COM
2 JulOpera blocks ClickFix attacks with new clipboard protection featureOpera has launched Paste Protect, a clipboard protection feature designed to prevent clipboard-based attacks such as hijacking and pastejacking. Paste Protect includes built-in protection and warnings against ClickFix-based cyberattacks, which accounted for more than half of malw…HELPNETSECURITY.COM
2 JulAlleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime ChargesAlleged Scattered Spider member Peter Stokes, 19, was extradited from Finland to the U.S. over hacking, fraud, and extortion charges. Peter Stokes, 19, an alleged Scattered Spider member known online as “Bouquet,” has been extradited from Finland to the U.S. to face h…SECURITYAFFAIRS.COM
2 JulMissed incidents, persistent threats, and response gaps: Insights from compromise assessment projectsKaspersky Compromise Assessment specialists analyze trends from the service's 2025 projects and provide tips on how to enhance your organization's security.SECURELIST.COM
2 JulFortiBleed Credential Theft Linked to INC and Lynx Ransomware OperationsThe recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found activel…THEHACKERNEWS.COM
2 Jul‘BioShocking’ Attack Tricks AI Browsers Into Stealing CredentialsResearchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials. The post ‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials appeared first on SecurityWeek .SECURITYWEEK.COM
2 Jul430,000 FortiGate Devices Exposed in FortiBleed Ransomware LinkFortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected FortiBleed, a large-scale campaign that harvested credentials from over 430,000 FortiG…SECURITYAFFAIRS.COM
2 JulCybercriminals Pose as Interpol in Phishing Emails to Infect Victims With RansomwareBitdefender researchers warned of curious ransomware campaign which has targeted businesses around the worldINFOSECURITY-MAGAZINE.COM
2 JulFortiBleed Campaign Linked to INC, Lynx Ransomware AttacksResearchers say credentials harvested from hundreds of thousands of FortiGate firewalls are being used to facilitate ransomware attacks by the INC and Lynx operations. The post FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulScattered Spider suspect extradited over $8 million ransom schemeA suspected Scattered Spider member has been extradited to the United States to face charges linked to cyberattacks against U.S. companies, including the breach of a luxury jewelry retailer that led to an $8 million cryptocurrency ransom demand after attackers stole company data.…HELPNETSECURITY.COM
2 JulUS government says it got hacked — againA top Democrat on the Senate's Intelligence Committee warned that the information accessed on a Homeland Security intelligence-sharing network may risk national security.TECHCRUNCH.COM
2 JulMost cybersecurity workers have been told to conceal a breach, report findsThe security firm Bitdefender’s annual survey also found that U.S. companies were simultaneously more confident and more strained on cyber defense than foreign peers.CYBERSECURITYDIVE.COM
2 JulThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 StoriesThis week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permis…THEHACKERNEWS.COM
2 JulThe Gentlemen ransomware: what you need to knowWho Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog.FORTRA.COM
2 JulRansomware Thugs Masquerade as Interpol to Entice Small BizThe ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.DARKREADING.COM
2 JulFBI Seizes NetNut Proxy Platform, Popa BotnetThe Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes ro…KREBSONSECURITY.COM
🕵️ THREAT INTELLIGENCE 17[−]
2 JulISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 JulIs the next frontier model your biggest threat or your best defender?If you think the recent wave of AI-discovered vulnerabilities is a problem, Rob Bair of Anthropic has a reframe for you. Discovery is the easy part. Closing the remediation gap is now the defining security challenge. Drawing on his experience in the Navy, in national security, an…THECYBERWIRE.COM
2 JulSrsly Risky Biz: America won't beat the distillation ecosystemTom Uren and James Wilson talk about Chinese AI labs stealing the special sauce of American AI models in ‘distillation attacks’. These attacks are fed by a grey market in which Chinese consumers buy access to American models, where one of the byproducts is logs of user requests a…RISKY.BIZ
2 JulOpera introduces Paste Protect feature to block ClickFix attacksOpera has introduced a new browser security feature called Paste Protect, designed to stop clipboard-based attacks such as ClickFix before users can execute malicious commands. The feature is enabled by default in Opera's desktop browser, and the company says it is the first majo…CYBERINSIDER.COM
2 JulCloudflare changes AI crawler access rulesCloudflare introduced new controls that let website owners manage AI traffic across three categories: Search, Agent, and Training. The feature is available to all Cloudflare customers, including those on the Free plan, and gives website owners more control over how different type…HELPNETSECURITY.COM
2 JulIntroducing Custom Agents: Automate your SOC, your wayAdd your own agents and automations on top of the ones Intezer runs out of the box, take more of the manual work off your analysts, and tailor AI SOC to the way your team actually operates. The post Introducing Custom Agents: Automate your SOC, your way appeared first on Intezer …INTEZER.COM
2 JulToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google APIThe threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hos…THEHACKERNEWS.COM
2 JulYou Ruled Yourself Out Too SoonEarly interest in technology and cybersecurity didn’t automatically turn into confidence. At eighteen, the assumption was that a career in cyber “probably wasn’t in the cards,” despite the interest already being there. That mindset is common across industries. People often elimin…YOUTUBE.COM
2 JulHow to Conduct a Successful Audit of AI-Driven Software DevelopmentAs AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. The post How to Conduct a Successful Audit of AI-Driven Software Development appeared first on…SECURITYWEEK.COM
