# Geek-Guy.com > Everything is ideas, the rest is nature. Language: en URL: https://www.geek-guy.com/ All pages on this site are available as clean Markdown by adding the header `Accept: text/markdown` to any HTTP request. REST API: https://www.geek-guy.com/wp-json/mescio-for-agents/v1/markdown?url={page_url} ## Pages - [CyberSec Product Reviews](https://www.geek-guy.com/cybersecurity-product-reviews/): The ideal resource for cybersecurity professionals, Chief Information Security Officers and Security Operations professionals. -=-=-=- Coming Soon -=-=-=-= Cybersecurity Products by Category Cybersecurity Products (Alphabetically) Products by Category - [Tokenization](https://www.geek-guy.com/glossary-of-sec-and-it-terms/tokenization/): Tokenization. Replacing sensitive data with non-sensitive tokens that have no value if stolen, commonly used in PCI-DSS compliance. - [Shadow AI](https://www.geek-guy.com/glossary-of-sec-and-it-terms/shadow-ai/): Shadow AI. The use of unapproved AI tools by employees, which risks the leakage of proprietary code or PII into public LLM training sets. - [DLP](https://www.geek-guy.com/glossary-of-sec-and-it-terms/dlp/): Data Loss Prevention is a set of tools that inspects data in use, in transit, and at rest to prevent unauthorized transmission of sensitive info. - [DDR](https://www.geek-guy.com/glossary-of-sec-and-it-terms/ddr/): Data Detection and Response provides real-time monitoring of data access and movement to stop exfiltration across Cloud and SaaS apps. - [Data Sovereignty](https://www.geek-guy.com/glossary-of-sec-and-it-terms/data-sovereignty/): Data Sovereignty. The principle that data is subject to the laws of the country where it is physically stored (e.g., GDPR requirements for data residency). - [AI-BOM](https://www.geek-guy.com/glossary-of-sec-and-it-terms/ai-bom/): An AI Bill of Materials (AIBOM) is a comprehensive, machine-readable inventory of the components required to develop, train, and run an AI model. It is the AI-specific evolution of the traditional Software Bill of Materials (SBOM). - [SBOM](https://www.geek-guy.com/glossary-of-sec-and-it-terms/sbom/): Software Bill of Materials is a machine-readable ingredient list for software, used to track vulnerabilities in open-source dependencies. - [Supply Chain Risk Management](https://www.geek-guy.com/supply-chain-risk-management/): Supply Chain Risk Management focuses on the security of third-party vendors, from hardware manufacturing (silicon root of trust) to software libraries. - [CIA Triad](https://www.geek-guy.com/glossary-of-sec-and-it-terms/cia-triad/): The CIA Triad (Confidentiality, Integrity, Availability), expanded to include Authenticity and Non-repudiation. - [Exposure Management](https://www.geek-guy.com/glossary-of-sec-and-it-terms/exposure-management/): Exposure Management. Is a shift from finding CVEs to analyzing the exploitability of an entire attack surface, including misconfigurations and risky behaviors. - [AI-SPM](https://www.geek-guy.com/glossary-of-sec-and-it-terms/ai-spm/): AI Security Posture Management secures the AI stack, detecting Shadow AI and protecting models from prompt injection or data poisoning. - [Zero Trust](https://www.geek-guy.com/glossary-of-sec-and-it-terms/zero-trust/): Zero Trust. An architecture based on the principle of never trust, always verify, removing the concept of a trusted internal network. - [TEE](https://www.geek-guy.com/glossary-of-sec-and-it-terms/tee/): Trusted Execution Environment is a secure enclave in a processor that protects data and code even if the host OS is compromised. - [My account](https://www.geek-guy.com/my-account/) - [Checkout](https://www.geek-guy.com/checkout/) - [Cart](https://www.geek-guy.com/cart/): You may be interested in… Your cart is currently empty! New in store - [Shop](https://www.geek-guy.com/shop/) - [A Beginner’s Guide to Malware Detection](https://www.geek-guy.com/beginners-guide-to-malware-detection/): Discover essential insights on malware detection, learn to identify threats, and protect your devices with this beginner-friendly guide. - [Penetration Testing](https://www.geek-guy.com/glossary-of-sec-and-it-terms/penetration-testing/): Penetration Testing. A structured, authorized attempt to exploit vulnerabilities in a system to evaluate the security of that system. - [IAST](https://www.geek-guy.com/glossary-of-sec-and-it-terms/iast/): Interactive Application Security Testing uses agents inside the app to find vulnerabilities during runtime with high accuracy. - [Breach and Attack Simulation](https://www.geek-guy.com/glossary-of-sec-and-it-terms/breach-and-attack-simulation-2/): Breach and Attack Simulation tools that automate the execution of threat actor TTPs to continuously validate security controls. - [Breach and Attack Simulation](https://www.geek-guy.com/glossary-of-sec-and-it-terms/breach-and-attack-simulation/): Breach and Attack Simulation tools that automate the execution of threat actor TTPs to continuously validate security controls. - [Adversarial ML](https://www.geek-guy.com/glossary-of-sec-and-it-terms/adversarial-ml/): Adversarial ML. Testing AI models by attempting to trick them with adversarial inputs to bypass security filters or extract training data. - [Due Diligence](https://www.geek-guy.com/glossary-of-sec-and-it-terms/due-diligence/): The investigative process of verifying that the necessary Due Care is actually being implemented and remains effective over time. - [Due Care](https://www.geek-guy.com/glossary-of-sec-and-it-terms/due-care/): Due Care. The legal standard of reasonableness that an organization must meet to protect its assets and data; often described as what a prudent person would do. - [CTEM](https://www.geek-guy.com/glossary-of-sec-and-it-terms/ctem/): Continuous Threat Exposure Management is a 5-stage framework (Scoping, Discovery, Prioritization, Validation, Mobilization) that replaces static vulnerability scanning. - [Contact us](https://www.geek-guy.com/contact-us/): Contact the Geek Use this page to contact us. - [List of Top Regulations/Frameworks in Cybersecurity](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/list-of-top-regulations-frameworks-in-cybersecurity/) - [Managers Guide to Becoming Great – Graphics](https://www.geek-guy.com/about-geek-guy/managers-guide-to-becoming-great-graphics/): If you are interested in purchasing the book, it can be purchased on Amazon at "Managers Guide to becoming Great" If you are interested in purchasing the book, it can be purchased on Amazon at "Managers Guide to becoming Great" - [Malware Reversing](https://www.geek-guy.com/malware-reversing/): Here's a list of some of the best malware reversing tools from Geek-Guy.com: Based on the most complete archives of the Malware Reversing resource page from Geek-Guy.com, here are the extracted tools and their current, functional links organized by category: - [CISSP Domains and Guidance](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/cissp-domains-and-guidance/): The ISC2 (International Information System Security Certification Consortium) has several certifications, each with its own domains of knowledge. To give you the most relevant information, I need to know which certification you're interested in. However, since the CISSP (Certified Information - [Glossary of Cybersecurity and Market Terms](https://www.geek-guy.com/glossary-of-sec-and-it-terms/): A comprehensive glossary explaining common cybersecurity and IT terms in simple language. Generative AI can easily compile and define such terms, making complex topics accessible to a wider audience. Glossary Traditional Security Concepts 2026 relevant terminology and structured strictly by - [Top ~100 Open Source Security Tools](https://www.geek-guy.com/top-100-open-source-security-tools/): 1. Network Discovery & Scanning Tool NameOfficial URLPurposeNmaphttps://nmap.org/Network exploration and security auditingZMaphttps://zmap.io/Fast internet-wide network scannerMasscanhttps://github.com/robertdavidgraham/masscanTCP port scanner, spews SYN packetsNetcat (ncat)https://nmap.org/ncat/The "Swiss-army knife" for TCP/IPScapyhttps://scapy.net/Packet manipulation and sniffing 2. Vulnerability Scanning & Management Tool NameOfficial URLPurposeOpenVAS (GVM)https://www.openvas.org/Full-featured vulnerability scannerNiktohttps://github.com/sullo/niktoWeb server - [Level Up Your Security Game with Geek-Guy Resources](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/): Dive into our comprehensive collection of cybersecurity resources, designed to empower both seasoned professionals and curious newcomers. Explore a vast library of tools, knowledge, and community-driven insights. Resource Pages at Geek-Guy.com - [Largest Threat Intelligence (OSINT) MEGA LIST in the World](https://www.geek-guy.com/largest-threat-intelligence-osint-mega-list-in-the-world/): Below is the extracted list of OSINT and Threat Intelligence resources from that page, organized into a table with their respective categories and URLs. OSINT & Threat Intelligence Mega List Resource NameURLCategoryAbuse.chhttps://abuse.ch/Malware & Ransomware TrackerAbuseIPDBhttps://www.abuseipdb.com/IP Reputation & ReportingAlienVault OTXhttps://otx.alienvault.com/Open Threat - [Privacy Policy](https://www.geek-guy.com/privacy-policy-2/): Who we are Our website address is: https://www.geek-guy.com. Comments When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. - [Private Search Engine](https://www.geek-guy.com/private-search-engine/): Bookmark this Geek-Guy Search Engine: Search multiple search engines with proxied results. Search You can also go directly to the search engine by going to https://search.geek-guy.com - [Our Dev Projects](https://www.geek-guy.com/our-projects/):   Our Github https://github.com/lpingree Popular repositories Loading Virustotal-Netstat-lookup-Tool-for-Linux Public Virustotal netstat output lookup tool Python amy---Active-Malware-Yield Public Automated script to lookup virustotal hashes from running processes on linux. Python traceroutemap Public A tool to trace to all the main webs - [Top Topics](https://www.geek-guy.com/top-topics/) - [BCS](https://www.geek-guy.com/glossary-of-sec-and-it-terms/bcs/): Business Continuity Steering is the leadership committee that oversees the strategic alignment of recovery efforts with business objectives. - [Cybersecurity Culture and Music](https://www.geek-guy.com/cybersecurity-culture-and-music/): Here is the updated table with direct links to the songs or the albums where they are hosted. Most of the tracks come from their specialized AI-generated album, Sounds of Security, which is a fantastic resource for awareness training. Cybersecurity - [Domain 8: Software Development Security](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/cissp-domains-and-guidance/domain-8-software-development-security/): Exam Weight: 10% Domain 8 focuses on integrating security into the Software Development Life Cycle (SDLC). As a security researcher and analyst, this domain likely resonates with your work in threat actor analysis and data security. The key takeaway for - [Domain 7: Security Operations](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/cissp-domains-and-guidance/domain-7-security-operations/): Exam Weight: 13% Domain 7 is where "the rubber meets the road." It focuses on the day-to-day practicalities of running a security program, responding to incidents, and ensuring the business stays afloat during a disaster. It is heavily focused on - [Domain 6: Security Assessment and Testing](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/cissp-domains-and-guidance/domain-6-security-assessment-and-testing/): Exam Weight: 12% Domain 6 is about verifying the truth. While other domains focus on building and operating security, this domain focuses on proving that those controls actually work. It bridges the gap between technical testing and management-level auditing. 1. - [Domain 5: Identity and Access Management (IAM)](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/cissp-domains-and-guidance/domain-5-identity-and-access-management-iam/): Exam Weight: 13% Domain 5 focuses on the "Who" and "How" of access. It covers the systems used to identify, authenticate, and authorize users and devices. In the modern era of Zero Trust and Agentic Identity, this domain has become - [Domain 4: Communication and Network Security](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/cissp-domains-and-guidance/domain-4-communication-and-network-security/): Exam Weight: 13% Domain 4 is the plumbing of the digital world. It focuses on the secure design and protection of network architectures, ensuring data remains confidential and available while moving across wires, airwaves, or fiber. 1. The OSI and - [Domain 3: Security Architecture and Engineering](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/cissp-domains-and-guidance/domain-3-security-architecture-and-engineering/): Exam Weight: 13% Domain 3 is the most technical and broad domain. It covers everything from hardware architecture and the "Ring Model" to cryptography and physical site security. To master this domain, you must understand how secure systems are built - [Domain 2: Asset Security](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/cissp-domains-and-guidance/domain-2-asset-security/): Exam Weight: 10% Domain 2 is often considered one of the easier domains, but its importance is massive because it defines what we are protecting. If you don't classify and inventory your assets correctly, your security controls in the other - [Domain 1: Security and Risk Management](https://www.geek-guy.com/level-up-your-security-game-with-geek-guy-resources/cissp-domains-and-guidance/domain-1-security-and-risk-management/): Exam Weight: 16% (Highest weighted domain) This domain serves as the brain of the CISSP. It focuses on how security supports the business through governance, risk analysis, and legal compliance. As a CISSP candidate, you must think like a manager: ## Blog Posts - [Microsoft fixes bug that removed Copilot button in Outlook](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-that-removed-copilot-button-in-outlook/) (2026-07-02): Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. - [Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware](https://www.infosecurity-magazine.com/news/cybercriminals-pose-interpol/) (2026-07-02): Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world - [Cisco finally confirms attackers exploiting Unified CM flaw](https://www.bleepingcomputer.com/news/security/cisco-finally-confirms-attackers-exploiting-unified-cm-flaw/) (2026-07-02): Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. - [Microsoft 365 Copilot: Office meets genAI and agents](https://www.computerworld.com/article/1629974/m365-copilot-microsofts-generative-ai-tool-explained.html) (2026-07-02): Initially launched in November 2023, Microsoft 365 Copilot brings a range of generative AI (genAI) features to Microsoft Office productivity apps, such as Word, Outlook, Teams, and Excel. With capabilities ranging from quick meeting summaries to in-depth data analysis, it’s available via a paid add-on license for Microsoft - [‘Interpol’ emails spread custom ransomware with decryption key left inside](https://www.scworld.com/news/interpol-emails-spread-custom-ransomware-with-decryption-key-left-inside) (2026-07-02): The campaign targets small businesses with fearmongering emails. - [Ivanti Selects Climb as North American Distribution Partner](https://www.channelinsider.com/channel-business/vendor-leadership-and-partner-programs/ivanti-climb-distribution/) (2026-07-02): Ivanti is expanding its partner strategy in the Americas with a renewed focus on distribution, partner recruitment, and services-led growth as demand for endpoint management continues to rise. Andrew King, vice president of Americas partner sales at Ivanti, told Channel - [Argo CD flaw shows why GitOps infrastructure should be treated as tier zero](https://www.csoonline.com/article/4192188/argo-cd-flaw-shows-why-gitops-infrastructure-should-be-treated-as-tier-zero.html) (2026-07-02): A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application - [CISA: Microsoft SharePoint RCE flaw now actively exploited](https://www.bleepingcomputer.com/news/security/cisa-microsoft-sharepoint-rce-flaw-now-actively-exploited/) (2026-07-02): CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. - [Opera rolls out Paste Protect feature to fight ClickFix attacks](https://www.bleepingcomputer.com/news/security/opera-rolls-out-paste-protect-feature-to-fight-clickfix-attacks/) (2026-07-02): Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. - [430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link](https://securityaffairs.com/194645/security/430000-fortigate-devices-exposed-in-fortibleed-ransomware-link.html) (2026-07-02): FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected FortiBleed, a large-scale campaign that harvested credentials from over 430,000 FortiGate firewalls worldwide, directly - [Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation](https://hackread.com/sysdig-jadepuffer-first-agentic-ransomware-operation/) (2026-07-02): A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat. - [I tried Brave’s new stripped down Origin browser, and now it’s my top Chromium-based pick](https://www.zdnet.com/article/brave-origin-browser-hands-on/) (2026-07-02): If you like the idea of Brave's browser security, but all of the other features just get in your way, the developers have created a solution for you. - [NCSC Shares Tips on How to Make a Pen Tester’s Job Harder](https://www.infosecurity-magazine.com/news/ncsc-tips-make-pen-testers-job/) (2026-07-02): The NCSC has shared best practice advice from pen testers which could help improve system resilience - [Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic](https://securityaffairs.com/194622/security/adobe-fixed-multiple-maximum-severity-flaws-in-coldfusion-and-campaign-classic.html) (2026-07-02): Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for ColdFusion and Campaign Classic, fixing multiple critical vulnerabilities, including seven maximum-severity issues (CVSS - [AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack](https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html) (2026-07-02): Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: - [If you like COSMIC Desktop, you’ll love its new system monitor](https://www.zdnet.com/article/cosmic-desktop-new-system-monitor-and-its-out-of-this-world/) (2026-07-02): If you like to see and manage your system processes on Linux, but aren't happy with the tool you're using, System76 might have just the app you've been looking for (and a reason to switch to either COSMIC Desktop or - [Alleged Scattered Spider hacker extradited to the United States](https://www.bleepingcomputer.com/news/security/alleged-scattered-spider-hacker-extradited-to-the-united-states/) (2026-07-02): A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. - [Alleged Scattered Spider Member Extradited to US](https://www.infosecurity-magazine.com/news/scattered-spider-member-extradited/) (2026-07-02): A teenager accused of hacking as part of Scattered Spider has been arrested - [Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges](https://securityaffairs.com/194613/security/alleged-scattered-spider-hacker-extradited-to-u-s-to-face-cybercrime-charges.html) (2026-07-02): Alleged Scattered Spider member Peter Stokes, 19, was extradited from Finland to the U.S. over hacking, fraud, and extortion charges. Peter Stokes, 19, an alleged Scattered Spider member known online