75Articles
7Categories
2026-07-03Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 27[−]
3 JulRansomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain CredentialsThreat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remo…THEHACKERNEWS.COM
3 JulCVE-2026-53049 gfs2: add some missing log lockingInformation published.MSRC.MICROSOFT.COM
3 JulCVE-2026-53045 memory: tegra124-emc: Fix dll_change checkInformation published.MSRC.MICROSOFT.COM
3 JulCVE-2026-53039 ocfs2: validate group add input before cachingInformation published.MSRC.MICROSOFT.COM
3 JulCVE-2026-52992 fs/adfs: validate nzones in adfs_validate_bblk()Information published.MSRC.MICROSOFT.COM
3 JulCVE-2026-53016 crypto: ccp - copy IV using skcipher ivsizeInformation published.MSRC.MICROSOFT.COM
3 Jul KEVNew CitrixBleed-like NetScaler flaw sees exploit attempts in the wildCitrix NetScaler appliances have been a constant target for attackers in recent years, most recently through an information leak vulnerability dubbed CitrixBleed 3, the latest in a series of NetScaler memory overreads going back to 2023. This week, Citrix patched yet another Citr…CSOONLINE.COM
3 JulAI helps find flaws in FatFs library used in millions of devicesResearchers at runZero have disclosed seven security vulnerabilities in the widely used FatFs filesystem library, warning that the flaws could expose millions of embedded devices to attacks through malicious USB drives, SD cards, and, in some cases, firmware update mechanisms. Th…CYBERINSIDER.COM
⚠️ VULNERABILITY DISCLOSURE 15[−]
3 JulTeams battles bots, Bioshocking AI browser guardrails, Fortibleed fuels ransomwareTeams cracks down on meeting bots, AI guardrails get bypassed, FortiBleed fuels ransomware, and Nissan confirms PeopleSoft breach Microsoft rolls out a new Teams admin policy, "Manage External Bots and Their Access to Meetings," to detect third‑party bots, hold them in the lobby …CYBERSECURITYTODAY.LIBSYN.COM
3 JulOrganizations struggle to prioritize known cyber risksOrganizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Filigran found that security teams continue to work across disconnected tools, leaving important context s…HELPNETSECURITY.COM
3 JulCritical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code ExecutionThe DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on Securi…SECURITYWEEK.COM
3 JulPamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login PasswordsCybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file imperson…THEHACKERNEWS.COM
3 JulLaw enforcememt operation disrupted Malicious Residential Proxy Networks NetNutGoogle disrupted NetNut, a major proxy network that routed internet traffic through compromised home devices used by cybercriminals. Google has disrupted NetNut, one of the world’s largest residential proxy networks. The service routed internet traffic through home devices,…SECURITYAFFAIRS.COM
3 JulAgentic AI Used to Conduct Ransomware Attack via LangflowAttack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek .SECURITYWEEK.COM
3 JulFlock Cameras Can Surveil Cars Without License PlatesThis is from a 2024 company presentation : Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags. Flock calls it a “Vehicle Fingerprint” and it’s touted as a way for law…SCHNEIER.COM
3 JulThe Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel IncidentVercel breach happened after an employee used an unvetted AI tool. Attackers exploited it as a trusted link to access systems, steal data, and extort $2M. The Vercel breach of April 2026 did not begin with a classic zero-day exploit, a misconfigured cloud bucket, or a sophisticat…SECURITYAFFAIRS.COM
3 JulJADEPUFFER: First End-to-End AI-Driven Ransomware OperationSysdig reports an AI agent ran a full ransomware attack end-to-end, exploiting flaws, stealing creds, moving laterally, and encrypting data without humans. Sysdig’s Threat Research Team has documented what it assesses to be the first ransomware operation driven end-to-end b…SECURITYAFFAIRS.COM
3 JulVerified X ad spreads Mac malware, while ConsentFix steals Microsoft accountsTwo new campaigns show how cybercriminals are increasingly relying on social engineering instead of software exploits to compromise devices and accounts.MALWAREBYTES.COM
3 JulHK: Shun Hing Group data breach affects 920,000 customers, 1.05m files encrypted in cyber attackErwin Wong reports: Shun Hing Group has confirmed that its computer systems were compromised by hackers in March, resulting in a significant data breach affecting customers and staff. Founded in 1953 by the late Dr William Mong, Shun Hing Group has grown into a leading and divers…DATABREACHES.NET
