
In a first, the UK and the EU jointly impose sanctions on Russian individuals and entities for cyberattacks and disinformation campaigns in the region.

Editor’s note: This article was originally published by Tim Erlin on LinkedIn. It has been republished here with the author’s permission. https://www.linkedin.com/pulse/ai-control-platform-vs-firewall-gateway-clearing-up-tim-erlin-ypodc It seems like every security vendor now sells “AI security.” The WAF companies, the API gateway companies, the cloud platforms, the proxy startups: all of them have an AI story, and most of…

OpenClaw’s announcement that it has become a nonprofit foundation is generating IT excitement because of the potential for governance and development consistency that the popular platform has thus far lacked. Still, some worry about the risks created by the move. “Our ambition is for OpenClaw to be the Switzerland of AI. Neutral ground where every…

The Trump administration’s abrupt firing of Election Assistance Commission commissioners last week and a Department of Justice warning threatening states with criminal prosecution have created new legal peril for officials who run, administer and secure elections. The EAC is an obscure but important agency that oversees testing and standards for voting machines, including around security.…

Cybersecurity and cloud computing company, Akamai, has been selected as a strategic security partner for World Wide Technology’s (WWT) AI Readiness Model for Operational Resilience (ARMOR). This selection positions Akamai as a foundational security architecture for AI factories that are being built by WWT and accelerated by NVIDIA. Akamai’s software intelligence will integrate directly with…

Lidl disclosed a third-party data breach affecting online shop customers in Germany, Belgium, and the Netherlands. Payment data was not exposed. Lidl contacted customers of its online shop in Germany, Belgium, and the Netherlands last week to inform them that their personal data had been stolen in an attack on an external IT service provider.…
A new macOS information-stealing malware called CrashStealer pretends to be Apple’s crash-reporting tool to steal credentials, keychain data, and crypto wallets. […]

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco IOS flaw, tracked as CVE-2008-4128, to its Known Exploited Vulnerabilities (KEV) catalog. Cisco IOS 12.4 running on Cisco 871 Integrated Services Routers contains multiple CSRF flaws in…

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs. “It validates the victim’s login password locally before

Except for the second user/refurbished smartphone markets, AI means the days of cheap phones are over, with huge price pressures putting low-end vendors out of business. Omdia data confirms that Apple and Samsung are undisputed kings of the hill, combining for 42% of the market even as smartphone sales overall have seen a 4% average decline. The…

Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a…

German discount supermarket chain Lidl has notified customers in Germany, Belgium, and the Netherlands that customer data was stolen after attackers breached one of its IT service providers. In notices published on its support websites in Belgium and the Netherlands, Lidl said it was informed of the incident last week. “Despite high IT security standards,…

European governments sanctioned Russian individuals and organizations Monday over what they said was a years-long campaign of cyberespionage from Turla and other Russian government-led “destructive attacks” against the bloc. Monday’s confrontation of Moscow included action from the European Union, its individual member governments and the United Kingdom. It mostly took aim at Center 16 of…

PCI Security Standards Council Community Meetings bring together a global community dedicated to securing payment ecosystems. In addition to the main agenda, attendees have the opportunity to deepen their experience through interactive workshops designed to explore emerging challenges and practical applications in payment security.
Lawmaker says bipartisan infrastructure investment is essential to modernize U.S. transportation.

Russian state-sponsored hackers are breaking into critical infrastructure around the world by exploiting poorly configured and vulnerable networking devices, authorities from the United States and 12 additional countries said in a joint cybersecurity advisory Monday. Officials once again urged defenders to take more preventative measures to thwart attacks from the Russian Federal Security Service Center…

Meta pulled a new AI feature on Instagram just days after its launch because of criticism about how the tool handled publicly posted photos. The feature was part of the new AI image generator, Muse Image, and allowed AI-generated images to be created using content from public Instagram accounts. By specifying a public account with an…
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t file tickets. That’s the shape of this week. Trusted code turns on the people…

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a recent data leak in which a contractor published dozens of internal CISA credentials — including AWS Govcloud keys — in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps identified in the agency’s initial…
We tested the best all-in-one computers that combine the power of a desktop PC with a slim, lightweight design.