as “Bouquet,” has been extradited from Finland to the U.S. - [Opera is releasing a new feature that detects and blocks malicious clipboard content](https://www.zdnet.com/article/opera-is-releasing-a-new-feature-that-detects-and-blocks-malicious-clipboard-content/) (2026-07-02): If you tend to copy/paste content from websites, you might be surprised to find yourself under the thrall of a ClickFix attack, but Opera has a solution to fix it before you click it. - [FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations](https://thehackernews.com/2026/07/fortibleed-credential-theft-linked-to.html) (2026-07-02): The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both - [Opera blocks ClickFix attacks with new clipboard protection feature](https://www.helpnetsecurity.com/2026/07/02/opera-blocks-clickfix-attacks-with-new-clipboard-protection-feature/) (2026-07-02): Opera has launched Paste Protect, a clipboard protection feature designed to prevent clipboard-based attacks such as hijacking and pastejacking. Paste Protect includes built-in protection and warnings against ClickFix-based cyberattacks, which accounted for more than half of malware-delivery attacks in 2025. - [PQC is Now, Not Later: Quantum Readiness in the Channel](https://www.channelinsider.com/security/pqc-quantum-readiness-in-the-channel/) (2026-07-02): In 2025, the conversation around post-quantum cryptography (PQC) focused on accelerating adoption and the need for deeper discovery of encryption to improve security pre- and post-PQC migration. The picture in 2026 is starting to reshape, though. Government and standards bodies - [Cynomi Report Reveals MSPs’ Top AI Questions for 2026](https://www.channelinsider.com/channel-business/running-an-msp/cynomi-report-msp-ai-questions-2026/) (2026-07-02): Cynomi’s latest AI report suggests MSPs aren’t asking whether AI matters anymore; they’re trying to figure out how to survive, sell, and stay useful in an AI-heavy world. Managed service providers (MSPs) have moved past early experimentation with AI and - [How Attackers Weaponize AI](https://www.hackmageddon.com/2026/07/02/how-attackers-weaponize-ai/) (2026-07-02): Last Updated on July 2, 2026 Bundled Page This page requires JavaScript to display. AI THREAT INTELLIGENCE Unpacking… - [Seven reasons quantum is your next big bet after AI](https://itwire.com/guest-articles/guest-opinion/seven-reasons-quantum-is-your-next-big-bet-after-ai) (2026-07-02): Business leaders are rightly focused on protecting profits today. - [New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos](https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html) (2026-07-02): Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run - [The next AI arms race isn’t about models. It’s about context](https://itwire.com/business-it-news/data/the-next-ai-arms-race-isnt-about-models-its-about-context) (2026-07-02): Ask an AI model to analyse a photograph and it might tell you it contains a person standing under a tree near the ocean on a sunny day. Ask a human who took the photo, however,... - [News alert: Link11 launches faster DDoS mitigation to counter AI-driven, adaptive network attacks](https://www.lastwatchdog.com/news-alert-link11-launches-faster-ddos-mitigation-to-counter-ai-driven-adaptive-network-attacks/) (2026-07-02): FRANKFURT, July 1, 2026, CyberNewswire – Link11, a leading European provider of cloud-based cybersecurity solutions, today announced the launch of its completely rebuilt Layer 3/4 DDoS mitigation solution, designed to address the growing complexity of modern network attacks. Today’s DDoS - [The endpoint recovery gap many teams discover during an incident](https://www.helpnetsecurity.com/2026/07/02/matthias-haas-igel-endpoint-recovery-gap/) (2026-07-02): In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once. - [SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation](https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html) (2026-07-02): The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a - [Review: CTRL+ALT+PWN](https://www.helpnetsecurity.com/2026/07/02/review-ctrl-alt-pwn-the-hackers-playbook/) (2026-07-02): Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition. He - [Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS](https://www.geek-guy.com/crafty-phishing-campaigns-adapt/geekguyblog/) (2026-07-02): Discover how new phishing tactics are personalizing attacks based on your device and OS, raising serious cybersecurity concerns. - [Catching ransomware on the wire before it locks the file server](https://www.helpnetsecurity.com/2026/07/02/shared-storage-ransomware-detection-research/) (2026-07-02): Corporate networks keep sensitive files off individual workstations and store them on shared servers that staff reach through mapped network drives. That arrangement hands ransomware operators a target worth chasing. A single compromised laptop can begin encrypting files that live - [Elastic rebuilds its metrics engine to undercut Datadog, right as ANZ AI budgets blow out](https://itwire.com/business-it-news/data/elastic-rebuilds-its-metrics-engine-to-undercut-datadog-right-as-anz-ai-budgets-blow-out) (2026-07-01): A rebuilt columnar engine, native Prometheus support and agentic investigations that start before anyone gets paged. Elastic reckons it can query metrics 30x faster than... - [What the AI patch gap means for enterprise security](https://www.helpnetsecurity.com/2026/07/02/open-source-ai-patch-gap/) (2026-07-01): Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than - [Medtronic notifies customers impacted by ShinyHunters data breach](https://www.bleepingcomputer.com/news/security/medtronic-notifies-customers-impacted-by-shinyhunters-data-breach/) (2026-07-01): Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. - [GitHub’s new tool helps prevent costly open-source license violations](https://www.helpnetsecurity.com/2026/07/02/github-license-compliance-feature/) (2026-07-01): GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review. The feature is available to GitHub Advanced Security customers and - [Logicalis strengthens enterprise AI capability with Global Microsoft Frontier Partner status and Copilot specialisation](https://itwire.com/guest-articles/company-news/logicalis-strengthens-enterprise-ai-capability-with-global-microsoft-frontier-partner-status-and-copilot-specialisation) (2026-07-01): Logicalis, the global technology service provider, has announced it has achieved Microsoft Frontier Partner status, alongside its Microsoft Copilot specialisation,... - [Verena Siow named new SAP Regional President, Asia Pacific](https://itwire.com/it-people-news/people-moves/verena-siow-named-new-sap-regional-president-asia-pacific) (2026-07-01): SAP Asia Pacific APAC announced Verena Siow as President for the APAC region, effective immediately. Based in Singapore, she will focus on driving customer success,... - [Elastic Delivers Best-in-Class Metrics With Native Prometheus Support and Agentic Investigation Experiences](https://itwire.com/business-it-news/data/elastic-delivers-best-in-class-metrics-with-native-prometheus-support-and-agentic-investigation-experiences) (2026-07-01): Native PromQL, out-of-the-box Kubernetes agentic investigations, and automated migration from Datadog and Grafana — all in the platform SREs already run for logs. - [The Contact Centre Is No Longer Buying Contact Centre Technology, New APAC Research Finds](https://itwire.com/guest-articles/guest-research/the-contact-centre-is-no-longer-buying-contact-centre-technology-new-apac-research-finds) (2026-07-01): CrayonIQ’s 2026 APAC Contact Centre CX Platforms with AI Buyers Guide Reveals AI Ecosystems, Hyperscalers, Emerging Partner Models And Regional Language Capability Are... - [DXC Introduces DXC Private Cloud+, Bringing Greater Control, Security, and Flexibility to Enterprise Cloud](https://itwire.com/business-it-news/cloud/dxc-introduces-dxc-private-cloud-bringing-greater-control-security-and-flexibility-to-enterprise-cloud) (2026-07-01): Private Cloud+ is a hybrid private cloud powered by Dell infrastructure and operated by DXC OASIS, built for enterprises and governments running sensitive and regulated... - [Skylight Announces Disney Mode, Bringing Beloved Characters into Everyday Family Routines](https://itwire.com/guest-articles/company-news/skylight-announces-disney-mode-bringing-beloved-characters-into-everyday-family-routines) (2026-07-01): Disney Mode for Skylight Calendar makes everyday chores and routines more engaging, with featured characters celebrating kids every step of the way - [ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)](https://isc.sans.edu/diary/rss/33120) (2026-07-01): (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. - [NiCE Launches AI Specialization Program, Recognising Partners Driving Significant AI Outcomes for Enterprises](https://itwire.com/business-it-news/data/nice-launches-ai-specialization-program-recognising-partners-driving-significant-ai-outcomes-for-enterprises) (2026-07-01): Six industry-leading partners — Accenture, Cirrus, Deloitte, Route 101, and TTEC— named as inaugural AI Specialization partners under the NiCE 360 Partner Program - [Ungoverned AI Agents and Sophisticated Deepfakes Pose Critical Threats for ANZ Organisations, New KnowBe4 Research Warns](https://itwire.com/guest-articles/guest-research/ungoverned-ai-agents-and-sophisticated-deepfakes-pose-critical-threats-for-anz-organisations-new-knowbe4-research-warns) (2026-07-01): Global study reveals 1 in 2 organisations in Australia and New Zealand deploy autonomous AI agents with little to no governance, while 85% of employees admit they are unlikely... - [Exabeam Expands Behavior Intelligence to Secure the Agentic Enterprise](https://itwire.com/business-it-news/business-intelligence/exabeam-expands-behavior-intelligence-to-secure-the-agentic-enterprise) (2026-07-01): Exabeam, the leader in Behavior Intelligence for the agentic enterprise, today announced new capabilities that help security teams detect, investigate, and reduce risk from AI... - [Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector](https://www.csoonline.com/article/4191923/sandbox-bypass-flaws-in-cursor-ide-highlight-prompt-injection-as-an-rce-vector.html) (2026-07-01): Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to break - [Anthropic shutdown shows kill switch hanging over Australian AI](https://itwire.com/guest-articles/guest-opinion/anthropic-shutdown-shows-kill-switch-hanging-over-australian-ai) (2026-07-01): AI expert Rhys Oxenham says Australia has received a sharp wake-up call following the sudden decision to switch off Anthropic models earlier this month. --- # Full Content --- title: "Microsoft fixes bug that removed Copilot button in Outlook" url: "https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-that-removed-copilot-button-in-outlook/" lang: "en-US" type: "post" description: "Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license." last_modified: "2026-07-02T12:15:47+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-that-removed-copilot-button-in-outlook/" --- # Microsoft fixes bug that removed Copilot button in Outlook Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. […] --- --- title: "Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware" url: "https://www.infosecurity-magazine.com/news/cybercriminals-pose-interpol/" lang: "en-US" type: "post" description: "Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world" last_modified: "2026-07-02T12:00:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.infosecurity-magazine.com/rss/news/" wpe_sourcepermalink: "https://www.infosecurity-magazine.com/news/cybercriminals-pose-interpol/" --- # Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world --- --- title: "Cisco finally confirms attackers exploiting Unified CM flaw" url: "https://www.bleepingcomputer.com/news/security/cisco-finally-confirms-attackers-exploiting-unified-cm-flaw/" lang: "en-US" type: "post" description: "Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June." last_modified: "2026-07-02T11:35:25+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/security/cisco-finally-confirms-attackers-exploiting-unified-cm-flaw/" --- # Cisco finally confirms attackers exploiting Unified CM flaw Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. […] --- --- title: "Microsoft 365 Copilot: Office meets genAI and agents" url: "https://www.computerworld.com/article/1629974/m365-copilot-microsofts-generative-ai-tool-explained.html" lang: "en-US" type: "post" description: "Initially launched in November 2023, Microsoft 365 Copilot brings a range of generative AI (genAI) features to Microsoft Office productivity apps, such as Word, Outlook, Teams, and Excel. With capabilities ranging from quick meeting summaries to in-depth data analysis, it’s available via a paid add-on license for Microsoft" last_modified: "2026-07-02T11:00:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.computerworld.com/security/feed/" wpe_sourcepermalink: "https://www.computerworld.com/article/1629974/m365-copilot-microsofts-generative-ai-tool-explained.html" --- # Microsoft 365 Copilot: Office meets genAI and agents Initially launched in November 2023, Microsoft 365 Copilot brings a range of generative AI (genAI) features to Microsoft Office productivity apps, such as Word, Outlook, Teams, and Excel. With capabilities ranging from quick meeting summaries to in-depth data analysis, it’s available via a paid add-on license for [Microsoft 365](https://www.computerworld.com/article/1691110/microsoft-365-explained.html) enterprise and small-business customers. Initially hampered by [underwhelming capabilities](https://www.computerworld.com/article/2513395/copilot-for-microsoft-365-review-hands-on-deep-dive.html) and a hefty price tag for businesses of all sizes, M365 Copilot has slowly gained traction in business as its abilities have increased and the integrations between Copilot and various M365 apps and services have improved. With numerous feature rollouts over the past three years, Microsoft has gradually repositioned M365 Copilot from a simple chatbot to a collection of autonomous agents that can carry out tasks across the M365 ecosystem. The company has also goosed adoption by introducing a [more affordable pricing tier for small businesses](https://www.computerworld.com/article/4093224/microsoft-drops-m365-copilot-price-for-smbs-upgrades-free-copilot-chat.html) and (temporarily, as it turns out) allowing commercial users with a standard M365 license to [use Copilot in the Office apps](https://www.computerworld.com/article/4058429/copilot-chat-comes-to-m365-apps-for-no-extra-cost.html), even without the add-on M365 Copilot license. ### Microsoft 365 Copilot pricing: 2026 tiers | Tier | Monthly cost (paid annually) | Availability | | --- | --- | --- | | M365 Copilot | $30 / user | For organizations with more than 300 seats; required for in-app Copilot integration in organizations with more than 2,000 seats | | M365 Copilot Business | $21 / user | For organizations with 10 – 300 seats | | Agent 365 (add-on management layer) | $15 / user | Available as standalone subscription or included in the new M365 E7 Frontier Suite | ## Microsoft 365 Copilot today In this way, Microsoft 365 Copilot has moved from genAI curiosity to a key part of many enterprises’ workflows. In January 2026, Microsoft said it had [15 million paid M365 Copilot seats](https://www.computerworld.com/article/4124591/microsoft-touts-m365-copilot-momentum-claims-15m-paid-users.html), a figure the company [raised to 20 million](https://techcrunch.com/2026/04/29/microsoft-says-it-has-over-20m-paid-copilot-users-and-they-really-are-using-it/) in April. However, its momentum now faces a challenge as [Microsoft limits access to Copilot Chat](https://www.computerworld.com/article/4150022/microsoft-backtracks-on-copilot-chat-access-in-m365-apps.html), a freemium version of the paid M365 Copilot, for its largest enterprise customers. Specifically, for commercial customers with more than 2,000 seats, Microsoft has removed in-app Copilot Chat access from Word, Excel, and PowerPoint for users without a Microsoft 365 Copilot license. To maintain that integration, large organizations must now pay for the full $30/user/month M365 Copilot license. The M365 Copilot license includes what Microsoft calls priority access to Copilot capabilities, which provides “faster response times and more consistent availability compared to standard access,” according the the company. Smaller firms (less than 2,000 seats) that have a Microsoft 365 license but not the add-on M365 Copilot license will maintain standard access to Copilot from within the Office apps. [Microsoft warns](https://support.microsoft.com/en-gb/topic/standard-versus-priority-access-to-features-in-microsoft-365-copilot-chat-12c8d9f8-db32-4f99-8ebe-d8d85879137f) that standard users may experience longer response times and temporary feature limitations as the service shifts resources to its higher-tier customers during peak hours. When signed in to the [Copilot Chat hub](https://m365.cloud.microsoft/), users can see which version of Copilot they have by looking for one of the following labels at the bottom of the left sidebar: - **Copilot Chat (Basic)** means the user doesn’t have an M365 Copilot license and can’t use Copilot in the Office apps. They can use the standalone Copilot Chat app with standard access. - **M365 Copilot (Basic)** means the user doesn’t have an M365 Copilot license but does have standard access to Copilot in the Office apps. - **M365 Copilot (Premium)** means the user has an M365 Copilot license and has priority access to Copilot in the Office apps. Users with paid M365 Copilot licenses also get advanced features including the ability to pull in data from across the M365 environment (documents, meetings, emails, chats, etc.), extensive use of agents including “advanced” agents like Researcher and Analyst, and the ability to create custom agents. See Microsoft’s “[How Copilot Chat works with and without a Microsoft 365 Copilot license](https://support.microsoft.com/en-us/microsoft-365-copilot/how-copilot-chat-works-with-and-without-a-microsoft-365-copilot-license)” page for details. ### **What’s new with Microsoft 365 Copilot** > - **Licensing shift:** Large enterprises (more than 2,000 seats) cannot access Copilot directly in Office apps without the M365 Copilot license. - **Multimodel access:** M365 Copilot now supports non-OpenAI models like Anthropic’s Claude 4, allowing users to choose the best logic for specific tasks. - **Agentic pivot:** The focus shifts from simple chat to autonomous agents that execute multi-step workflows across the M365 ecosystem. ## What other Copilots does Microsoft offer? It’s worth noting that Microsoft uses the term “Copilot” for a wide variety of genAI tools and functions. Individual users with M365 Personal, Family, and Premium subscriptions [can use Copilot in Office apps](https://www.computerworld.com/article/3806855/copilot-ai-microsoft-365.html), but with fewer features and privileges than business users get with a Microsoft 365 Copilot license. There’s also a [free consumer version of Copilot](https://www.computerworld.com/article/1611598/microsoft-copilot-tips-how-to-use-copilot-right.html) with very limited functionality. Adding to the confusion, the company offers several specialized enterprise versions of Copilot for specific purposes, including [Microsoft Copilot Studio](https://learn.microsoft.com/en-us/microsoft-copilot-studio/), [Microsoft Security Copilot](https://learn.microsoft.com/en-us/copilot/security/), [Azure