3 JulAdobe premieres a second Patch Tuesday each month to deliver fixes fasterAdobe will now issue security patches for its products twice as often to deal with the increasing pace of software vulnerability discovery and exploitation. This follows Oracle’s decision to increase its quarterly patch program to a monthly one. Adobe issues patches on the second…CSOONLINE.COM
3 JulEveryone Owns Security—Or Nobody DoesMany e-commerce sites rely on multiple third-party providers for hosting, application development, payment processing, JavaScript, and other core functions. That convenience creates a shared responsibility problem. When a vulnerability, outage, or compliance issue occurs, each ve…YOUTUBE.COM
3 JulMicrosoft 365 users fall victim to one-in-a-million password spray attackMicrosoft users have been hit by a massive, automated password spray attack. Among those targeted by the attack were clients of security company Huntress. It reported that the attackers made 81 million attempts to log into its customers’ accounts between June 12 and 26 — and succ…CSOONLINE.COM
3 JulIn Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM JackpottingNoteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting. The post In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Tw…SECURITYWEEK.COM
📢 SECURITY ADVISORIES 3[−]
🔥 INCIDENT REPORTING 13[−]
3 JulCyberWire Daily at 10: The vulnerabilities, zero‑days, and hardware flaws over the last decade.In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's ⁠Maria Varmazis⁠ and ⁠Dave Bittner⁠ discuss 10 years of vulnerabilities, zero‑days, and hardware flaws. Together they reflect on the last decade of cybersecurity vulnerabilities, exploring key s…THECYBERWIRE.COM
3 JulRisky Bulletin: FatFs bugs enable physical access attacks on a load of devicesFatFs bugs enable physical access attacks on industrial equipment, a clever password spraying attack bypasses M365 MFA, an AI agent is deploying ransomware in live attacks, and a webinar platform sues two security firms over bad IOCs.RISKY.BIZ
3 JulPolitician who investigated spyware abuses had his phone hacked with Pegasus spywareA government customer of NSO Group used the company's Pegasus spyware to hack into the phone of a European politician, who at the time was serving on an EU committee tasked with investigating the spyware industry.TECHCRUNCH.COM
3 JulSwimming Pools, Pee, and Trying to Delete Your Data From the InternetPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I can't recall if someone else originally came up with this saying or if I said it in some off-the-cuff comment and it just propag…TROYHUNT.COM
3 JulMedtronic Data Breach Impacts 3.8 Million PeopleMedical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent data breach. The incident occurred in April 2026, when the infamous extortion group ShinyHunters accessed the company’s corpor…SECURITYWEEK.COM
3 JulGoogle, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of DevicesNetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks. The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek .SECURITYWEEK.COM
3 JulEuropean Parliament Member Investigating Spyware Was Hacked With PegasusA new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial s…THEHACKERNEWS.COM
3 JulWarning Over “Industrialized” Cyber-Attacks After Ransomware Gang Partners With TeamPCPResearchers warn that collaboration could lead to “unprecedented” ransomware attacks, as FBI also issues warningINFOSECURITY-MAGAZINE.COM
3 JulQilin Dominates Ransomware Market Amid Growing Cybercrime ConsolidationThe ransomware landscape is reconsolidating around major players, with Qilin emerging as the leading RaaS operation, researchers sayINFOSECURITY-MAGAZINE.COM
3 JulArmored Likho Targets Government Agencies, Power Sector with BusySnake StealerA previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individual…THEHACKERNEWS.COM
3 JulNew macOS malware PamStealer uses PAM to validate stolen dataA previously undocumented macOS infostealer dubbed PamStealer validates victims' macOS passwords through the OS’s Pluggable Authentication Modules (PAM) before stealing them. Jamf Threat Labs researchers, who analyzed a two-stage attack chain combining AppleScript, JavaScript for…CYBERINSIDER.COM
3 JulNetNut proxy network disrupted, 2 million infected devices cut offA joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. [...]BLEEPINGCOMPUTER.COM