2 JulHow GitHub used secret scanning to reach inbox zeroGitHub had 20,000+ secret scanning alerts across 15,000 repositories. Here's how we separated signal from noise, built remediation workflows, and reached inbox zero in nine months. The post How GitHub used secret scanning to reach inbox zero appeared first on The GitHub Blog .GITHUB.BLOG
2 JulAlleged longstanding member of Scattered Spider extradited to USPeter Stokes boasted on social media about the luxurious globetrotting life he enjoyed while he was still a child. The post Alleged longstanding member of Scattered Spider extradited to US appeared first on CyberScoop .CYBERSCOOP.COM
2 JulScattered Spider member extradited to the U.S. facing cybercrime chargesThe U.S. Department of Justice has announced the arrest and extradition of an alleged member of the notorious cybercrime group Scattered Spider. According to the Justice Department, Scattered Spider has been involved in more than 100 network intrusions, resulting in over $100 mil…CYBERINSIDER.COM
2 JulGoogle loses final appeal against €4.1 billion Android antitrust fineThe European Union's highest court has upheld a €4.125 billion ($4.8 billion) antitrust fine against Google, bringing to an end the company's appeal over allegations that it abused Android's dominant market position to strengthen its search business. The ruling confirms that Goog…CYBERINSIDER.COM
2 JulImproving security posture across the Microsoft partner ecosystemRead how Microsoft strengthens partner ecosystem security with CSP vetting, least privilege access, monitoring, and risk management best practices. The post Improving security posture across the Microsoft partner ecosystem appeared first on Microsoft Security Blog .MICROSOFT.COM
2 JulBrave browser introduces Containers for secure account isolationBrave has released version 1.92 of its privacy-focused browser, introducing built-in Containers that let users isolate browser tabs into separate identities for improved workflow and account management. While similar functionality has been available through extensions, Brave’s na…CYBERINSIDER.COM
2 JulTechnical Blueprint: Hardware Security for AI InfrastructureDownload the PDF > Executive Summary This document details the necessary effort to implement the Eclypsium Hardware Supply Chain Security Platform to address critical hardware supply chain vulnerabilities, infrastructure integrity, and component-level security gaps within Departm…ECLYPSIUM.COM
2 JulHow We Added WebAuthn to a Browser-Based RDP ClientA look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post How We Added WebAuthn to a Browser-Based RDP Client appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
2 JulContext Engineering | Compaction & Agent Memory for Automated Malware AnalysisCompaction cut input tokens 86% across long-running agent evals with no quality loss. Context discipline matters as much as model selection.SENTINELONE.COM
2 JulConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 SecondsConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]BLEEPINGCOMPUTER.COM
2 JulFake Google and Cloudflare verification pages spread multiple malware familiesWe uncovered ClickFix attacks using fake Google and Cloudflare pages to deliver everything from infostealers to a newly discovered malware loader.MALWAREBYTES.COM
📡 INFOSEC NEWS 20[−]
2 Jul19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking ChargesA teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citiz…THEHACKERNEWS.COM
2 JulAlleged Scattered Spider Member Extradited to USA teenager accused of hacking as part of Scattered Spider has been arrestedINFOSECURITY-MAGAZINE.COM
2 JulAlleged Scattered Spider hacker extradited to the United StatesA dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. [...]BLEEPINGCOMPUTER.COM
2 JulOpera rolls out Paste Protect feature to fight ClickFix attacksOpera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. [...]BLEEPINGCOMPUTER.COM
2 JulBuild AI Security Agents with Wiz MCPPower AI-driven security with trusted security context, Wiz AI Agents, and Wiz AI Skills.WIZ.IO
2 JulIdentity Lifecycle Management Wasn't Built for AI AgentsIdentity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural b…THEHACKERNEWS.COM
2 JulMicrosoft fixes bug that removed Copilot buttons in OutlookMicrosoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. [...]BLEEPINGCOMPUTER.COM
2 JulWinRAR flaw could allow attackers to take control of your computerA new WinRAR update fixes a serious security flaw, but without automatic updates many users could miss the patch.MALWAREBYTES.COM
2 JulGoogle loses final appeal to overturn €4.1 billion EU fineCourt of Justice of the European Union (CJEU) has dismissed Google's final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company's use of Android to promote its Chrome browser and search service. [...]BLEEPINGCOMPUTER.COM
2 JulSupreme Court decision threatens EU-US data transfer agreementIn a Tuesday letter, Max Schrems, the founder of the Vienna-based privacy advocacy organization noyb, told European officials he plans to sue to invalidate the EU-U.S. Data Privacy Framework (DPF) that allows for the transfer of personal data from the EU to U.S. companies.THERECORD.MEDIA
2 JulEurope Confirms Record €4.1B Penalty Against Google for Android PracticesEU’s top court upheld a €4.1B fine against Google, ruling it abused Android’s market dominance through restrictive licensing practices. The Court of Justice of the European Union issued its ruling on July 2, 2026, and Google lost. The court dismissed the appeal brough…SECURITYAFFAIRS.COM
2 JulThe Supreme Court rules that location history is protected by the Constitution.The KIDS Act clears the House of Representatives.THECYBERWIRE.COM
2 JulClaude Fable relaunch disappoints users with nerfed performanceClaude Fable, the company's most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. [...]BLEEPINGCOMPUTER.COM
2 JulClaude Fable 5 isn’t permanently leaving subscriptions, Anthropic saysAnthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company expects the model to return outside the usage-based plan soon. [...]BLEEPINGCOMPUTER.COM