Copilot](https://learn.microsoft.com/en-us/azure/copilot/), and [GitHub Copilot](https://www.infoworld.com/article/3609013/github-copilot-everything-you-need-to-know.html), as well as additional Copilot “experiences” for Microsoft products such as [Dynamics 365](https://learn.microsoft.com/en-us/dynamics365/copilot/ai-get-started), [Power Platform](https://learn.microsoft.com/en-us/power-platform/copilot), and [Microsoft Fabric](https://learn.microsoft.com/en-us/fabric/fundamentals/copilot-fabric-overview). Also available: agents in M365 Copilot built for specific industries, including [finance](https://learn.microsoft.com/en-us/copilot/finance/), [sales](https://learn.microsoft.com/en-us/microsoft-sales-copilot/), and [service](https://learn.microsoft.com/en-us/microsoft-copilot-service/). ## From chatbot to multi-model researcher to agentic powerhouse Microsoft has moved away from a single-model approach for its AI assistant. Copilot Chat has evolved into a Frontier interface, allowing users to select among different LLMs (large language models) such as GPT-5.4 and Anthropic Claude 4 for specialized tasks. A persistent AI risk for enterprises is overly permissive data access. Because Copilot inherits the permissions of the user, any file that is improperly shared within an organization can be surfaced by the AI. To combat the issue of business-critical files that are at risk due to inappropriate classification, [Microsoft has integrated Purview Data Security Posture Management (DSPM)](https://learn.microsoft.com/en-us/purview/copilot-in-purview-overview) more deeply into Copilot, alerting users when they are generating content from unclassified or sensitive sources. Other recently introduced M365 Copilot features include: - [Copilot Researcher](https://support.microsoft.com/en-us/topic/get-started-with-researcher-in-microsoft-365-copilot-e63ab760-f3de-4c47-ae87-dad601b0e9c4)**:** This feature allows the assistant to pull from multi-model intelligence, comparing perspectives from different AI models side-by-side to reduce hallucinations. - [Copilot Notebooks](https://support.microsoft.com/en-us/topic/get-started-with-microsoft-365-copilot-notebooks-0775e693-11c6-4d80-8aba-fcc81a737a06)**:** Notebooks allow you to ground the AI in specific project context. These can now be exported directly into structured Excel spreadsheets or PowerPoint decks, bypassing the need for manual copy and pasting. - [Teams Interpreter](https://support.microsoft.com/en-us/office/interpreter-in-microsoft-teams-meetings-and-calls-c7efe2bb-535d-42ab-a5c4-d2d91619b46d)**:** Integrated directly into Teams Phone, Interpreter is designed to provide real-time, AI-powered language interpretation during live calls, a boon for global enterprise operations. - [App Builder](https://www.computerworld.com/article/4080435/m365-copilot-now-lets-you-build-apps-and-agents-with-natural-language-prompts.html): A no-code tool that lets business users create apps, workflows, and agents using natural language prompts. It’s essentially a “lite” version of Microsoft’s high-end Copilot Studio environment for developers. - [Agents for Word, Excel, and PowerPoint](https://www.computerworld.com/article/4163305/agent-mode-is-now-available-in-microsoft-word-excel-and-powerpoint.html): Advanced modes that allow Copilot to take direct action on documents and files rather than simply suggest changes. Even more notable was the June [launch of Copilot Cowork](https://www.computerworld.com/article/4186190/microsoft-launches-copilot-cowork-with-usage-based-pricing.html), which Microsoft pitches as an AI agent for M365 Copilot that can independently perform long-running, multi-step tasks, even when a user’s computer is turned off. Unlike Anthropic’s Claude Cowork, which can interact directly with files and applications on a user’s computer, Copilot Cowork runs in Microsoft’s cloud environment and acts on documents held in a customer’s Microsoft 365 tenant. Copilot Cowork requires a Microsoft 365 Copilot license and is billed based on usage. Another announcement that caused a stir was Microsoft’s unveiling of Scout, its first [autonomous agent built on the open-source OpenClaw platform](https://www.computerworld.com/article/4180103/microsoft-unveils-scout-an-autonomous-ai-agent-built-on-openclaw.html). By integrating OpenClaw-style agentic capabilities, Microsoft hopes to transform Copilot into an always-on system that can, for instance, scan Outlook email inboxes and calendars to suggest daily priorities. Microsoft’s implementation addresses security concerns around self-hosted agents by isolating professional-grade “autopilots” within specific roles and applying managed permission guardrails. Scout is available as an “experimental release” to customers of Microsoft’s Frontier program. Industry analysts note that these tools are new and unproven, and IT leaders should use caution when testing them and evaluating costs. ## Managing AI agent sprawl: Enter Agent 365 As organizations move beyond simple chat to building custom [declarative agents](https://learn.microsoft.com/en-us/microsoft-365/copilot/extensibility/overview-declarative-agent) in Copilot Studio, the risk of [shadow AI ](https://www.cio.com/article/4129630/shadow-ai-practices-a-wakeup-call-for-enterprises.html)has become a concern. Gartner reports that 86% of IT leaders require additional governance to manage these agents. Available as an add-on subscription for Microsoft 365 or bundled in the top-end M365 E7 package, [Agent 365](https://www.computerworld.com/article/4092436/microsoft-unveils-agent-365-to-help-it-manage-ai-agent-sprawl.html) acts as a control plane for the AI ecosystem. Unlike the user-facing Copilot, Agent 365 is a back-end dashboard that allows IT admins to manage agents in various ways: - **Registry and lifecycle management:** View every agent — Microsoft, third-party, or internally developed — in a “single-pane-of-glass” dashboard. - **Policy-based guardrails:** Admins can set global rules to prevent agents from accessing high-sensitivity data (like payroll), even if the human user has permission. - **Unified ROI analytics:** Leaders can track which agents are actually driving value, allowing for precise seat-count adjustments during renewal cycles. ### Microsoft Agent 365 quick facts | Pricing | $15 / user / month (as an add-on) or included in the Microsoft 365 E7 suite ($99 / user / month) | | --- | --- | | Core functions | Centralized registry, access control, and performance analytics for all AI agents | | Objective | Designed to prevent agent sprawl and ensure agents from partners (e.g., Adobe, ServiceNow, etc.) follow M365 security rules | Gartner says that Agent 365 is still a work in progress and has yet to prove it can actually reduce costs in IT operations. The analyst firm advises customers to assess Agent 365 but not necessarily move to it or the E7 bundle right away. ## Copilot vs. AI in other productivity apps Most vendors in the productivity and collaboration software market have added genAI and agentic tools to their offerings at this point. The rivalry between Microsoft and Google has heightened in 2026. While Google has [faced criticism](https://www.computerworld.com/article/4136922/google-gemini-3-years.html#:~:text=Gemini%E2%80%99s%20simplest%20struggles) for a messy transition from the Google Assistant to Gemini, it remains a price leader by [embedding Gemini features directly](https://www.computerworld.com/article/3804055/google-ups-workspace-price-makes-gemini-ai-features-available-for-free.html) into most tiers of its office suite, [Google Workspace](https://www.computerworld.com/article/3570821/google-workspace-explained-googles-answer-to-microsoft-365.html). In contrast, Microsoft seems to be threading a needle, tightening Copilot Premium licensing for large enterprises while making basic Copilot features available to smaller customers without an add-on license. The goal may be to standardize AI as a commodity while reserving the high-value agentic features for the highest-paying enterprise customers. While Microsoft focuses on the productivity suite, Salesforce is positioning Slack as the “agentic operating system” for the enterprise. As of April 2026, [Slack AI has moved beyond summarizing to orchestrating agentic workflows](https://www.computerworld.com/article/4153622/slacks-ai-updates-signal-shift-towards-agent-orchestration.html). This is designed let you trigger complex, multi-step actions across non-Microsoft systems directly from a Slack thread. Salesforce’s Agentforce platform uses the Atlas Reasoning Engine, which is designed to offer autonomous front-office automation (sales, service, and marketing). For organizations where CRM data is more critical than Word documents, Agentforce is emerging as a formidable, high-ROI alternative to Copilot. ### **Gartner’s 5 stages of agentic AI evolution** > Gartner projects that agentic AI could drive approximately 30% of enterprise application software revenue by 2035. The analyst firm’s roadmap identifies five maturity stages for IT leaders: > - **2025: AI assistants:** Embedded helpers that simplify tasks but remain dependent on human input - **2026: Task-specific agents:** Agents capable of end-to-end complex tasks, such as real-time cybersecurity-threat response - **2027: Collaborative agents:** Multi-agent systems that work together across data environments to solve multifaceted business problems - **2028: Agentic front ends:** A shift where a third of user experiences move away from native apps toward “agentic interfaces” that navigate multiple apps on behalf of the user - **2029: Democratized ecosystems:** A new normal where 50% of knowledge workers actively govern or create agents on demand for complex tasks In March 2026, [Apple launched Apple Business](https://www.computerworld.com/article/4149464/apple-goes-global-with-key-mdm-tools-and-services-for-business.html), a platform designed to integrate Apple Intelligence directly into macOS and iOS. Apple claims its competitive edge is its on-screen awareness. Unlike cloud-heavy competitors, Apple Intelligence is built to act across apps locally, appealing to regulated industries concerned about data leakage. Apple Business now supports automated Managed Apple Accounts via integration with Microsoft Entra ID, a feature designed to let IT teams manage Apple’s AI features using their Microsoft identity stack. As Microsoft tightens the reins on free access, the question for enterprise IT leaders is no longer whether Copilot can summarize a meeting, but whether the $30-per-month leap delivers enough agentic automation to justify the cost. For many, the answer will lie in the effectiveness of Agent 365 in bringing order to the burgeoning fleet of AI workers. _This article was originally published in February 2025 and most recently updated in July 2026._ ### More on Microsoft 365 Copilot: - [How IT leaders unlock productivity with Microsoft 365 Copilot](https://www.computerworld.com/article/4036013/how-it-leaders-unlock-productivity-with-microsoft-365-copilot.html) - [Building end-to-end workflows with Microsoft 365 Copilot](https://www.computerworld.com/article/4110646/building-end-to-end-workflows-with-microsoft-365-copilot.html) - [Microsoft Copilot can boost your writing in Word, Outlook, and OneNote — here’s how](https://www.computerworld.com/article/3479705/how-to-use-microsoft-copilot-for-writing-in-microsoft-365-word-outlook-onenote.html) - [11 cool things Copilot can do in Excel](https://www.computerworld.com/article/4119411/11-cool-things-copilot-can-do-in-excel.html) - [9 ways Copilot can turbocharge OneNote](https://www.computerworld.com/article/4022584/9-ways-copilot-can-turbocharge-onenote.html) - [How to curb hallucinations in Copilot (and other genAI tools)](https://www.computerworld.com/article/4067372/how-to-curb-hallucinations-in-copilot-and-other-genai-tools.html) --- --- title: "Ivanti Selects Climb as North American Distribution Partner" url: "https://www.channelinsider.com/channel-business/vendor-leadership-and-partner-programs/ivanti-climb-distribution/" lang: "en-US" type: "post" description: "Ivanti is expanding its partner strategy in the Americas with a renewed focus on distribution, partner recruitment, and services-led growth as demand for endpoint management continues to rise. Andrew King, vice president of Americas partner sales at Ivanti, told Channel" last_modified: "2026-07-02T11:00:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.channelinsider.com/feed/" wpe_sourcepermalink: "https://www.channelinsider.com/channel-business/vendor-leadership-and-partner-programs/ivanti-climb-distribution/" --- # Ivanti Selects Climb as North American Distribution Partner Ivanti is expanding its partner strategy in the Americas with a renewed focus on distribution, partner recruitment, and services-led growth as demand for endpoint management continues to rise. Andrew King, vice president of Americas partner sales at Ivanti, told Channel Insider the company is prioritizing a more unified channel motion after years of acquisitions brought multiple reseller relationships, contracts, and partner programs into the business. ## Endpoint complexity drives channel opportunity King said customers are struggling to manage endpoint environments that are [growing faster](https://www.channelinsider.com/security/malwarebytes-report-ai-reshaping-trust/) than IT and security teams can support manually.  Ivanti is positioning its autonomous endpoint management platform as a way for partners to help customers improve visibility, prioritize risk, and act faster across IT operations, security, service management, and asset management. “The endpoint environments are growing faster than IT and security teams can manage manually,” King said. “What we’re doing specifically around autonomous endpoint management helps customers move to visibility where they can prioritize the risk and take action faster.” For channel partners, that creates multiple entry points into customer accounts. King pointed to security, [patch management](https://www.channelinsider.com/security/managed-services/patch-management-services/), digital employee experience, IT service management, and asset management as areas where resellers can build conversations around specific customer pain points. ## Climb partnership targets partner depth and recruitment Ivanti’s work with [Climb Channel Solutions ](https://www.channelinsider.com/channel-business/climb-distribution-growth-goals-interview/)is intended to support both deeper engagement with existing top partners and recruitment of new resellers across the U.S. and Canada. King said Climb’s “relationship-driven and consultative approach” was a major factor in the partnership, along with the [distributor’s reach](https://www.channelinsider.com/security/climb-fortinet-distribution-partnership/) and ability to support both mutual strategic partners and new partner recruitment. “We need to get deeper and more focused on those [top partners] while simultaneously beginning to recruit new resellers around the U.S. and Canada,” King said. For Ivanti, distribution is also part of rebuilding a growth-focused channel foundation.  King said the company has spent recent years rationalizing the partner ecosystem it inherited through acquisitions. Ivanti, in its current state, is the culmination of 12 companies coming together under a unified brand and technology offering. Now, the focus is shifting toward clearer partner plays, improved enablement, and broader market coverage. ### Services become a larger partner priority King said one of the biggest changes in the channel is the growing emphasis on services, even among partners that historically focused on resale. “Even they have come to us and said, it’s all about services,” King said, noting that partners increasingly want to know where they can attach services and build practices around vendor technology. That services push is shaping how Ivanti thinks about partner packaging. King said partners can help vendors understand [where customized services add value](https://www.channelinsider.com/security/managed-services/msp-compliance-shift/) and where simpler, easier-to-buy offerings may be more effective for SMB customers. “The very best partners are delivering more customized services, oftentimes at a greater value for the end customer,” King added. ## Ivanti builds for next phase of partner growth Looking ahead, King said Ivanti is investing in internal resources and partner tools to support more partner marketing, new partner recruitment, and expansion into areas of the partner ecosystem where the company is underrepresented. The near-term priority is completing the transition without disrupting customers or major reseller relationships. Along the way, King told Channel Insider, the priority will be delivering value to partners and shwing its commitment to mutual success. “The channel always comes down to trust and credibility and providing value. It doesn’t matter what you’re doing,” King said.  “The tools of how we do it, the analytics that are out there… that helps, but it never substitutes: Are you trustworthy? Do you do what you say you’re gonna do? Are you easy to do business with?” From there, King said Ivanti sees an opportunity to bring its updated autonomous endpoint management story to more partners at a time when customers are asking for faster, more integrated ways to manage endpoint risk. The post [Ivanti Selects Climb as North American Distribution Partner](https://www.channelinsider.com/channel-business/vendor-leadership-and-partner-programs/ivanti-climb-distribution/) appeared first on [Channel Insider](https://www.channelinsider.com/). --- --- title: "‘Interpol’ emails spread custom ransomware with decryption key left inside" url: "https://www.scworld.com/news/interpol-emails-spread-custom-ransomware-with-decryption-key-left-inside" lang: "en-US" type: "post" description: "The campaign targets small businesses with fearmongering emails." last_modified: "2026-07-02T11:00:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/news/interpol-emails-spread-custom-ransomware-with-decryption-key-left-inside" --- # ‘Interpol’ emails spread custom ransomware with decryption key left inside The campaign targets small businesses with fearmongering emails. --- --- title: "Argo CD flaw shows why GitOps infrastructure should be treated as tier zero" url: "https://www.csoonline.com/article/4192188/argo-cd-flaw-shows-why-gitops-infrastructure-should-be-treated-as-tier-zero.html" lang: "en-US" type: "post" description: "A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application" last_modified: "2026-07-02T10:57:39+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.csoonline.com/feed/" wpe_sourcepermalink: "https://www.csoonline.com/article/4192188/argo-cd-flaw-shows-why-gitops-infrastructure-should-be-treated-as-tier-zero.html" --- # Argo CD flaw shows why GitOps infrastructure should be treated as tier zero A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application deployments. Security firm Synacktiv said in a [report](https://www.synacktiv.com/en/publications/caught-in-the-octopus-trap-unauthenticated-rce-in-argo-cd-with-codeql) that the flaw affects Argo CD’s repo-server component, which fetches content from Git repositories and generates Kubernetes manifests used to deploy resources in a cluster. Argo CD is one of the most popular Kubernetes tools and is based on the GitOps paradigm. “Argo CD requires significant privileges within the cluster,” Synacktiv said. “Additionally, it has access to private Git repositories, making it an attractive target for attackers.” The issue centers on the repo-server’s unauthenticated GenerateManifest gRPC endpoint. Synacktiv said an attacker able to reach that endpoint could supply Kustomize options in a manifest generation request and abuse Kustomize’s Helm-related build options to execute attacker-controlled commands. Exploitation requires access to both the repo-server gRPC port and the Redis database port, which should not be exposed to users. Argo CD provides Kubernetes network policies designed to prevent that scenario, but those protections are not enabled by default in Helm chart deployments, according to Synacktiv. In such deployments, compromising a single pod inside the cluster could be enough to give an attacker the internal access needed to exploit the vulnerability. Synacktiv said it was able to use the flaw to obtain the Redis password from the repo-server environment and access Argo CD’s Redis database. The researchers then manipulated cached deployment data, allowing a malicious manifest to be deployed automatically when Argo CD’s Auto Sync feature was enabled. If Auto Sync is not enabled, exploitation would require a user to manually sync the application. Synacktiv publicly disclosed the details on July 1, 2026, after first reporting the issue to Argo CD maintainers in January 2025. The vulnerability remains unpatched, and the firm recommended strict Kubernetes network policies to block untrusted pods from reaching the repo-server and Redis services until a fix is available. ## Assessing internal cluster exposure For CISOs, the key question is not only whether Argo CD is exposed to the internet, but whether [other workloads](https://www.csoonline.com/article/4151367/why-kubernetes-controllers-are-the-perfect-backdoor.html) inside the Kubernetes cluster can reach its internal services. “Because the repo-server’s gRPC service does not enforce authentication, any pod that can reach it becomes equivalent to an authenticated attacker,” said [Devashri Datta](https://www.linkedin.com/in/devashri-datta-522b364b/), a cybersecurity researcher. “In a typical cluster, that means any compromised application pod, misconfigured service mesh, or adjacent workload with local code execution can directly query the GenerateManifest endpoint or hit the Redis cache, no internet exposure required.” Organizations should not equate “not internet-facing” with “low risk,” because modern attacks often begin with the compromise of an internal workload, according to [Sakshi Grover](https://my.idc.com/getdoc.jsp?containerId=PRF005665), senior research manager for cybersecurity services research at IDC Asia/Pacific. “CISOs should therefore evaluate which workloads can communicate with the Argo CD control plane, whether east-west traffic is appropriately segmented, and whether unnecessary trust relationships exist between application workloads and GitOps infrastructure,” Grover said. “The assessment should focus on attack paths rather than perimeter exposure.” ## Treating GitOps as tier-zero The flaw also underscores the role GitOps platforms play in controlling software deployment across enterprise infrastructure. “GitOps engines aren’t utility services; they’re tier-0 control-plane components,” Datta said. “By design, Argo CD holds read access to private repositories, sync/write access to target clusters, and custody of deployment secrets. It sits at the precise intersection of source code, configuration management, and live infrastructure.” That level of access means an Argo CD compromise may extend beyond a single application. An attacker could turn the platform used to deploy applications into a channel for malicious manifests, while also interfering with auto-sync behavior and extracting credentials cached in supporting systems such as Redis. A compromise of these platforms could influence [software delivery at scale](https://www.csoonline.com/article/4165420/sap-npm-package-attack-highlights-risks-in-developer-tools-and-ci-cd-pipelines.html), making them strategic assets that should be subject to stricter governance and privileged access controls similar to those applied to identity platforms and other critical management systems. --- --- title: "CISA: Microsoft SharePoint RCE flaw now actively exploited" url: "https://www.bleepingcomputer.com/news/security/cisa-microsoft-sharepoint-rce-flaw-now-actively-exploited/" lang: "en-US" type: "post" description: "CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May." last_modified: "2026-07-02T10:52:43+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/security/cisa-microsoft-sharepoint-rce-flaw-now-actively-exploited/" --- # CISA: Microsoft SharePoint RCE flaw now actively exploited CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. […] --- --- title: "Opera rolls out Paste Protect feature to fight ClickFix attacks" url: "https://www.bleepingcomputer.com/news/security/opera-rolls-out-paste-protect-feature-to-fight-clickfix-attacks/" lang: "en-US" type: "post" description: "Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering." last_modified: "2026-07-02T10:46:58+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/security/opera-rolls-out-paste-protect-feature-to-fight-clickfix-attacks/" --- # Opera rolls out Paste Protect feature to fight ClickFix attacks Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. […] --- --- title: "430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link" url: "https://securityaffairs.com/194645/security/430000-fortigate-devices-exposed-in-fortibleed-ransomware-link.html" lang: "en-US" type: "post" description: "FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected FortiBleed, a large-scale campaign that harvested credentials from over 430,000 FortiGate firewalls worldwide, directly" last_modified: "2026-07-02T10:37:36+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://securityaffairs.com/feed" wpe_sourcepermalink: "https://securityaffairs.com/194645/security/430000-fortigate-devices-exposed-in-fortibleed-ransomware-link.html" --- # 430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link ## FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected [FortiBleed](https://securityaffairs.com/tag/fortibleed), a large-scale campaign that harvested credentials from over 430,000 FortiGate firewalls worldwide, directly to two active ransomware operations: [INC Ransom](https://securityaffairs.com/tag/inc-ransom) and [Lynx](https://securityaffairs.com/tag/lynx-ransomware). The link isn’t circumstantial. An operator with access to FortiBleed’s own infrastructure was found actively logged into the negotiation panels of both ransomware groups, handling ransom demands in real time. FortiBleed has been documented since SOCRadar’s first report. The operation uses a custom tool written in Go called FortigateSniffer, which passively intercepts authentication traffic by abusing FortiOS’s own built-in packet diagnostic command across two dozen protocols. [![](https://i0.wp.com/securityaffairs.com/wp-content/uploads/2026/07/image-5.png?resize=663%2C1024&ssl=1)](https://i0.wp.com/securityaffairs.com/wp-content/uploads/2026/07/image-5.png?ssl=1) The attacker never sends malicious payloads to the firewall. They just listen to the traffic the device generates itself. It’s a quiet way to collect credentials at scale, and it’s been running across more than 150 countries. After the initial disclosure, SOCRadar continued mapping the campaign using Shodan, Censys, Validin, and its own scanning. That work turned up roughly 200 additional operational servers beyond the original dataset, a mix of credential sniffers and network scanners that hadn’t appeared in the first investigation. As the SOCRadar report states: _“Across the expanded infrastructure, STRU tracked scanning activity against roughly 11,250 FortiGate portals in more than 150 countries, with admin-level access confirmed on 409 targets.” reads the [report](https://socradar.io/blog/fortibleed-inc-lynx-ransomware-link/) published by SocRadar. “On 354 of those, the actor completed the full attack chain: VPN compromise, access to the domain controller, and domain admin. STRU has confirmed at least 12 ransomware deployments stemming from this access, with hundreds of endpoints encrypted across affected organizations.”_ That’s not credential theft sitting in a database waiting to be sold. That’s domain-level control of hundreds of organizations, obtained quietly through their own firewall. SOCRadar has confirmed at least 12 ransomware deployments traced directly to FortiBleed-derived access, with hundreds of endpoints encrypted across the affected organizations. One of the newly discovered servers gave SOCRadar visibility into the group’s own internal environment. An operational security lapse in how the group managed its infrastructure exposed internal files, logs, and operational documentation. That’s what made the ransomware connection possible to prove rather than just infer. Inside that environment, SOCRadar found an operator logged into negotiation panels for both INC Ransom and Lynx simultaneously. INC Ransom has been active since mid-2023 and remains one of the more active ransomware-as-a-service operations by victim count. The INC RANSOM has [claimed responsibility for the breach of at tens of organizations to date](https://ransomfeed.it/stats.php?page=group-profile&group=incransom), including US hospice pharmacy  [Xerox Corp](https://securityaffairs.com/156679/cyber-crime/inc-ransom-ransomware-xerox-corp.html), [OnePoint Patient Care](https://securityaffairs.com/170247/data-breach/onepoint-patient-care-data-breach.html), and [Scotland’s National Health Service (NHS)](https://securityaffairs.com/161143/data-breach/inc-ransom-hacked-national-health-service-of-scotland.html) Lynx appeared roughly a year later and is widely assessed as a direct evolution of INC. One operator, two brands, infrastructure traceable back to the credential harvesting campaign. The attribution case is direct. SOCRadar also found a separately discovered open directory linked to INC Ransom and compared its contents against FortiBleed’s own target records. The victims matched. _“Comparing target and victim data from FortiBleed’s own infrastructure against a separately discovered INC-linked open directory, STRU found matching victims across both datasets, independent confirmation that the same organizations were being tracked by both the credential-harvesting operation and the ransomware group.” states SocRadar._ SOCRadar recovered an internal tracking document the group uses to manage its FortiGate targets, recording which credentials were used, which networks were accessed, and whether ransomware was eventually deployed. Analysis of this document points to a structured operation of roughly 20 people. A small core of primary operators handles the high-impact intrusions. Behind them sit dedicated specialists, and below those, a back-office layer of junior operators and technical support staff. It runs like a small company, with a division of labor that would look familiar on any org chart. (Except the product is ransomware.) SOCRadar is withholding specific operator aliases, tooling details, and the full indicator set until the complete technical whitepaper publishes. That report will also cover a separate line of investigation into the group’s use of AI tools for vulnerability research, including work toward at least one undisclosed zero-day that SOCRadar is coordinating with the affected vendor through responsible disclosure. The practical implication is direct. This campaign isn’t an access broker quietly monetizing stolen credentials through underground markets at arm’s length from the actual attacks. The same infrastructure that collected the credentials is directly connected, through a shared operator, to the groups deploying ransomware on victim networks. _“The same access broker infrastructure that quietly intercepted authentication traffic across hundreds of thousands of firewalls is connected, through a shared operator, to two of the more active ransomware brands operating today.” concludes the report. “For organizations running FortiGate infrastructure, this raises the stakes on an already urgent finding: exposure to FortiBleed is not just a credential exposure risk, it is a potential precursor to ransomware.”_ If your organization runs FortiGate infrastructure, the question isn’t whether your credentials were targeted. With 430,000 firewalls in scope and active scanning across 150 countries, the better question is whether your environment showed up in the 409 where admin access was confirmed, or the 354 where full domain compromise was achieved. SOCRadar says the full indicator set will be in the forthcoming whitepaper. Watch for it. **Follow me on Twitter: **[**@securityaffairs**](https://twitter.com/securityaffairs)** and **[**Facebook**](https://www.facebook.com/sec.affairs)** and **[**Mastodon**](https://infosec.exchange/@securityaffairs)**** [**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**** **(**[**SecurityAffairs**](http://securityaffairs.co/wordpress/)** – hacking, newsletter)****** --- --- title: "Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation" url: "https://hackread.com/sysdig-jadepuffer-first-agentic-ransomware-operation/" lang: "en-US" type: "post" description: "A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat." last_modified: "2026-07-02T10:22:21+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://hackread.com/feed/" wpe_sourcepermalink: "https://hackread.com/sysdig-jadepuffer-first-agentic-ransomware-operation/" --- # Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat. --- --- title: "I tried Brave’s new stripped down Origin browser, and now it’s my top Chromium-based pick" url: "https://www.zdnet.com/article/brave-origin-browser-hands-on/" lang: "en-US" type: "post" description: "If you like the idea of Brave's browser security, but all of the other features just get in your way, the developers have created a solution for you." last_modified: "2026-07-02T10:00:56+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.zdnet.com/news/rss.xml" wpe_sourcepermalink: "https://www.zdnet.com/article/brave-origin-browser-hands-on/" --- # I tried Brave’s new stripped down Origin browser, and now it’s my top Chromium-based pick If you like the idea of Brave’s browser security, but all of the other features just get in your way, the developers have created a solution for you. --- --- title: "NCSC Shares Tips on How to Make a Pen Tester’s Job Harder" url: "https://www.infosecurity-magazine.com/news/ncsc-tips-make-pen-testers-job/" lang: "en-US" type: "post" description: "The NCSC has shared best practice advice from pen testers which could help improve system resilience" last_modified: "2026-07-02T10:00:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.infosecurity-magazine.com/rss/news/" wpe_sourcepermalink: "https://www.infosecurity-magazine.com/news/ncsc-tips-make-pen-testers-job/" --- # NCSC Shares Tips on How to Make a Pen Tester’s Job Harder The NCSC has shared best practice advice from pen testers which could help improve system resilience --- --- title: "Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic" url: "https://securityaffairs.com/194622/security/adobe-fixed-multiple-maximum-severity-flaws-in-coldfusion-and-campaign-classic.html" lang: "en-US" type: "post" description: "Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for ColdFusion and Campaign Classic, fixing multiple critical vulnerabilities, including seven maximum-severity issues (CVSS" last_modified: "2026-07-02T09:21:27+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://securityaffairs.com/feed" wpe_sourcepermalink: "https://securityaffairs.com/194622/security/adobe-fixed-multiple-maximum-severity-flaws-in-coldfusion-and-campaign-classic.html" --- # Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic ## Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for [ColdFusion](https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html) and [Campaign Classic](https://helpx.adobe.com/security/products/campaign/apsb26-69.html), fixing multiple critical vulnerabilities, including seven maximum-severity issues (CVSS score of 10.0). If exploited, the flaws could allow attackers to execute arbitrary code, escalate privileges, read sensitive files, or bypass security protections. Adobe strongly recommends that customers apply the updates as soon as possible to reduce the risk of compromise. The vulnerabilities include: - **CVE-2026-48276, CVE-2026-48283** (CVSS score of 10.0) – Allow attackers to upload malicious files and execute arbitrary code. - **CVE-2026-48277, CVE-2026-48281, CVE-2026-48316** (CVSS score of 10.0) – Input validation flaws that could let attackers execute arbitrary code. - **CVE-2026-48282** (CVSS score of 10.0) – A path traversal flaw that could result in arbitrary code execution. - **CVE-2026-48313** (CVSS score of 9.3) – A path traversal flaw that could let attackers read sensitive files. - **CVE-2026-48315** (CVSS score of 9.3) – An input validation flaw that could allow privilege escalation. Adobe addressed these vulnerabilities in ColdFusion 2023 Update 21 and ColdFusion 2025 Update 10. Security researchers Anirudh Anand, Matan Sandori, and 2Bsecure reported several of the vulnerabilities. The firm thanked researchers for reporting the issues and helping improve security: Anirudh Anand reported CVE-2026-48283 and CVE-2026-48313, while Matan Sandori and 2Bsecure reported CVE-2026-48307. The company also fixed a critical flaw, tracked as CVE-2026-48286 (CVSS score of 10.0) in Adobe Campaign Classic that could let attackers execute arbitrary code due to an authorization weakness. The issue affects on-premises deployments running version 7.4.3 build 9396 and earlier and is fixed in build 9397. Adobe-hosted instances are not affected. The software giant said it has seen no evidence of active exploitation. _“Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.” [reads the advisory](https://helpx.adobe.com/security/products/campaign/apsb26-69.html)._ **Follow me on Twitter: **[**@securityaffairs**](https://twitter.com/securityaffairs)** and **[**Facebook**](https://www.facebook.com/sec.affairs)** and **[**Mastodon**](https://infosec.exchange/@securityaffairs)**** [**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**** **(**[**SecurityAffairs**](http://securityaffairs.co/wordpress/)** – hacking, Coldfusion)** --- --- title: "AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack" url: "https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html" lang: "en-US" type: "post" description: "Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job:" last_modified: "2026-07-02T09:13:13+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://feeds.feedburner.com/TheHackersNews?format=xml" wpe_sourcepermalink: "https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html" --- # AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company’s production database. Ransomware has always --- --- title: "If you like COSMIC Desktop, you’ll love its new system monitor" url: "https://www.zdnet.com/article/cosmic-desktop-new-system-monitor-and-its-out-of-this-world/" lang: "en-US" type: "post" description: "If you like to see and manage your system processes on Linux, but aren't happy with the tool you're using, System76 might have just the app you've been looking for (and a reason to switch to either COSMIC Desktop or" last_modified: "2026-07-02T09:00:38+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.zdnet.com/news/rss.xml" wpe_sourcepermalink: "https://www.zdnet.com/article/cosmic-desktop-new-system-monitor-and-its-out-of-this-world/" --- # If you like COSMIC Desktop, you’ll love its new system monitor If you like to see and manage your system processes on Linux, but aren’t happy with the tool you’re using, System76 might have just the app you’ve been looking for (and a reason to switch to either COSMIC Desktop or Pop!