3 JulMoody Bible Institute - 2,303,416 breached accountsIn June 2026, Moody Bible Institute was targeted by a ShinyHunters "pay or leak" extortion campaign . Over 2.3M unique email addresses and other personal data were later published publicly, including names, physical addresses, phone numbers, dates of birth and other information r…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 12[−]
3 JulGoogle Disrupts NetNut Residential Proxy Network Spanning 2 Million Home DevicesGoogle has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's po…THEHACKERNEWS.COM
3 JulNew infosec products of the week: July 3, 2026Here’s a look at the most interesting products from the past week, featuring releases from Digi International, iboss, Jamf, and Netzilo. Digi International’s DANI automates network diagnostics and device management Digi International has announced the launch of DANI, the Digi Art…HELPNETSECURITY.COM
3 JulSomeone infected a spyware probe overseer with spywareCitizen Lab says the phone of a member of Europe’s PEGA Committee was infected twice with Pegasus, the NSO Group spyware that gave the panel its name. The post Someone infected a spyware probe overseer with spyware appeared first on CyberScoop .CYBERSCOOP.COM
3 JulGeopolitical cyber threats are turning HR into a security front lineIn this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors that would never have targeted …HELPNETSECURITY.COM
3 JulNon-interactive SSH attacks dominate after loginAnyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from addresses all over the world. The common picture of what comes next has an attacker landing a shell, looking a…HELPNETSECURITY.COM
3 JulIntezer helps SOC teams automate custom security tasksIntezer has announced Custom Agents, a new capability that lets security teams build their own AI agents directly inside the Intezer platform. The launch builds on Intezer’s core approach, that lets autonomous agents do the security work and humans supervise it. Security teams ca…HELPNETSECURITY.COM
3 JulArmored Likho digging a snake pit: inside the covert BusySnake Stealer campaignAn inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil.SECURELIST.COM
3 JulFBI, Google Take Down NetNut Proxy Network Used by Cyber Threat ActorsThe NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnetsINFOSECURITY-MAGAZINE.COM
3 JulAlleged Scattered Spider Hacker Extradited to USProsecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments. The post Alleged Scattered Spider Hacker Extradited to US appeared first on SecurityWeek .SECURITYWEEK.COM
3 JulEN 303 645 is the baseline, not the finish line for IoT securityTL;DR  Why EN 303 645 matters  ETSI EN 303 645 has given consumer IoT security a much-needed baseline. It gives manufacturers, assessors, and product teams a shared view of reasonable IoT security and something concrete to work against. But after years of assessing prod…PENTESTPARTNERS.COM
3 JulNorth Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer SecretsThreat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-co…THEHACKERNEWS.COM
3 JulApple AirDrop and Android Quick Share flaws expose users to wireless attacksSecurity researchers have identified six previously undocumented vulnerabilities in Apple AirDrop and Google/Samsung Quick Share after conducting the first comprehensive reverse engineering and security analysis of both proprietary proximity file-sharing protocols. While the flaw…CYBERINSIDER.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
3 JulSpyware found on phone of European Parliament member probing itStelios Kouloglou, formerly a member of the European Parliament's committee investigation abuses of commercial spyware, was twice infected with Pegasus while serving, researchers said.THERECORD.MEDIA
3 JulEU Politicians Investigated Pegasus Spyware. Then It Ended Up on One of Their Phones“It is a direct attack on the rule of law,” says one European Parliament member of the new findings from Citizen Lab.WIRED.COM
📡 INFOSEC NEWS 3[−]
3 JulGovernment and Healthcare Are the Weakest Links in Global Email SecurityGovernment and healthcare sectors have weak email security. Many domains lack SPF, DMARC, DKIM, and MTA-STS, leaving them open to phishing attacks. Comparitech analyzed live DNS records for 5,849 domains across 13 sectors and scored each one out of 8 points based on four standard…SECURITYAFFAIRS.COM
3 JulChinese LLMs Broaden the Gap Between Attackers & DefendersTwo new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?DARKREADING.COM
3 JulARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkitA new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. [...]BLEEPINGCOMPUTER.COM