Threat Research | Weekly Recap [05 Jul 2026]

Cybersecurity Threat Research ‘Weekly’ Recap. This week’s coverage highlights ongoing supply-chain and browser-extension abuse, including trojanized Proof-of-Concept repos and PyPI packages, “free VPN” clipboard-stealing extensions, and phishing efforts enabled by LLM-generated phantom domains and messaging lures. Researchers also tracked new and evolving infostealers/RATs (BusySnake, MarkiRAT, Glitch SPY, EKZ Stealer, Umbrij), BYOVD-driven defense-killing intrusion chains, and AI-driven attack techniques such as indirect prompt injection, JADEPUFFER agentic ransomware, and browser-only ransomware methods. #ChocoPoC #ChocoPoCs #ChocoPoC #BusySnakeStealer #ArmoredLikho #MarkiRAT #AsyncRAT #Remcos #TA416 #EKZStealer #CVE-2026-35616 #ToddyCat #Umbrij #JADEPUFFER #Langflow #MySQL #Nacos #Gentlemen #RaaS #BYOVD #StratusRedTeam #MustangPanda

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, ransomware and extortion developments highlighted JadePuffer using an AI agent to automate attacks, alongside reports that a U.S. government entity paid $1 million to the Kairos group in a data-theft extortion case. The news also covered supply-chain and targeted intrusion campaigns, including PolinRider’s 108 malicious packages and browser extensions, North Korea–linked npm lures delivering BeaverTail, OtterCookie, and ContagiousInterview, and Pegasus spyware found on a European Parliament member’s phone.

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, Agentic AI was reported to drive a ransomware attack via Langflow, while Cursor AI IDE flaws could allow OS-level remote code execution affecting developers. Ransomware groups are also leveraging Citrix Bleed 2, BYOVD, and stolen supply-chain credentials, as CISA warns that a Microsoft SharePoint RCE bug is actively exploited in the wild.
#Langflow #AgenticAI #Cursor #CitrixBleed2 #BYOVD #SharePoint #RCE #Pegasus #ScatteredSpider #Medtronic #NetNut #ConsentFix #ClickFix #M365 #UKNationalCyberActionPlan

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, cybersecurity coverage highlighted rapid exploitation of widely used software flaws, including Cisco Unified CM attacks, a CitrixBleed issue exploited immediately after disclosure, a SharePoint RCE added to CISA KEV, active targeting of Oracle E-Business instances, and an unpatched Argo CD repo-server flaw that could enable takeover of Kubernetes clusters. The same roundup also covered the FortiBleed credential-theft campaign tied to INC and Lynx ransomware, ChocoPoC RAT attempts to compromise vulnerability researchers, 81 million login attempts against Microsoft 365, and ShinyHunters’ data breach impacting Medtronic customers. #UnifiedCM #CitrixBleed #SharePointRCE #CISAKEV #OracleEBS #ArgoCD #Kubernetes #FortiBleed #INC #Lynx #ChocoPoC #ChocoPoCRAT #ClickFix #Microsoft365 #ShinyHunters #Medtronic #BioShocking #Claude #Teams #Copilot #ScatteredSpider #Kubota #HSIN #DHS

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, Citrix patched multiple NetScaler issues, including a new HTTP/2 Bomb and bugs tied to CitrixBleed, while Progress Kemp LoadMaster faced active exploitation attempts for a pre-auth RCE flaw. Across AI and threats, Microsoft warned that poisoned MCP tool descriptions can lure AI agents into leaking data, and security researchers reported Azure CLI password-spraying against at least 78 Microsoft accounts, with additional supply-chain abuse via malicious PyPI packages targeting Telegram bot servers.
#Citrix #NetScaler #HTTP2Bomb #CitrixBleed #ProgressKemp #LoadMaster #PreAuthRCE #Mythos #Fable #MythosFable #MCP #BioShocking #Monero #Langflow #AzureCLI #PasswordSpray #RustDuck #PyPI #Telegram #CISA #CIA #RussellVought #Ratcliffe

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, BlueHammer and SimpleHelp weaknesses continue to be exploited, with CISA noting BlueHammer has entered ransomware-gang playbooks, while Oracle PeopleSoft issues have also driven data theft and malware activity tied to ShinyHunters. Meanwhile, Blackfield ransomware demanded $2 million from Nidec Corporation, Aflac Japan disclosed a breach impacting 4.38 million people, and Mustang Panda used Zoho WorkDrive as a command channel against Indian government targets. #BlueHammer #SimpleHelp #OracleEBS #PeopleSoft #CISA #Blackfield #Nidec #AflacJapan #ShinyHunters #NAIC #MustangPanda #ZohoWorkDrive #Signal #WhatsApp

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, OpenAI and Anthropic are limiting access to new AI models during a cybersecurity review, while OpenAI also introduced GPT-5.6 Sol as its most advanced cybersecurity-focused AI and Straiker raised $64 million to expand its AI security platform for enterprise workloads. DirtyClone is highlighted for a Linux kernel issue that can enable root access, Microsoft removed 119 Edge extensions that hid malware in images and fonts, and a breach exposed up to 14.2 million email logins across six ISPs—along with U.S. bounties tied to Russian state hackers and updated post-quantum cryptography readiness demands for CISOs. #OpenAI #Anthropic #GPT-5.6 Sol #Straiker #DirtyClone #Microsoft #Edge #Russian #post-quantum #CISO #DirtyCloneLinux #6 ISPs

Read More
Threat Research | Weekly Recap [05 Jul 2026]

Cybersecurity Threat Research ‘Weekly’ Recap. This week’s coverage spans supply-chain and DevOps attacks, credential-harvesting phishing, and exploitation of widely used software to steal tokens, deploy backdoors, or monetize access. It also highlights nation-state and fraud ecosystems, alongside Windows and macOS tradecraft that focus on evasion, persistence, and stealthy command-and-control.