_OS). --- --- title: "Alleged Scattered Spider hacker extradited to the United States" url: "https://www.bleepingcomputer.com/news/security/alleged-scattered-spider-hacker-extradited-to-the-united-states/" lang: "en-US" type: "post" description: "A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective." last_modified: "2026-07-02T08:58:25+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/security/alleged-scattered-spider-hacker-extradited-to-the-united-states/" --- # Alleged Scattered Spider hacker extradited to the United States A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. […] --- --- title: "Alleged Scattered Spider Member Extradited to US" url: "https://www.infosecurity-magazine.com/news/scattered-spider-member-extradited/" lang: "en-US" type: "post" description: "A teenager accused of hacking as part of Scattered Spider has been arrested" last_modified: "2026-07-02T08:45:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.infosecurity-magazine.com/rss/news/" wpe_sourcepermalink: "https://www.infosecurity-magazine.com/news/scattered-spider-member-extradited/" --- # Alleged Scattered Spider Member Extradited to US A teenager accused of hacking as part of Scattered Spider has been arrested --- --- title: "Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges" url: "https://securityaffairs.com/194613/security/alleged-scattered-spider-hacker-extradited-to-u-s-to-face-cybercrime-charges.html" lang: "en-US" type: "post" description: "Alleged Scattered Spider member Peter Stokes, 19, was extradited from Finland to the U.S. over hacking, fraud, and extortion charges. Peter Stokes, 19, an alleged Scattered Spider member known online as “Bouquet,” has been extradited from Finland to the U.S." last_modified: "2026-07-02T08:03:46+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://securityaffairs.com/feed" wpe_sourcepermalink: "https://securityaffairs.com/194613/security/alleged-scattered-spider-hacker-extradited-to-u-s-to-face-cybercrime-charges.html" --- # Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges ## Alleged Scattered Spider member Peter Stokes, 19, was extradited from Finland to the U.S. over hacking, fraud, and extortion charges. Peter Stokes, 19, an alleged [Scattered Spider](https://securityaffairs.com/tag/scattered-spider) member known online as “Bouquet,” has been extradited from Finland to the U.S. to face hacking, fraud, and extortion charges. Prosecutors say he took part in multiple cyberattacks, including a 2025 breach of a luxury jewelry retailer where attackers allegedly stole data and demanded about $8 million in cryptocurrency. _“Among other offenses, the complaint alleges that Stokes and other co-conspirators breached a luxury jewelry retailer’s computer system, exfiltrated data from the company, and made a ransom demand of approximately $8 million in cryptocurrency in May 2025.” reads the [press release](https://www.justice.gov/opa/pr/alleged-member-criminal-cyber-hacking-group-scattered-spider-arrested-finland-and-extradited) published by DoJ. “The retailer’s security personnel successfully evicted the threat actors from the company’s computer network and no ransom was paid. The retailer nonetheless suffered a loss of at least $2 million due to business disruption, investigation, and mitigation of the threat.”_ He was arrested in Finland in April on an Interpol Red Notice. U.S. officials said Scattered Spider (aka [Octo Tempest](https://securityaffairs.com/tag/octo-tempest), [UNC3944](https://securityaffairs.com/165811/cyber-crime/octo-tempest-ransomhub-qilin-ransomware.html), and [0ktapus](https://securityaffairs.com/tag/0ktapus-campaign)) has caused major disruption by targeting American companies, stealing data, encrypting systems, and demanding cryptocurrency payments. The FBI warned the group has cost businesses millions of dollars and disrupted critical operations. Authorities pledged to continue working with international partners to identify, disrupt, and prosecute members of the group, regardless of where they operate. The cybercrime group is suspected of hacking into hundreds of organizations over the past two years, including [Twilio](https://securityaffairs.com/134851/hacking/0ktapus-phishing-campaign.html), [LastPass](https://securityaffairs.com/142791/hacking/lastpass-discloses-second-attack.html), [DoorDash](https://securityaffairs.com/91767/data-breach/doordash-data-breach.html), and [Mailchimp](https://securityaffairs.com/129831/data-breach/mailchimp-breached-cryptocurrency-phishing.html). Scattered Spider members are part of a broader cybercriminal community called “[The Com](https://securityaffairs.com/tag/the-com),” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. _“The criminal complaint charges Peter Stokes with membership in Scattered Spider, a hacking group that has been involved in over 100 network intrusions, resulting in more than $100 million in ransom payments and millions more in damages to the victims,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “The charges unsealed today are the result of years of work by the Criminal Division, the U.S. Attorney’s Office for the Northern District of Illinois, and the FBI. We will continue to partner to ensure that cybercriminals cannot evade the reach of the United States.”_ The case is part of the FBI’s [Operation Riptide](https://www.fbi.gov/contact-us/field-offices/boston/news/fbi-boston-supports-international-takedown-of-first-vpn-service-used-by-ransomware-actors-to-compromise-businesses-worldwide), a long-term effort to disrupt cybercriminals, their infrastructure, and financial networks. Americans reported more than $20 billion in cybercrime losses last year, up 26% from the previous year. In April 2026, [Tyler Buchanan](https://securityaffairs.com/164575/cyber-crime/spanish-police-member-scattered-spider.html), a 24-year-old from Scotland, also linked to the Scattered Spider group, [**admitted in a US court**](https://securityaffairs.com/191052/cyber-crime/scattered-spider-member-tyler-buchanan-pleads-guilty-to-major-crypto-theft.html) that he hacked dozens of companies, committed fraud, and stole millions in cryptocurrency. Spanish police arrested the British national in Palma de Mallorca while attempting to fly to Italy. During the arrest, police confiscated a laptop and a mobile phone. The arrest resulted from a joint operation conducted by the U.S. Federal Bureau of Investigation (FBI) and the Spanish Police. In April 2025, [Noah Urban](https://securityaffairs.com/176323/cyber-crime/scattered-spider-cybercrime-group-member-pleaded-guilty.html), 20, linked to Scattered Spider (UNC3944), pleaded guilty in Florida and California to conspiracy, wire fraud, and identity theft. He admitted involvement in phishing and fraud operations, including stealing at least $800,000 in crypto from victims between Aug 2022 and Mar 2023. He also helped export stolen data and run multi-state cybercrime activities tied to the group. In November 2025, two British teenagers, Thalha Jubair (19) and Owen Flowers (18), [accused of links to Scattered Spider](https://securityaffairs.com/185000/hacking/scattered-spider-alleged-members-deny-tfl-charges.html), pleaded not guilty in Southwark Crown Court to charges under the Computer Misuse Act. They are alleged to have conspired in a cyberattack against [Transport for London](https://securityaffairs.com/tag/transport-for-london) (TfL) in 2024. Both were arrested in September by the NCA and formally denied the accusations in court.[](https://thehackernews.uk/sygnia-cyber-response-d-2) **Follow me on Twitter: **[**@securityaffairs**](https://twitter.com/securityaffairs)** and **[**Facebook**](https://www.facebook.com/sec.affairs)** and **[**Mastodon**](https://infosec.exchange/@securityaffairs)**** [**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**** **(**[**SecurityAffairs**](http://securityaffairs.co/wordpress/)** – hacking, cybercrime)** --- --- title: "Opera is releasing a new feature that detects and blocks malicious clipboard content" url: "https://www.zdnet.com/article/opera-is-releasing-a-new-feature-that-detects-and-blocks-malicious-clipboard-content/" lang: "en-US" type: "post" description: "If you tend to copy/paste content from websites, you might be surprised to find yourself under the thrall of a ClickFix attack, but Opera has a solution to fix it before you click it." last_modified: "2026-07-02T08:00:52+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.zdnet.com/news/rss.xml" wpe_sourcepermalink: "https://www.zdnet.com/article/opera-is-releasing-a-new-feature-that-detects-and-blocks-malicious-clipboard-content/" --- # Opera is releasing a new feature that detects and blocks malicious clipboard content If you tend to copy/paste content from websites, you might be surprised to find yourself under the thrall of a ClickFix attack, but Opera has a solution to fix it before you click it. --- --- title: "FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations" url: "https://thehackernews.com/2026/07/fortibleed-credential-theft-linked-to.html" lang: "en-US" type: "post" description: "The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. \"An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both" last_modified: "2026-07-02T08:00:49+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://feeds.feedburner.com/TheHackersNews?format=xml" wpe_sourcepermalink: "https://thehackernews.com/2026/07/fortibleed-credential-theft-linked-to.html" --- # FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. “An operator tied to FortiBleed’s infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment --- --- title: "Opera blocks ClickFix attacks with new clipboard protection feature" url: "https://www.helpnetsecurity.com/2026/07/02/opera-blocks-clickfix-attacks-with-new-clipboard-protection-feature/" lang: "en-US" type: "post" description: "Opera has launched Paste Protect, a clipboard protection feature designed to prevent clipboard-based attacks such as hijacking and pastejacking. Paste Protect includes built-in protection and warnings against ClickFix-based cyberattacks, which accounted for more than half of malware-delivery attacks in 2025." last_modified: "2026-07-02T08:00:01+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.helpnetsecurity.com/feed/" wpe_sourcepermalink: "https://www.helpnetsecurity.com/2026/07/02/opera-blocks-clickfix-attacks-with-new-clipboard-protection-feature/" --- # Opera blocks ClickFix attacks with new clipboard protection feature Opera has launched Paste Protect, a clipboard protection feature designed to prevent clipboard-based attacks such as hijacking and pastejacking. Paste Protect includes built-in protection and warnings against ClickFix-based cyberattacks, which accounted for more than half of malware-delivery attacks in 2025. The feature is built into Opera’s desktop browsers and is enabled by default, so users are protected automatically without any setup. A ClickFix-style attack usually starts with something small and ordinary: a video that won’t … [More →](https://www.helpnetsecurity.com/2026/07/02/opera-blocks-clickfix-attacks-with-new-clipboard-protection-feature/) The post [Opera blocks ClickFix attacks with new clipboard protection feature](https://www.helpnetsecurity.com/2026/07/02/opera-blocks-clickfix-attacks-with-new-clipboard-protection-feature/) appeared first on [Help Net Security](https://www.helpnetsecurity.com/). --- --- title: "PQC is Now, Not Later: Quantum Readiness in the Channel" url: "https://www.channelinsider.com/security/pqc-quantum-readiness-in-the-channel/" lang: "en-US" type: "post" description: "In 2025, the conversation around post-quantum cryptography (PQC) focused on accelerating adoption and the need for deeper discovery of encryption to improve security pre- and post-PQC migration. The picture in 2026 is starting to reshape, though. Government and standards bodies" last_modified: "2026-07-02T07:54:52+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.channelinsider.com/feed/" wpe_sourcepermalink: "https://www.channelinsider.com/security/pqc-quantum-readiness-in-the-channel/" --- # PQC is Now, Not Later: Quantum Readiness in the Channel In 2025, the conversation around post-quantum cryptography (PQC) focused on accelerating adoption and the need for deeper discovery of encryption to improve security pre- and post-PQC migration. The picture in 2026 is starting to reshape, though. Government and standards bodies are pushing organizations toward PQC migration now and not later, and providers are accelerating timelines for PQC deployment, with some warning that PQC spending could compete with AI investment. ## US government issues executive orders targeting quantum readiness Recently, the U.S. White House issued two executive orders: ‘Securing the Nation Against Advanced Cryptographic Attacks’ and ‘Ushering in the Next Frontier of Quantum Innovation.’ Both of these EOs aim to enhance the U.S. position in the quantum era by pairing long-term technology investment with urgent cybersecurity safeguards.  They’re meant to accelerate quantum research, infrastructure, and workforce development while preparing federal systems for attacks involving cryptographic security. ### Policy updates signal importance of quantum moving forward Henry Young, Business Software Alliance senior director of policy, said the orders will update the National Quantum Strategy, establish federal agency roadmaps, expand public-private partnerships, reconstitute the National Quantum Initiative Advisory Committee, and update the timelines for government agencies to upgrade to PQC by 2030. “The most significant change I have seen is that the debate is largely over. A year ago, many organizations were still trying to determine whether quantum computing represented a near-term operational concern or a future technology issue,” Brian Cunningham, EVP of Strategy and Growth at QuSecure, told Channel Insider. “Today, boards, CISOs, and government leaders increasingly recognize that the challenge is not understanding the risk. The challenge is understanding their exposure and building a credible path forward. Customers are asking fewer questions about quantum timelines and more questions about execution. They want to know where their cryptography exists, which systems are most vulnerable, and how they can begin modernizing without disrupting critical operations.” ### Why awareness alone will not be enough Cunningham adds that this shift mirrors the national security landscape: awareness is important, but awareness alone does not reduce risk.  He explains that organizations making the most progress are treating PQC modernization as an operational readiness effort. “They are conducting discovery, prioritizing high-value assets, and establishing measurable migration plans,” says Cunningham.  “What separates leaders from laggards today is not concern about quantum, rather it is visibility into their cryptographic environment and the discipline to act before deadlines force action.” ## PQC migration as a budget line item Recently, Moody’s Ratings, a credit rating giant, has warned that organizations may be underestimating how quickly quantum computing could threaten current encryption standards. The U.S.’s National Institute of Standards and Technology (NIST) initially tapped 2035 as the year to fully transition to post-quantum algorithms across government and high-security national systems  Tech giants Google and Cloudflare have moved their targets to 2029.  ### Financial risks come as AI and IT spending also increase Moody’s report frames quantum computing as a long-term risk to the operational and financial stability of banks, exchanges, custodians, and tokenization platforms as digital assets move into mainstream financial markets. Citi Institute was cited by Moody, which reported that quantum-enabled disruption of critical payment infrastructure could generate $2 trillion to $3 trillion in indirect economic losses. Moody also notes that if companies fully understand the risks, PQC budgets could compete with existing AI and IT budgets. This is partly because AI investments offer revenue growth opportunities and productivity improvements, whereas PQC migration doesn’t generate additional revenue or deliver tangible benefits to customers. The credit rating organization predicts that PQC migration could account for 2.5 percent of annual IT budgets now, but delaying until 2030 could mean spending twice as much trying to catch up. ## What channel leaders should track As the PQC conversation takes a new shape, there are a few research themes that channel leaders should consider, as customers no longer ask whether PQC migration is necessary, but instead ask how to execute it. Crypto agility is becoming a core service opportunity. Research and guidance from NIST and industry groups consistently emphasize that organizations must first understand where cryptography exists across environments before replacing it. Cryptographic inventories, dependency mapping, and migration planning are foundational activities.  There are a number of channel opportunities, including discovery & assessment, advisory services, security operations, infrastructure projects, and managed services. ### Financial services industry becomes an early case study Additionally, financial services is becoming a leader in quantum readiness. When looking at banking and payment infrastructure, long-sustained sensitive data and regulatory pressures make quantum risk particularly relevant.  “The financial sector understands that trust is its most valuable asset. Financial institutions protect information that must remain secure for decades, and many recognize that adversaries are already collecting encrypted data with the expectation that future capabilities will allow decryption,” said Cunningham.  “As a result, leading banks are approaching post-quantum security with a level of rigor that extends beyond compliance. They are investing in cryptographic inventories, measuring risk exposure, and building migration plans tied to business priorities rather than technology milestones.” According to Cunningham, other industries should heed the discipline of the financial sector. “The lesson to be garnered from Banking is that visibility must come before remediation,” Cunningham posits. “The most successful financial institutions are not attempting massive rip-and-replace efforts. They are identifying critical systems, reducing uncertainty, and creating flexibility through cryptographic agility.” He adds: “Whether you operate in healthcare, telecommunications, energy, or government, the same principle applies. You cannot manage what you cannot see, and you cannot modernize what you do not understand.” ## Major vendors and ecosystem players to watch In this new era of quantum planning, the quantum-safe ecosystem is broadening beyond pure-play quantum firms and is increasingly including cybersecurity, networking, cloud, and consulting providers. There is growing participation by PQC vendors, cloud platforms, consultancies, and security providers in response to government mandates and enterprise demand. Among the notable ecosystem categories to keep an eye on are: - Microsoft [recently](https://www.techradar.com/pro/from-quantum-to-containers-4-big-things-you-might-have-missed-at-microsoft-build-2026) highlighted progress in quantum computing through its Majorana 2 ship program. It noted that the latest advances deliver qubits that are significantly more accurate. - Google Cloud and Cloudflare [accelerating](https://www.techradar.com/pro/forget-ai-credit-rating-giant-feared-by-all-countries-just-issued-an-alarming-warning-as-google-and-cloudflare-make-crucial-moves-pqc-spending-will-compete-directly-with-ai-investment) PQC timelines and positioning themselves in deployment leadership. - Palo Alto Networks [providing](https://www.paloaltonetworks.com/quantum-safe) quantum-safe security offerings to meet quantum mandates with real-time visibility and edge-to-cloud protection. - Accenture is highlighting quantum security consulting initiatives. - Specialized PQC providers, such as [PQShield,](https://pqshield.com/pqc-transition-roadmaps-and-guidance/) focus on migration tooling and quantum-safe architectures. Overall, standards are largely established, government pressure is increasing, vendors are expanding partner ecosystems, and the market is moving toward assessment, migration, validation, and managed services. ## Channel partners can build quantum readiness into existing services MSPs, MSSPs, VARs, and integrators should view quantum readiness as an emerging opportunity in cybersecurity services, comparable to other tech evolutions over the past decade.  “There are certainly parallels to the early days of cloud adoption and zero trust. In each case, organizations initially viewed the challenge as a technology project. Over time, the leaders realized it was an operational transformation. I believe the same will happen with post-quantum security,” said Cunningham.  “Success over the next three to five years will belong to organizations that establish continuous visibility into their cryptographic environment, have the ability to adapt as standards evolve, and make cryptographic modernization part of normal operations rather than a one-time event.” ### Organizations should already be preparing for quantum readiness Becoming quantum-ready should already be a discussion for teams within organizations. Delaying could be costly – financially, operationally, and in terms of trust with customers and partners. “I do not see quantum readiness as a compliance exercise, and waiting for complete certainty before taking action is a costly error,” warns Cunningham. Quantum readiness is not about predicting the arrival of a cryptographically relevant quantum computer, but rather about building resilience before you are forced to respond under pressure, Cunningham explains. “In my experience across national security and enterprise technology, the organizations that perform best are those that reduce uncertainty early and preserve freedom of action,” said Cunningham. “The organizations that start now will have options. The organizations that delay will inherit compressed timelines, greater costs, and fewer choices.” The post [PQC is Now, Not Later: Quantum Readiness in the Channel](https://www.channelinsider.com/security/pqc-quantum-readiness-in-the-channel/) appeared first on [Channel Insider](https://www.channelinsider.com/). --- --- title: "Cynomi Report Reveals MSPs’ Top AI Questions for 2026" url: "https://www.channelinsider.com/channel-business/running-an-msp/cynomi-report-msp-ai-questions-2026/" lang: "en-US" type: "post" description: "Cynomi’s latest AI report suggests MSPs aren’t asking whether AI matters anymore; they’re trying to figure out how to survive, sell, and stay useful in an AI-heavy world. Managed service providers (MSPs) have moved past early experimentation with AI and" last_modified: "2026-07-02T07:40:40+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.channelinsider.com/feed/" wpe_sourcepermalink: "https://www.channelinsider.com/channel-business/running-an-msp/cynomi-report-msp-ai-questions-2026/" --- # Cynomi Report Reveals MSPs’ Top AI Questions for 2026 Cynomi’s latest AI report suggests MSPs aren’t asking whether AI matters anymore; they’re trying to figure out how to survive, sell, and stay useful in an AI-heavy world. Managed service providers (MSPs) have moved past early experimentation with AI and are now wrestling with more practical questions around security, customer expectations, and business strategy, according to a new report from cybersecurity platform provider Cynomi. ## Cynomi summarizes Reddit, search patterns, and partner community Released Monday, the report examines [discussions happening across MSP communities](https://www.channelinsider.com/channel-business/channel-analysis/2026-predictions-trends-to-watch/) rather than relying on surveys or market forecasts. The company said it reviewed conversations and research activity spanning Reddit discussions, AlsoAsked search patterns, Perplexity Deep Research data, and its own customer community between May 2025 and May 2026. The report identified five recurring questions that appeared repeatedly across those channels: - How do we say “no” to client AI requests without losing the account? - Are clients leaking sensitive data into AI tools? - Where does AI deliver value in the service desk? - Is Microsoft Copilot good, and should MSPs sell it, bundle it, or recommend alternatives? - Will AI replace MSPs, or change what clients need from them? According to the findings, the discussions point toward an industry less worried about AI replacing providers and more focused on adapting their roles. ## Security and governance keep taking center stage Cynomi’s report argues that as automation takes over more routine tasks, customers are increasingly turning to providers for higher-level guidance involving governance, compliance, risk oversight, and strategic planning. That conclusion mirrors broader trends Cynomi has been discussing throughout the past year.  In a Dec. 2025 interview with Channel Insider, Cynomi CEO David Primor said providers would increasingly need to separate themselves through specialized security offerings rather than relying solely on traditional IT services. “What we see is that a lot of MSPs and MSSPs want to differentiate themselves from others, and we think security is one way to do that,” [Primor told Channel Insider at the time](https://www.channelinsider.com/channel-business/vendor-leadership-and-partner-programs/cynomi-david-primor-vciso-demand/).  The company’s earlier State of the vCISO data also showed that demand for virtual CISO services was growing significantly, with MSPs increasingly expanding into advisory- and compliance-focused work. ## AI is becoming a tool for scale Cynomi itself has spent much of the last year building AI-driven capabilities around that vision. [In April, the company introduced AI agents](https://www.channelinsider.com/security/tools-and-platforms/cynomi-ai-ciso-agents-msp-security-automation/) intended to function as digital security coworkers for MSPs. Those tools were designed around specific roles such as CISO, auditor, analyst, and executive communicator, helping providers automate reporting, compliance work, and remediation planning. The company expanded that strategy further last week with broader AI coworker features and new vulnerability management integrations intended to reduce manual workload across customer environments. Speaking with Channel Insider earlier this month, Primor said AI can help providers increase service capacity without a proportional increase in staffing.  “We can help you to be able to automate many of your processes in a way that you couldn’t do before,” [Primor said](https://www.channelinsider.com/security/tools-and-platforms/cynomi-msp-vciso-platform-ai-integrations/). “You could onboard a junior CISO or IT guy and turn them to be a sophisticated cybersecurity expert using AI.” ## AI competition may come from other providers, not AI itself One of the strongest themes emerging from the report is the idea that the competitive risk for MSPs may not be AI itself, but providers that adopt AI faster than others. “What makes this report different is that it reflects what MSPs are actually discussing with their peers, not what vendors think they should be discussing,” [Primor said in a statement](https://www.globenewswire.com/news-release/2026/06/30/3319773/0/en/cynomi-releases-new-report-revealing-the-top-ai-questions-msps-are-asking-in-2026.html).  “Across Reddit, AI research platforms, and our own community, we saw the same themes emerge repeatedly. Service providers are no longer asking whether AI matters. They’re asking how to govern it, secure it, operationalize it, and turn it into a competitive advantage. The competitive threat isn’t AI replacing MSPs. It’s AI-enabled MSPs outperforming traditional MSPs.” The findings suggest that AI conversations within the managed services community are shifting less toward technology adoption itself and more toward what comes after: who manages risk, who advises customers, and who becomes the trusted guide as businesses move deeper into AI use. The post [Cynomi Report Reveals MSPs’ Top AI Questions for 2026](https://www.channelinsider.com/channel-business/running-an-msp/cynomi-report-msp-ai-questions-2026/) appeared first on [Channel Insider](https://www.channelinsider.com/). --- --- title: "How Attackers Weaponize AI" url: "https://www.hackmageddon.com/2026/07/02/how-attackers-weaponize-ai/" lang: "en-US" type: "post" description: "Last Updated on July 2, 2026 Bundled Page This page requires JavaScript to display. AI THREAT INTELLIGENCE Unpacking…" last_modified: "2026-07-02T07:27:02+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.hackmageddon.com/feed/" wpe_sourcepermalink: "https://www.hackmageddon.com/2026/07/02/how-attackers-weaponize-ai/" --- # How Attackers Weaponize AI Last Updated on July 2, 2026 Bundled Page This page requires JavaScript to display. AI THREAT INTELLIGENCE Unpacking… --- --- title: "Seven reasons quantum is your next big bet after AI" url: "https://itwire.com/guest-articles/guest-opinion/seven-reasons-quantum-is-your-next-big-bet-after-ai" lang: "en-US" type: "post" description: "Business leaders are rightly focused on protecting profits today." last_modified: "2026-07-02T07:26:36+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/guest-opinion/seven-reasons-quantum-is-your-next-big-bet-after-ai" --- # Seven reasons quantum is your next big bet after AI Business leaders are rightly focused on protecting profits today. --- --- title: "New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos" url: "https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html" lang: "en-US" type: "post" description: "Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run" last_modified: "2026-07-02T07:24:23+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://feeds.feedburner.com/TheHackersNews?format=xml" wpe_sourcepermalink: "https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html" --- # New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack and --- --- title: "The next AI arms race isn’t about models. It’s about context" url: "https://itwire.com/business-it-news/data/the-next-ai-arms-race-isnt-about-models-its-about-context" lang: "en-US" type: "post" description: "Ask an AI model to analyse a photograph and it might tell you it contains a person standing under a tree near the ocean on a sunny day. Ask a human who took the photo, however,..." last_modified: "2026-07-02T06:44:46+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/business-it-news/data/the-next-ai-arms-race-isnt-about-models-its-about-context" --- # The next AI arms race isn’t about models. It’s about context Ask an AI model to analyse a photograph and it might tell you it contains a person standing under a tree near the ocean on a sunny day. Ask a human who took the photo, however,… --- --- title: "News alert: Link11 launches faster DDoS mitigation to counter AI-driven, adaptive network attacks" url: "https://www.lastwatchdog.com/news-alert-link11-launches-faster-ddos-mitigation-to-counter-ai-driven-adaptive-network-attacks/" lang: "en-US" type: "post" description: "FRANKFURT, July 1, 2026, CyberNewswire – Link11, a leading European provider of cloud-based cybersecurity solutions, today announced the launch of its completely rebuilt Layer 3/4 DDoS mitigation solution, designed to address the growing complexity of modern network attacks. Today’s DDoS" last_modified: "2026-07-02T06:23:47+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.lastwatchdog.com/feed/" wpe_sourcepermalink: "https://www.lastwatchdog.com/news-alert-link11-launches-faster-ddos-mitigation-to-counter-ai-driven-adaptive-network-attacks/" --- # News alert: Link11 launches faster DDoS mitigation to counter AI-driven, adaptive network attacks FRANKFURT, July 1, 2026, CyberNewswire – [Link11](https://www.link11.com/en/), a leading [European provider of cloud-based cybersecurity solutions](https://www.link11.com/en/data-sovereignty/), today announced the launch of its completely rebuilt [Layer 3/4 DDoS mitigation solution](https://www.link11.com/en/solutions/network-security/network-ddos-protection/), designed to address the growing complexity of modern network attacks. [![](https://www.lastwatchdog.com/wp/wp-content/uploads/Link-11-logo-1.png)](https://www.lastwatchdog.com/wp/wp-content/uploads/Link-11-logo-1.png)Today’s DDoS attacks are not just simple volume or protocol attacks anymore. They can originate from compromised devices within trusted and legitimate networks, mimic real traffic, and appear in short, high-intensity bursts that leave little time for manual response. The Next-gen Network DDoS Protection combines behavior-based, AI-driven detection with full IPv4 and IPv6 coverage for modern infrastructures. With greater automation and less reliance on manual tuning, it represents a major architectural shift in DDoS detection and mitigation. The platform is designed entirely with [European data sovereignty](https://www.link11.com/en/data-sovereignty/) in mind and is built into the architecture. It runs on Link11’s own cloud infrastructure, and security data is hosted in Europe. This enables companies to maintain control over their data, mitigate legal uncertainties, and minimize their reliance on non-European cloud providers. **Adaptive attack mitigation** Previous solutions often relied on rigid rule systems and static thresholds. While this approach was effective against volumetric attacks, it is no longer sufficient against today’s AI-driven, adaptive attack patterns. Combining insights from more than one million mitigated attacks with deep learning to deliver faster, smarter, and more precise protection, Link11 rebuilt the Network DDoS solution from ground up. [![](https://www.lastwatchdog.com/wp/wp-content/uploads/Jens-Philipp-Jung-100x125.png)](https://www.lastwatchdog.com/wp/wp-content/uploads/Jens-Philipp-Jung.png) Jung “Today’s DDoS attacks are increasingly AI-generated, precise, and designed to outsmart traditional detection logic. “After more than 12 months of development and testing, we don’t see this product as just an update. Rather, we see it as a complete redesign: a platform that keeps pace with the current threat landscape and will also meet future requirements.” says Jens-Philipp Jung, Link11’s CEO. “Anyone protecting infrastructure needs a platform that thinks for itself rather than one that has to be constantly readjusted.” With [Next-Gen Network DDoS Protection](https://www.link11.com/en/solutions/network-security/network-ddos-protection/), Link11 goes beyond traditional behavioral analysis by analyzing and mitigating each attack vector individually. Rather than responding to volumetric, protocol, or amplification attacks with a blanket response, targeted countermeasures are initiated. This significantly reduces false positives and further accelerates the groundbreaking mitigation time, which was already under 10 seconds for unknown vectors and is now under three seconds. This improvement is one of many over Link11’s previous Network DDoS Protection. Additionally, known vectors are mitigated in near real time, just as before. **Protection modern infrastructures** Built on state-of-the-art technology, the new solution is designed to make advanced DDoS protection easier to understand and operate. Real-time logs, reason codes, and a completely redesigned dashboard give security teams deep visibility into how attacks unfold and how mitigation measures are applied. During an attack, teams can quickly see which traffic is being blocked or allowed, why those decisions are being made, and which services remain available. This transparency helps companies maintain availability, protect revenue, and keep critical business operations running. “One guiding principle drove the development of this new solution: resilience is not a technical metric, but a business promise. Next-gen Network DDoS Protection is designed to help users keep this promise,” explains Marc Lamik, CPO of Link11. Since the platform continuously learns from live traffic patterns and constantly adapts its detection logic on its own, the need for manual fine-tuning is significantly reduced. By making more precise mitigation decisions automatically, the system reduces the need for frequent SOC team intervention. The AI-driven Next-Gen Network DDoS Protection provides full IPv4 and IPv6 coverage for consistent protection across modern dual-stack infrastructures. [![](https://www.lastwatchdog.com/wp/wp-content/uploads/Link11graphic-520x206.png)](https://www.lastwatchdog.com/wp/wp-content/uploads/Link11graphic.png)For existing customers, switching to the new version requires no configuration effort on their part. The migration involves an internal routing change and does not cause any downtime. Baselines and configurations are preserved, and protection remains uninterrupted during the switch. Next-gen Network DDoS Protection is now available for existing and new Link11 customers. _ **About Link11: **[Link11](https://www.link11.com/en/) is a leading European IT security provider that protects global infrastructures and web applications from cyberattacks. Its cloud-based IT security solutions help companies worldwide strengthen the cyber resilience of their networks and critical applications and prevent business disruptions. Link11 is a BSI-qualified provider of DDoS protection for critical infrastructure. The company meets the highest standards in data security and compliance with PCI DSS, SOC 2 Type II, BSI C5, and ISO 27001._ _**Media contact:**_ _Lisa Froehlich, Link11 GmbH just did it, l.froehlich@link11.com_ _**Editor’s note:** This press release was provided by _[CyberNewswire](https://cybernewswire.com/)_ as part of its press release syndication service. The views and claims expressed belong to the issuing organization._   The post [News alert: Link11 launches faster DDoS mitigation to counter AI-driven, adaptive network attacks](https://www.lastwatchdog.com/news-alert-link11-launches-faster-ddos-mitigation-to-counter-ai-driven-adaptive-network-attacks/) first appeared on [The Last Watchdog](https://www.lastwatchdog.com/). --- --- title: "The endpoint recovery gap many teams discover during an incident" url: "https://www.helpnetsecurity.com/2026/07/02/matthias-haas-igel-endpoint-recovery-gap/" lang: "en-US" type: "post" description: "In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once." last_modified: "2026-07-02T06:00:32+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.helpnetsecurity.com/feed/" wpe_sourcepermalink: "https://www.helpnetsecurity.com/2026/07/02/matthias-haas-igel-endpoint-recovery-gap/" --- # The endpoint recovery gap many teams discover during an incident In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once. Haas