The EU and the UK jointly sanctioned dozens of Russian individuals and entities, accusing Moscow of coordinating a malicious cyber ecosystem targeting Europe, its member states, and international partners. The UK sanctioned 24 individuals and entities, while the EU imposed restrictive measures on nine individuals and four entities. “Cybercriminals, self-proclaimed hacktivists and private companies linked…
This week on the Lock and Code podcast… There is a lot going on right now regarding the safety of kids online. In the United States, the majority of state legislatures have passed age verification laws requiring a variety of websites to more rigorously verify the age of their visitors. In the United Kingdom, Canada,…
Learn how attackers abuse Entra ID through a free hands-on Capture the Flag. Varonis created the Breach at the Beach CTF to teach defenders how to investigate Entra ID attack techniques using realistic scenarios. […]

Beyond IT compliance, cloud security is now the backbone of civilian agency resilience, national defense, and warfighter safety, as cloud environments become increasingly complex. Key takeaways For the Department of War (DoW), cloud security is an IT concern and a requirement for operational readiness and national security. Achieving a mature zero trust architecture requires deep,…

Tidal Cyber has announced Threat-Led Asset Visibility and Vulnerability Prioritization, new innovations extending the company’s Threat-Led Defense platform. The announcement marks a significant advancement in defensive security, shifting the industry beyond static asset inventories, CVSS scoring, and disconnected exposure management toward an execution-centric model built on how adversaries actually execute attacks across the kill chain.…

Progress Software is urging customers using ShareFile Storage Zone Controller deployments to immediately shut down their Windows servers after identifying what it describes as a credible external security threat. The company has not disclosed the nature of the Progress ShareFile security threat, whether it involves a zero-day vulnerability, or whether any customer environments have been…

Cloudflare has announced the general availability of Precursor, a next-generation, continuous behavioral validation engine for bot management. Precursor runs seamlessly inside web browsers to monitor entire user sessions in order to detect bot automation. Unlike static CAPTCHAs, it analyzes ongoing interactions in real time to catch advanced bots, improving detection precision without interrupting legitimate users.…

Forward deployed engineers are becoming one of the most important roles in enterprise AI. AWS, OpenAI, Anthropic, Palantir, Databricks, Snowflake, and other technology companies are using these hybrid engineering and consulting professionals to turn AI platforms into practical customer outcomes. In this Channel Insider explainer, Victoria Durgin examines what forward deployed engineers do, why AI…
We are pleased to announce the publication of a new AWS compliance implementation guidance: HITRUST i1 Compliance on AWS: Customer Implementation Guidance with an Illustrative Healthcare Platform. Healthcare organizations seeking HITRUST i1 certification increasingly rely on Amazon Web Services (AWS) as their cloud foundation. The HITRUST i1 assessment covers 182 curated controls at the Implemented…

Ghostcommit is a proof of concept that shows how AI assistants used to review software code can be tricked by hidden instructions embedded in images. The academic ASSET Research Group showed that an attacker can place instructions inside an image file, point to it in an AGENTS.md file, and get an AI coding agent to…

Lumen Technologies has announced Lumen Defender Advanced Managed Detection and Response (AMDR) for Palo Alto Networks Cortex XSIAM. Attackers are increasingly operating earlier in the lifecycle while AI is accelerating threat speed. This expanded service will bring together Lumen’s managed detection and response capabilities and Lumen Defender Threat Feed powered by Lumen’s Black Lotus Labs…

For the latest discoveries in cyber research for the week of 13th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES U.S. auto insurer AssuranceAmerica has disclosed a data breach affecting approximately 7 million people. Attackers targeted an employee and used compromised credentials to access company systems, stealing names, contact information, driver’s license…

A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishing
Bot mitigation is an adversarial game: attackers adapt, defenders respond, and the cycle continues. At Cloudflare, we stay ahead by combining visibility across our global network with signals from the client-side environment. At the network level, we analyze over 1 trillion requests per day to understand reputation, patterns, and anomalies across more than 20% of…