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, AI-native security, agentic workflows, and AI-abusing malware were front and center, including Nebulock’s $25 million raise for contextual AI security, the expanding MCP spec bringing new enterprise risks, and a new macOS malware strain that plants fake errors to throw off AI analysis. Other key stories covered Robinhood speeding up access approvals, Poland’s SIM-swapping gang bust tied to millions in crypto theft, and Microsoft extending free Windows 10 ESU support to October 2027.
#Nebulock #MCP #macOS #Robinhood #Philip Martin #Uber #Akrites #Poland #SIMSwapping #Bluekit #Cellebrite #FCC #CISA #Windows10ESU #Chrome #Shop #PirloTV #TataElectronics #Snyk

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, AI-native security, agentic workflows, and AI-abusing malware were prominent as Nebulock raised $25 million, the MCP spec expanded enterprise use while introducing new risks, and a new macOS malware strain hid fake errors to confuse AI analysis tools. Separately, Robinhood improved access-approval speed for high-velocity development while Polish authorities disrupted a SIM-swapping crypto-theft gang and attackers leveraged Bluekit, browser-in-the-middle phishing, and callback scams to target credentials. #Nebulock #MCP #macOSMalware #Robinhood #PhilipMartin #Uber #Akrites #PolandSIMSwapping #Bluekit #SIMSwapping #Cellebrite #FCC #Windows10ESU #ChromeAddOn #ShopOrderTrackingApp #PirloTV #TataElectronics #Snyk

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, CISA said the critical Lantronix EDS5000 flaw is actively exploited, while another Lantronix serial-to-IP converter issue is already being used after OT threat warnings; Cal Water also found no evidence of OT activity despite claims of disrupting the water supply. This recap also covered Chrome 149 patching 18 severe flaws, Cisco SD-WAN zero-day attacks granting root access via an exploit chain, Operation Endgame disrupting Amadey and StealC, and a malicious Edge extension abusing Native Messaging to bridge to malware.
#Lantronix #LantronixEDS5000 #CISA #OT #CalWater #Chrome149 #CiscoSDWAN #Mandiant #OperationEndgame #Amadey #StealC #DraftKings #Snoopy #Edge #NativeMessaging

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, U.S. authorities seized Huione-related infrastructure tied to cyber scam laundering, while a Scattered Spider member pleaded guilty to hacking Transport for London and courts ordered takedowns of the Amadey and Stealc cybercrime ecosystems. The day also covered active exploitation of Cisco Unified CM (CVE-2026-20230), FortiGate credential harvesting linked to FortiBleed, and emerging AI/attack risks including a fake brand-landingpage agent skill reaching 26,000 agents.
#Huione #ScatteredSpider #TransportForLondon #Amadey #Stealc #CiscoUnifiedCM #CVE-2026-20230 #Ubiquiti #FortiGate #FortiBleed #Mistic #KongTuke #ClickFix #brand-landingpage #Anthropic #Mythos #U.S. #TataElectronics #Xolis #DraftKings

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, LastPass confirmed its breach was tied to the Klue supply-chain compromise, while ShapedPlugin WordPress Pro plugins were backdoored in a separate supply-chain attack; London Hydro and Xsolis also disclosed large-scale data exposures. Across other headlines, the FortiBleed campaign used a custom FortiGate sniffer to steal firewall credentials, Squidbleed was shown to leak cleartext HTTP requests via Squid Proxy, and WhatsApp campaigns delivered ManageEngine RMM alongside OXLOADER and CastleStealer. #LastPass #Klue #ShapedPlugin #LondonHydro #Xsolis #FortiBleed #FortiGate #FortiGateSniffer #Russian #Squidbleed #SquidProxy #SamsungKNOX #Galaxy #WhatsApp #ManageEngineRMM #VBScript #OXLOADER #CastleStealer #JaredFromSubway #SearchYourTarget #DifyTap #Dify #AutoGenStudio #FFmpeg #PixelSmash #SAVE #postquantum #Windows1126H2 #DeepInstinct

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, Five Eyes warns that advanced AI hacking models could reach the cyber scene within months, while INTERPOL reports rising phishing and AI-powered scams across Asia-Pacific. In addition, North Korean activity is linked to the Mastra NPM supply-chain attack, attackers are targeting the Gravity SMTP WordPress plugin, and the AryStinger botnet continues infecting D-Link routers.
#FiveEyes #INTERPOL #Mastra #NPM #NorthKorean #GravitySMTP #WordPress #AryStinger #DBlink #DLink #TexasParksAndWildlife #Ukraine #EU

Read More
Cybersecurity News | Daily Recap [04 Jul 2026]

Daily Recap, Police and international partners disrupted a malware network tied to Russia’s Evil Corp, while Operation Endgame took down SocGholish servers and cleaned 14,971 compromised WordPress sites. Security teams also warned that The Gentlemen ransomware uses the GentleKiller EDR-killer framework to target 400 security processes before encryption. #EvilCorp #OperationEndgame #SocGholish #WordPress #TheGentlemen #GentleKiller #Texas #FortiBleed #Fortinet #Klue #Icarus #GravitySMTP #usbliter8 #SecureROM #AppleA12 #AppleA13 #AutoJack #Beats #Continuum

Read More