EU sanctions target nine people and four entities tied to Russia’s FSB over a 15-year cyberespionage and critical infrastructure sabotage campaign. The European Union imposed sanctions on Monday targeting nine individuals and four entities linked to a Russian cyberespionage and sabotage operation that Brussels says has been running since 2010. The targets include Russian military…

A former ransomware negotiator at incident response firm DigitalMint has been sentenced to 70 months in prison after admitting he shared confidential client information with the BlackCat ransomware group and later helped carry out ransomware attacks. Prosecutors say Angelo Martino, 41, abused his role at DigitalMint beginning in April 2023 by providing BlackCat operators with…

Attackers running account enumeration against Microsoft cloud tenants have added a step that keeps their probing out of the usual telemetry. They spoof the OAuth client ID, the globally unique identifier assigned to an application and passed as client_id in an authentication request. Microsoft Entra ID records that value as the application ID in its…

RabbitMQ has patched two access control vulnerabilities affecting the widely used open-source message broker that could expose enterprise application data and, in some deployments, allow attackers to gain complete control over the messaging infrastructure. The flaws, discovered by Miggo Security, exposed OAuth secrets to unauthenticated attackers, letting low-privileged users potentially spy on other tenants. “RabbitMQ…
A “credible external security threat” targeting Progress Software’s ShareFile Storage Zone Controllers (SZC) – the on-premises, customer-managed server components where organizations store files shared via this popular enterprise platform – has spurred the company to disable access to ShareFile accounts that are using them. The warning was sent to customers via email on July 10,…
A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connected Claude to a few detection tools and were seeing real value in specific investigations. But as we mapped…

You want to turn some crypto into a gift card. You search, click a promising result, and land on a site that looks polished and legitimate: a dark theme, trust badges, and promises of instant delivery and no ID checks. You wouldn’t think to question it. But a professional-looking website isn’t proof that it’s legitimate.…

Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. “The script looked for the Domain Controller (DC) and mapped users, computers, and domains, before creating a directory and exporting out a number of files, and finally creating AD_Report.html to measure the success…

Rokarolla is a newer malware that focuses on Android devices. Unlike some malware, Rokaarolla narrows down the attacks to banking and social media apps. It’s a Trojan that has already hit around 200 crypto and banking apps on Androis and the sole goal is to steal all of the user sensitive information. Rokarolla was discovered…

Nearly five decades after the launch of VisiCalc, AI is reshaping one of the world’s most familiar productivity tools — the humble spreadsheet. While a lot of knowledge workers interact with spreadsheets on a regular basis, many lack the skills and confidence to access more advanced functions. “For a very long time, spreadsheets forced you to…

Jurassic Park wasn’t really about dinosaurs. It was about arrogant people building systems they believed were controllable. “Life finds a way” is probably the most famous line from the entire franchise. Ian Malcolm’s warning that no matter how sophisticated the technology becomes, no matter how expensive the fences are, and no matter how confident the…

FastNetMon is introducing Netomics, a self-hosted BGP routing intelligence platform that combines live routing data, registry information, RPKI validation, routing history and AI-assisted querying into a single application. Built for internet service providers (ISPs), cloud providers, Internet Exchange Points (IXPs) and enterprises operating large IP networks, Netomics provides complete visibility into global internet routing without…

Dutch police suspect local hackers behind the Odido breach that exposed 6M customers after a phishing attack and seek public help identifying them. Dutch police have identified strong indications that Dutch nationals were involved in the February 2026 cyberattack on telecom provider Odido, which resulted in data from more than six million customers being stolen…

Donald Trump is cleaning up on crypto, disclosing a $1.4 billion windfall last week. Yet cryptocurrencies like Bitcoin have, after a year of flying high in the wake of Trump’s election, plummeted. The crypto industry is putting hopes for its revival in a long-awaited bill, under debate in the Senate, called the Clarity Act, which…

Anthropic has extended a limited-time promotion that increases weekly usage limits in Claude Code by 50% through July 19, 2026, at 11:59 PM PT. When the promotion ends, weekly usage limits will return to their standard levels without any changes to users’ plans or billing. The promotion is available to Pro, Max, and Team plans,…

Picture the moment after an AI issue is reported. A security analyst is reviewing a ticket reporting that an internal AI tool produced the wrong recommendation in a live business workflow. The risk is not theoretical anymore. Someone wants to know whether this is a security incident, a model issue, a privacy issue, a vendor…

AI-generated code is part of everyday software development. Developers use it to prototype, refactor, troubleshoot, and move from idea to implementation with less friction than ever before. The productivity gains are undeniable, which means that security leaders now face a hard question: whether their organizations can govern the risk that AI creates at that same…

Australia warns of a global campaign exploiting CMS flaws to deploy webshells on WordPress, Joomla, and other websites. Australia’s Signals Directorate has issued an alert about a large-scale exploitation campaign actively targeting content management systems (CMS) worldwide, with many small and medium-sized Australian businesses already hit. Attackers are scanning websites for known vulnerabilities, deploying webshells…

An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history. From that one lapse, French security firm Lexfo lifted the operator’s entire toolkit and pivoted through it to two…

The APAC channel is moving beyond transactional resale as partners build more services-led, recurring-revenue businesses around cybersecurity, AI, and hybrid IT. Westcon-Comstor APAC Executive Vice President and Chief Marketing Officer Patrick Aronson recently told Channel Insider the shift is increasing demand for distributors that can provide more than product fulfillment, particularly as partners face greater…

Last week on Malwarebytes Labs: This new Windows malware can take over your PC and wipe it clean How mule betting scams recruit ordinary people Two Chrome updates in two days fix critical vulnerabilities How World Cup crypto prediction sites take your money 6.9 million driver’s license numbers stolen from AssuranceAmerica Microsoft fixes RoguePlanet zero-day…

At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes. In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at AWS, tells…

We have made real progress in software supply chain security, improving visibility into software components, authenticity and build integrity. Much of this progress traces back to Executive Order 14028, which pushed agencies, contractors and enterprises to invest in SBOMs, signing and provenance. All of that matters, but it is not enough. The current software trust…
In this post, I will show you how healthcare organizations are failing at E-Prescription & GDPR compliance in 2026. By 2026, healthcare organizations handling electronic prescriptions face a critical compliance crossroads. Germany’s telematics infrastructure (TI) and electronic patient records (ePA) have brought unprecedented efficiency—but at a hidden cost: patient data security vulnerabilities that most organizations…

This post will outline the key differences between CCPA and GDPR compliance. The CCPA and GDPR protect users’ rights, but how do they differ? That’s what we’ll be exploring in this blog. Read on to learn more about CCPA compliance and GDPR compliance, along with the critical differences between the two. What Is CCPA Compliance? …
Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke around can delete a bucket, flip a permission, or leak a secret on its way to a finding. Cynative, an open-source security research agent,…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below – CVE-2026-48939 – A vulnerability in the

Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the mechanisms used to deliver new features throughout the year. “Most individuals and organizations regularly deploy monthly security updates, released on the second Tuesday of each month. Windows also provides optional non-security…

Chip designers license blocks of circuitry from outside vendors and drop them into larger products. A single processor can carry components from a range of suppliers, each written by a company the buyer may never deal with directly. A malicious supplier can bury a hidden circuit in a working design, and that circuit can stay…

Organizations build, deploy, and operate AI in the cloud, but basic cybersecurity hygiene is often sacrificed for speed, according to Orca Security’s 2026 State of AI Security Report. Building AI without security Fifty-six percent of AI adopters have deployed agent frameworks into production, and 51.5% use AI to build custom applications. Orca also found that…
The setup I pulled 14 days of Apache and ModSecurity logs from a single small web host. Nothing special about it. A handful of low-traffic virtual hosts. A WordPress site, a couple of custom application backends, a static devotional site. The kind of server that exists by the millions and that nobody would call a…

Growing demand for compute capacity, power, cooling and low-latency connectivity is prompting organizations to reassess where AI applications run, according to CoreSite. Public cloud continues to support experimentation and rapid deployment, while colocation is increasingly used for workloads that require predictable performance, dedicated infrastructure or close proximity to cloud services and enterprise data. More than…