walks through what a well-planned recovery looks like, where the bottlenecks appear, and why restoring trusted user access matters more than counting blocked threats. He also shares how security leaders can convince a CFO … [More →](https://www.helpnetsecurity.com/2026/07/02/matthias-haas-igel-endpoint-recovery-gap/) The post [The endpoint recovery gap many teams discover during an incident](https://www.helpnetsecurity.com/2026/07/02/matthias-haas-igel-endpoint-recovery-gap/) appeared first on [Help Net Security](https://www.helpnetsecurity.com/). --- --- title: "SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation" url: "https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html" lang: "en-US" type: "post" description: "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a" last_modified: "2026-07-02T05:46:45+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://feeds.feedburner.com/TheHackersNews?format=xml" wpe_sourcepermalink: "https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html" --- # SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue --- --- title: "Review: CTRL+ALT+PWN" url: "https://www.helpnetsecurity.com/2026/07/02/review-ctrl-alt-pwn-the-hackers-playbook/" lang: "en-US" type: "post" description: "Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition. He" last_modified: "2026-07-02T05:30:40+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.helpnetsecurity.com/feed/" wpe_sourcepermalink: "https://www.helpnetsecurity.com/2026/07/02/review-ctrl-alt-pwn-the-hackers-playbook/" --- # Review: CTRL+ALT+PWN Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition. He spent twenty-five years in healthcare compliance and privacy, leading the response to breaches and ransomware, and he writes for readers he calls non-geeks. The book reads like a tour of the criminal toolkit, narrated by … [More →](https://www.helpnetsecurity.com/2026/07/02/review-ctrl-alt-pwn-the-hackers-playbook/) The post [Review: CTRL+ALT+PWN](https://www.helpnetsecurity.com/2026/07/02/review-ctrl-alt-pwn-the-hackers-playbook/) appeared first on [Help Net Security](https://www.helpnetsecurity.com/). --- --- title: "Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS" url: "https://www.geek-guy.com/crafty-phishing-campaigns-adapt/geekguyblog/" lang: "en-US" type: "post" description: "Discover how new phishing tactics are personalizing attacks based on your device and OS, raising serious cybersecurity concerns." last_modified: "2026-07-02T05:00:59+00:00" categories: [GeekGuyBlog] tags: [cybersecurity, Data Protection, malware, Phishing, technology] custom_fields: botwriter_image_prompt_last: "cybersecurity phishing attack" botwriter_stockphoto_prompt: "cybersecurity phishing attack" botwriter_image_prompt_last_provider: "stockphoto" --- # Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS A new wave of phishing campaigns has emerged, utilizing sophisticated techniques to tailor attacks based on the victim’s device and operating system. Cybercriminals are now fingerprinting users via user-agent data to deliver customized payloads, significantly enhancing their chances of a successful breach. This alarming trend has been observed over the past few months, raising concerns among cybersecurity experts and organizations worldwide. ## Context: Understanding Phishing Threats Phishing, a method used by cybercriminals to deceive individuals into divulging sensitive information, has evolved dramatically with advancements in technology. Traditionally, phishing emails were generic, often resulting in low success rates. However, as attackers become more adept at exploiting technology, they are devising methods that increase their effectiveness. The rise of mobile devices and diverse operating systems has created a complex environment for cybersecurity. Attackers are now employing techniques to identify the specific device and OS of a target before launching an attack. This personalization not only increases the likelihood of a successful infiltration but also enhances the profitability of these campaigns. ## How the New Phishing Techniques Work At the core of these adaptive phishing strategies is the use of user-agent strings — data that browsers send to websites to identify themselves. This information can reveal the type of device, the operating system, and even the browser version used by the victim. Cybercriminals leverage this data to tailor phishing pages that appear more legitimate to the user. For example, if a victim is using a mobile device, the attacker might send a link that directs them to a mobile-optimized phishing site. This site could mimic popular banking apps or social media platforms, making it more likely that the victim will enter personal information. According to a report by cybersecurity firm Cybereason, such targeted phishing attempts have increased compromise rates by as much as 50%. ## Expert Perspectives on the Growing Threat Experts warn that the evolving tactics of cybercriminals necessitate a reevaluation of current cybersecurity measures. --- --- title: "Catching ransomware on the wire before it locks the file server" url: "https://www.helpnetsecurity.com/2026/07/02/shared-storage-ransomware-detection-research/" lang: "en-US" type: "post" description: "Corporate networks keep sensitive files off individual workstations and store them on shared servers that staff reach through mapped network drives. That arrangement hands ransomware operators a target worth chasing. A single compromised laptop can begin encrypting files that live" last_modified: "2026-07-02T05:00:12+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.helpnetsecurity.com/feed/" wpe_sourcepermalink: "https://www.helpnetsecurity.com/2026/07/02/shared-storage-ransomware-detection-research/" --- # Catching ransomware on the wire before it locks the file server Corporate networks keep sensitive files off individual workstations and store them on shared servers that staff reach through mapped network drives. That arrangement hands ransomware operators a target worth chasing. A single compromised laptop can begin encrypting files that live on a server across the building, and the encryption travels over the network as ordinary file-sharing traffic. Endpoint detection tools watch the machine they run on. When the encryption lands on a remote file server, … [More →](https://www.helpnetsecurity.com/2026/07/02/shared-storage-ransomware-detection-research/) The post [Catching ransomware on the wire before it locks the file server](https://www.helpnetsecurity.com/2026/07/02/shared-storage-ransomware-detection-research/) appeared first on [Help Net Security](https://www.helpnetsecurity.com/). --- --- title: "Elastic rebuilds its metrics engine to undercut Datadog, right as ANZ AI budgets blow out" url: "https://itwire.com/business-it-news/data/elastic-rebuilds-its-metrics-engine-to-undercut-datadog-right-as-anz-ai-budgets-blow-out" lang: "en-US" type: "post" description: "A rebuilt columnar engine, native Prometheus support and agentic investigations that start before anyone gets paged. Elastic reckons it can query metrics 30x faster than..." last_modified: "2026-07-02T04:52:54+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/business-it-news/data/elastic-rebuilds-its-metrics-engine-to-undercut-datadog-right-as-anz-ai-budgets-blow-out" --- # Elastic rebuilds its metrics engine to undercut Datadog, right as ANZ AI budgets blow out A rebuilt columnar engine, native Prometheus support and agentic investigations that start before anyone gets paged. Elastic reckons it can query metrics 30x faster than… --- --- title: "What the AI patch gap means for enterprise security" url: "https://www.helpnetsecurity.com/2026/07/02/open-source-ai-patch-gap/" lang: "en-US" type: "post" description: "Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than" last_modified: "2026-07-02T04:30:52+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.helpnetsecurity.com/feed/" wpe_sourcepermalink: "https://www.helpnetsecurity.com/2026/07/02/open-source-ai-patch-gap/" --- # What the AI patch gap means for enterprise security Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than 23,000 open-source code paths and routed verified findings to the projects that own them. Tuskira studied what happens to those findings once they reach human hands. The program reported 1,596 verified vulnerabilities, spread across hundreds … [More →](https://www.helpnetsecurity.com/2026/07/02/open-source-ai-patch-gap/) The post [What the AI patch gap means for enterprise security](https://www.helpnetsecurity.com/2026/07/02/open-source-ai-patch-gap/) appeared first on [Help Net Security](https://www.helpnetsecurity.com/). --- --- title: "Medtronic notifies customers impacted by ShinyHunters data breach" url: "https://www.bleepingcomputer.com/news/security/medtronic-notifies-customers-impacted-by-shinyhunters-data-breach/" lang: "en-US" type: "post" description: "Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party." last_modified: "2026-07-02T04:25:42+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/security/medtronic-notifies-customers-impacted-by-shinyhunters-data-breach/" --- # Medtronic notifies customers impacted by ShinyHunters data breach Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. […] --- --- title: "GitHub’s new tool helps prevent costly open-source license violations" url: "https://www.helpnetsecurity.com/2026/07/02/github-license-compliance-feature/" lang: "en-US" type: "post" description: "GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review. The feature is available to GitHub Advanced Security customers and" last_modified: "2026-07-02T04:00:33+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.helpnetsecurity.com/feed/" wpe_sourcepermalink: "https://www.helpnetsecurity.com/2026/07/02/github-license-compliance-feature/" --- # GitHub’s new tool helps prevent costly open-source license violations GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review. The feature is available to GitHub Advanced Security customers and allows them to review new dependencies in pull requests, verify that their licenses comply with organizational policies, and approve new licenses or package-specific exceptions when needed. GitHub Enterprise Cloud customers can use the License Compliance … [More →](https://www.helpnetsecurity.com/2026/07/02/github-license-compliance-feature/) The post [GitHub’s new tool helps prevent costly open-source license violations](https://www.helpnetsecurity.com/2026/07/02/github-license-compliance-feature/) appeared first on [Help Net Security](https://www.helpnetsecurity.com/). --- --- title: "Logicalis strengthens enterprise AI capability with Global Microsoft Frontier Partner status and Copilot specialisation" url: "https://itwire.com/guest-articles/company-news/logicalis-strengthens-enterprise-ai-capability-with-global-microsoft-frontier-partner-status-and-copilot-specialisation" lang: "en-US" type: "post" description: "Logicalis, the global technology service provider, has announced it has achieved Microsoft Frontier Partner status, alongside its Microsoft Copilot specialisation,..." last_modified: "2026-07-02T03:47:23+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/company-news/logicalis-strengthens-enterprise-ai-capability-with-global-microsoft-frontier-partner-status-and-copilot-specialisation" --- # Logicalis strengthens enterprise AI capability with Global Microsoft Frontier Partner status and Copilot specialisation Logicalis, the global technology service provider, has announced it has achieved Microsoft Frontier Partner status, alongside its Microsoft Copilot specialisation,… --- --- title: "Verena Siow named new SAP Regional President, Asia Pacific" url: "https://itwire.com/it-people-news/people-moves/verena-siow-named-new-sap-regional-president-asia-pacific" lang: "en-US" type: "post" description: "SAP Asia Pacific APAC announced Verena Siow as President for the APAC region, effective immediately. Based in Singapore, she will focus on driving customer success,..." last_modified: "2026-07-02T03:35:01+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/it-people-news/people-moves/verena-siow-named-new-sap-regional-president-asia-pacific" --- # Verena Siow named new SAP Regional President, Asia Pacific SAP Asia Pacific APAC announced Verena Siow as President for the APAC region, effective immediately. Based in Singapore, she will focus on driving customer success,… --- --- title: "Elastic Delivers Best-in-Class Metrics With Native Prometheus Support and Agentic Investigation Experiences" url: "https://itwire.com/business-it-news/data/elastic-delivers-best-in-class-metrics-with-native-prometheus-support-and-agentic-investigation-experiences" lang: "en-US" type: "post" description: "Native PromQL, out-of-the-box Kubernetes agentic investigations, and automated migration from Datadog and Grafana — all in the platform SREs already run for logs." last_modified: "2026-07-02T02:54:58+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/business-it-news/data/elastic-delivers-best-in-class-metrics-with-native-prometheus-support-and-agentic-investigation-experiences" --- # Elastic Delivers Best-in-Class Metrics With Native Prometheus Support and Agentic Investigation Experiences Native PromQL, out-of-the-box Kubernetes agentic investigations, and automated migration from Datadog and Grafana — all in the platform SREs already run for logs. --- --- title: "The Contact Centre Is No Longer Buying Contact Centre Technology, New APAC Research Finds" url: "https://itwire.com/guest-articles/guest-research/the-contact-centre-is-no-longer-buying-contact-centre-technology-new-apac-research-finds" lang: "en-US" type: "post" description: "CrayonIQ’s 2026 APAC Contact Centre CX Platforms with AI Buyers Guide Reveals AI Ecosystems, Hyperscalers, Emerging Partner Models And Regional Language Capability Are..." last_modified: "2026-07-02T02:20:13+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/guest-research/the-contact-centre-is-no-longer-buying-contact-centre-technology-new-apac-research-finds" --- # The Contact Centre Is No Longer Buying Contact Centre Technology, New APAC Research Finds CrayonIQ’s 2026 APAC Contact Centre CX Platforms with AI Buyers Guide Reveals AI Ecosystems, Hyperscalers, Emerging Partner Models And Regional Language Capability Are… --- --- title: "DXC Introduces DXC Private Cloud+, Bringing Greater Control, Security, and Flexibility to Enterprise Cloud" url: "https://itwire.com/business-it-news/cloud/dxc-introduces-dxc-private-cloud-bringing-greater-control-security-and-flexibility-to-enterprise-cloud" lang: "en-US" type: "post" description: "Private Cloud+ is a hybrid private cloud powered by Dell infrastructure and operated by DXC OASIS, built for enterprises and governments running sensitive and regulated..." last_modified: "2026-07-02T02:11:22+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/business-it-news/cloud/dxc-introduces-dxc-private-cloud-bringing-greater-control-security-and-flexibility-to-enterprise-cloud" --- # DXC Introduces DXC Private Cloud+, Bringing Greater Control, Security, and Flexibility to Enterprise Cloud Private Cloud+ is a hybrid private cloud powered by Dell infrastructure and operated by DXC OASIS, built for enterprises and governments running sensitive and regulated… --- --- title: "Skylight Announces Disney Mode, Bringing Beloved Characters into Everyday Family Routines" url: "https://itwire.com/guest-articles/company-news/skylight-announces-disney-mode-bringing-beloved-characters-into-everyday-family-routines" lang: "en-US" type: "post" description: "Disney Mode for Skylight Calendar makes everyday chores and routines more engaging, with featured characters celebrating kids every step of the way" last_modified: "2026-07-02T02:01:23+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/company-news/skylight-announces-disney-mode-bringing-beloved-characters-into-everyday-family-routines" --- # Skylight Announces Disney Mode, Bringing Beloved Characters into Everyday Family Routines Disney Mode for Skylight Calendar makes everyday chores and routines more engaging, with featured characters celebrating kids every step of the way --- --- title: "ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)" url: "https://isc.sans.edu/diary/rss/33120" lang: "en-US" type: "post" description: "(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License." last_modified: "2026-07-02T02:00:02+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://isc.sans.edu/rssfeed_full.xml" wpe_sourcepermalink: "https://isc.sans.edu/diary/rss/33120" --- # ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --- --- title: "NiCE Launches AI Specialization Program, Recognising Partners Driving Significant AI Outcomes for Enterprises" url: "https://itwire.com/business-it-news/data/nice-launches-ai-specialization-program-recognising-partners-driving-significant-ai-outcomes-for-enterprises" lang: "en-US" type: "post" description: "Six industry-leading partners — Accenture, Cirrus, Deloitte, Route 101, and TTEC— named as inaugural AI Specialization partners under the NiCE 360 Partner Program" last_modified: "2026-07-02T01:56:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/business-it-news/data/nice-launches-ai-specialization-program-recognising-partners-driving-significant-ai-outcomes-for-enterprises" --- # NiCE Launches AI Specialization Program, Recognising Partners Driving Significant AI Outcomes for Enterprises Six industry-leading partners — Accenture, Cirrus, Deloitte, Route 101, and TTEC— named as inaugural AI Specialization partners under the NiCE 360 Partner Program --- --- title: "Ungoverned AI Agents and Sophisticated Deepfakes Pose Critical Threats for ANZ Organisations, New KnowBe4 Research Warns" url: "https://itwire.com/guest-articles/guest-research/ungoverned-ai-agents-and-sophisticated-deepfakes-pose-critical-threats-for-anz-organisations-new-knowbe4-research-warns" lang: "en-US" type: "post" description: "Global study reveals 1 in 2 organisations in Australia and New Zealand deploy autonomous AI agents with little to no governance, while 85% of employees admit they are unlikely..." last_modified: "2026-07-02T01:50:05+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/guest-research/ungoverned-ai-agents-and-sophisticated-deepfakes-pose-critical-threats-for-anz-organisations-new-knowbe4-research-warns" --- # Ungoverned AI Agents and Sophisticated Deepfakes Pose Critical Threats for ANZ Organisations, New KnowBe4 Research Warns Global study reveals 1 in 2 organisations in Australia and New Zealand deploy autonomous AI agents with little to no governance, while 85% of employees admit they are unlikely… --- --- title: "Exabeam Expands Behavior Intelligence to Secure the Agentic Enterprise" url: "https://itwire.com/business-it-news/business-intelligence/exabeam-expands-behavior-intelligence-to-secure-the-agentic-enterprise" lang: "en-US" type: "post" description: "Exabeam, the leader in Behavior Intelligence for the agentic enterprise, today announced new capabilities that help security teams detect, investigate, and reduce risk from AI..." last_modified: "2026-07-02T01:39:04+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/business-it-news/business-intelligence/exabeam-expands-behavior-intelligence-to-secure-the-agentic-enterprise" --- # Exabeam Expands Behavior Intelligence to Secure the Agentic Enterprise Exabeam, the leader in Behavior Intelligence for the agentic enterprise, today announced new capabilities that help security teams detect, investigate, and reduce risk from AI… --- --- title: "Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector" url: "https://www.csoonline.com/article/4191923/sandbox-bypass-flaws-in-cursor-ide-highlight-prompt-injection-as-an-rce-vector.html" lang: "en-US" type: "post" description: "Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to break" last_modified: "2026-07-02T01:31:35+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.csoonline.com/feed/" wpe_sourcepermalink: "https://www.csoonline.com/article/4191923/sandbox-bypass-flaws-in-cursor-ide-highlight-prompt-injection-as-an-rce-vector.html" --- # Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as [CVE-2026-50548](https://nvd.nist.gov/vuln/detail/cve-2026-50548) and [CVE-2026-50549](https://nvd.nist.gov/vuln/detail/cve-2026-50549), allow attackers to break out of Cursor’s command execution sandbox, the protective layer that’s supposed to prevent the internal AI agent from performing rogue actions on the underlying operating system. “The exploit requires no prior user privileges or specific user interaction,” researchers from Cato Networks, who found the flaws, said in [their report](https://www.catonetworks.com/blog/duneslide-two-critical-rce-vulnerabilities/). “It is triggered when a victim makes an innocuous prompt that inadvertently ingests a threat actor-controlled payload from an untrusted source, such as an MCP server or a web search result.” Cursor, which was recently acquired by SpaceX for $60 billion in stock, produces one of the most widely used AI-assisted coding tools used in the enterprise space. The two flaws were patched in version 3.0 of the Cursor IDE, which was released in April. ## Native vulnerability in LLMs Large Language Models (LLMs) are natively vulnerable to malicious instructions that could be hidden inside the content they process. This is particularly dangerous in the age of agentic AI, where LLMs are combined with a variety of tools, including browsers and APIs that allow them to access a variety of third-party public content, such as parsing web pages in search results and RSS feeds, code in repositories, comments in bug trackers, emails in users’ inboxes, and their documents. Protecting AI tools from prompt injection is very hard, and usually involves a layered approach, including guardrails built into the model by the AI lab that created it, instructions in system prompts to treat certain content as passive data, supervisor models running on top of the LLMs that process data, traditional keyword filtering, context segmentation, granular access controls, adding humans back into the loop to approve sensitive operations and more. AI-assisted IDEs like Cursor, as well as command line agentic coding harnesses, usually prompt the user for approval by default for every file modification or command they need to execute. But this is not practical for autonomous coding workflows, and quickly leads to approval fatigue. Another way to address that issue is to run these autonomous workflows inside containers, virtualized environments, or sandboxes, so that if the agents execute malicious instructions due to rogue prompts injected in third-party data sources, the impact is limited. Cursor uses a command execution sandbox that by default limits file writes to the current project’s directory. ## Logic flaws in the isolation layer However, the Cato researchers discovered that the _run_terminal_cmd_ tool supports a parameter called _working_directory_ that allows overriding that default path programmatically. “A prompt injection (served through an innocuous MCP server request, or a poisoned web result) can steer the LLM to set the _working_directory_ to a threat actor-controlled path outside the project scope,” they explained. By exploiting this oversight, attackers could overwrite the _cursorsandbox_ executable itself from the application path, or could write malicious scripts to the shell configuration file which gets loaded every time the user executes a command, or to the system’s start-up folders such as _~/Library/LaunchAgents_ on macOS. Separately, the researchers also found that attackers could instruct the Cursor agent to create a symbolic link (symlink) file inside the project directory, pointing to a file that resides outside of the directory. “By default, the Cursor Agent attempts to canonicalize paths (resolving symlinks) to determine their true location and verify they are within the project root,” the researchers said. “The vulnerability occurs because the canonicalization logic contains a dangerous fallback: if canonicalization fails (for example, when the path doesn’t exist or if the path lacks read permissions on one of its directories), Cursor falls back to using the original symlink path inside the project directory.” These two vulnerabilities, which Cato has dubbed DuneSlide, can allow complete compromise of the underlying operating system through executing code outside of the restricted Cursor sandbox. More than that, however, they show that prompt injection can be an attack vector for exploiting vulnerabilities in the software used to implement the AI agents. Cursor is far from the only AI-powered IDE or coding harness, and, according to the researchers, not the only one that has such logic flaws in its isolation layers. “Had these issues been singular cases of compromise via prompt injections, we might have attributed them to specific vulnerabilities,” they said. “Cato AI Labs, however, is in the process of responsibly disclosing vulnerabilities in all popular coding agents, highlighting that a more systemic approach to protection is required.” --- --- title: "Anthropic shutdown shows kill switch hanging over Australian AI" url: "https://itwire.com/guest-articles/guest-opinion/anthropic-shutdown-shows-kill-switch-hanging-over-australian-ai" lang: "en-US" type: "post" description: "AI expert Rhys Oxenham says Australia has received a sharp wake-up call following the sudden decision to switch off Anthropic models earlier this month." last_modified: "2026-07-02T01:28:59+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/guest-opinion/anthropic-shutdown-shows-kill-switch-hanging-over-australian-ai" --- # Anthropic shutdown shows kill switch hanging over Australian AI AI expert Rhys Oxenham says Australia has received a sharp wake-up call following the sudden decision to switch off Anthropic models earlier this month. --- --- title: "Report: Record-breaking Year for Australian Renewables as Battery System Deployments Triple" url: "https://itwire.com/guest-articles/guest-research/report-record-breaking-year-for-australian-renewables-as-battery-system-deployments-triple" lang: "en-US" type: "post" description: "A report from SunWiz shows a record 221,000 residential solar battery systems were installed in 2025, three times the installations of 2024. In total, the year delivered 4,790..." last_modified: "2026-07-02T01:22:33+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/guest-research/report-record-breaking-year-for-australian-renewables-as-battery-system-deployments-triple" --- # Report: Record-breaking Year for Australian Renewables as Battery System Deployments Triple A report from SunWiz shows a record 221,000 residential solar battery systems were installed in 2025, three times the installations of 2024. In total, the year delivered 4,790… --- --- title: "Beyond the Essential Eight: Why Australia’s Next Cybersecurity Framework Must Focus on Identity" url: "https://itwire.com/guest-articles/guest-opinion/beyond-the-essential-eight-why-australia-s-next-cybersecurity-framework-must-focus-on-identity" lang: "en-US" type: "post" description: "For nearly a decade, the Australian Signals Directorate’s Essential Eight has served as one of the most practical and realistic cybersecurity frameworks available. It provided..." last_modified: "2026-07-02T01:16:33+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/guest-opinion/beyond-the-essential-eight-why-australia-s-next-cybersecurity-framework-must-focus-on-identity" --- # Beyond the Essential Eight: Why Australia’s Next Cybersecurity Framework Must Focus on Identity For nearly a decade, the Australian Signals Directorate’s Essential Eight has served as one of the most practical and realistic cybersecurity frameworks available. It provided… --- --- title: "Microsoft struggles to address AI notetaker governance nightmare" url: "https://www.computerworld.com/article/4191798/microsoft-struggles-to-address-ai-notetaker-governance-nightmare.html" lang: "en-US" type: "post" description: "Microsoft this week tried to address the growing challenges surrounding notetaker bots in meetings by giving IT better control over them. Microsoft’s announcement said that users of Microsoft Teams will be able to block non-Microsoft bots “even in meetings where" last_modified: "2026-07-02T01:11:34+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.computerworld.com/security/feed/" wpe_sourcepermalink: "https://www.computerworld.com/article/4191798/microsoft-struggles-to-address-ai-notetaker-governance-nightmare.html" --- # Microsoft struggles to address AI notetaker governance nightmare Microsoft this week tried to address the growing challenges surrounding notetaker bots in meetings by giving IT better control over them. [Microsoft’s announcement](https://techcommunity.microsoft.com/blog/microsoftteamsblog/introducing-smarter-bot-protection-in-microsoft-teams-meetings/4531375) said that users of Microsoft Teams will be able to block non-Microsoft bots “even in meetings where organizers allow participants to bypass the lobby.” When the feature is enabled, Teams automatically detects potential bots, places them in the meeting lobby, clearly identifies them, and prompts organizers to confirm admission, Microsoft said, and even in meetings where organizers allow human participants to bypass the lobby, bots identified through this new policy will continue to require approval before joining. “We’ve strengthened Teams’ ability to distinguish between bots and human participants as they join a meeting,” the company said. “Teams now uses a combination of behavioral and infrastructure signals to identify bots with a higher degree of accuracy. Alongside these improvements, soon we’ll introduce [a registration path for independent software vendors (ISVs)](https://learn.microsoft.com/en-us/microsoftteams/teams-bot-identification) that build meeting experiences for Microsoft Teams.” The underlying problem with the strategy is more complicated, however. Although AI bots launched by the meeting owner are typically announced at the beginning of a call, and participants’ bots announce themselves as the attendees log in, alert fatigue is diluting how carefully people watch what they say during those meetings. But the thornier issue is that meeting owners’ approval of their own bot notetakers typically happens right before the start of a call, and the host has no control over whether participants also introduce their own AI notetakers. And even if the intended topic of a call was innocuous, if someone brings up something that needs to be kept secret, such as plans for a hostile takeover or discussion about firing an employee, that is duly recorded by every bot. This expands the threat surface and increases the ways sensitive data could leak. ## Doesn’t rein in Microsoft bots Analysts and consultants agreed that any effort to restrict notetaking apps is good for enterprise IT, but some questioned whether the Microsoft effort went far enough. “Although this new capability is useful to prevent external bots from attending recurring meetings even if they were needed for just one instance, it doesn’t seem to me that it does anything to prevent Microsoft’s own bots from doing so,” said [Flavio Villanustre](https://www.linkedin.com/in/fvillanustre/), CISO for the LexisNexis Risk Solutions Group.  Indeed, the Microsoft statement solely talks about managing “external bots and their access to meetings.” In fact, Gartner VP analyst [Nader Henein](https://www.gartner.com/en/experts/nader-henein) said the limited controls that Microsoft is offering may actually dilute IT’s ability to control access to sensitive information. Allowing any additional AI notetaking “takes the option to restrict/redact off the table,” and that control is what he thinks IT leaders should demand. The only practical way to do that is to allow only one notetaking app for any meeting and it needs to be controlled by the meeting owner. “Allowing attendees to ask for an AI summary from the meeting owner and giving the owner the capacity to provide different versions that potentially shield sensitive data is a better choice for organizations looking to support better meeting follow ups without adding more work on the meeting owner,” Henein said. “It could even be set up in advance so a ‘sanitized’ summary is available for download.” [Tom Findling](https://www.linkedin.com/in/tomfindling/), CEO of Conifers.ai, agreed with Henein and argued that these notetaking app controls have to be centralized with IT. “Microsoft basically built a bouncer for meeting bots and that is a good thing. But the real risk shows up later, when a normal meeting turns into M&A, legal, HR, or board-level discussion while an AI notetaker is still running,” Findling said. “Now that transcript may be sitting in a cloud nobody approved. You do not fix that live. You fix it upfront. For legal, finance, HR, and exec meetings, external AI notetakers should be blocked by default unless explicitly approved.” ## Existing governance not enough [Sanchit Vir Gogia](https://greyhoundresearch.com/svg/), chief analyst at Greyhound Research, said the slowly changing nature of AI notetakers has allowed them to slip by IT governance rules. “A meeting note was once a harmless aid. It is now a searchable corporate record that can hold intent, allegations and material non-public information. Once a conversation is transcribed and saved, it has left the room, and it begins to travel through mail, search, and discovery with a life of its own,” Gogia said. “Microsoft’s control is useful, but should not be oversold. It detects external bots and puts them before an organizer for approval. It does not yet block them, and approval at the lobby is not a governance model. Capture also arrives by routes the lobby never sees, through browser extensions and personal devices.” Gogia also argued that the inevitable errors in these bot-generated transcripts or summaries, whether caused by hallucination or simply incorrect interpretation what was actually said, is also a massive risk. “AI summary does not merely create a record. It creates an authoritative-looking one that is often wrong and, in doing so, it inverts the burden of proof. Once a summary exists, the question shifts from proving what was said to disproving what the machine wrote,” Gogia said. “A tentative ‘we should look at acquiring them’ can harden into ‘we agreed to acquire them’ and that version becomes the default until someone corrects it.” And, noted [Justin Greis](https://acceligence.com/talent/profiles/justin-greis/), CEO of consulting firm Acceligence, the problem will only get worse as AI summary generators morph into agentic systems, with action-taking autonomous agents. “Over the next few years, we’ll see AI agents that summarize, extract decisions, assign work, update business systems, prepare follow-up documents, and collaborate with other AI systems after the meeting ends,” he said. “In fact, we are already seeing that integration happen, and it is simultaneously incredibly valuable and outrageously risky. The real question isn’t whether to allow an AI notetaker. It’s how organizations will govern an increasingly machine-readable workplace.” Greis said that he sees the Microsoft approach as a good start, “because they’re treating AI participants more like digital identities than software features.” He pointed out, “detection, verification, explicit admission, auditability, and policy-based control are exactly the kinds of enterprise controls we’ll need as AI agents become commonplace. This feels very similar to identity and access management twenty years ago. We eventually realized we weren’t managing employees, we were managing identities. AI agents deserve the same treatment.” --- --- title: "The Anthropic Fable Ban Is Over. The Battle Over How to Tame AI Has Just Begun." url: "https://www.wsj.com/tech/ai/the-anthropic-fable-ban-is-over-the-battle-over-how-to-tame-ai-has-just-begun-e93f51d6?mod=rss_Technology" lang: "en-US" type: "post" description: "Washington’s move to unblock Anthropic’s model underscores America’s divisions over how to regulate cutting-edge technology." last_modified: "2026-07-02T01:00:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://feeds.content.dowjones.io/public/rss/RSSWSJD" wpe_sourcepermalink: "https://www.wsj.com/tech/ai/the-anthropic-fable-ban-is-over-the-battle-over-how-to-tame-ai-has-just-begun-e93f51d6?mod=rss_Technology" --- # The Anthropic Fable Ban Is Over. The Battle Over How to Tame AI Has Just Begun. Washington’s move to unblock Anthropic’s model underscores America’s divisions over how to regulate cutting-edge technology. --- --- title: "Hitachi Vantara Named a Leader and Fast Mover in 2026 GigaOm Radar for Unstructured Data Management for Sixth Consecutive Year" url: "https://itwire.com/guest-articles/company-news/hitachi-vantara-named-a-leader-and-fast-mover-in-2026-gigaom-radar-for-unstructured-data-management-for-sixth-consecutive-year" lang: "en-US" type: "post" description: "Hitachi Vantara recognized for automated policy enforcement, including policy automation and classification capabilities, immutable object lock, retention and tiering policies,..." last_modified: "2026-07-02T00:31:38+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/company-news/hitachi-vantara-named-a-leader-and-fast-mover-in-2026-gigaom-radar-for-unstructured-data-management-for-sixth-consecutive-year" --- # Hitachi Vantara Named a Leader and Fast Mover in 2026 GigaOm Radar for Unstructured Data Management for Sixth Consecutive Year Hitachi Vantara recognized for automated policy enforcement, including policy automation and classification capabilities, immutable object lock, retention and tiering policies,… --- --- title: "Vect and TeamPCP partner for ransomware campaigns" url: "https://www.sophos.com/en-us/blog/vect-and-teampcp-partner-for-ransomware-campaigns" lang: "en-US" type: "post" description: "Credentials harvested through supply chain compromises enable large‑scale ransomware deployment" last_modified: "2026-07-02T00:00:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.sophos.com/en-us/blog/feed" wpe_sourcepermalink: "https://www.sophos.com/en-us/blog/vect-and-teampcp-partner-for-ransomware-campaigns" --- # Vect and TeamPCP partner for ransomware campaigns Credentials harvested through supply chain compromises enable large‑scale ransomware deployment --- --- title: "The Most Powerful Actor on the Endpoint Is No Longer Human. BeyondTrust Secures It" url: "https://itwire.com/business-it-news/data/the-most-powerful-actor-on-the-endpoint-is-no-longer-human-beyondtrust-secures-it" lang: "en-US" type: "post" description: "BeyondTrust launches AI Agent Security to enforce what AI coworkers and autonomous agents are allowed to do, in real time, before they act. New BeyondTrust Pathfinder module..." last_modified: "2026-07-01T23:59:42+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/business-it-news/data/the-most-powerful-actor-on-the-endpoint-is-no-longer-human-beyondtrust-secures-it" --- # The Most Powerful Actor on the Endpoint Is No Longer Human. BeyondTrust Secures It BeyondTrust launches AI Agent Security to enforce what AI coworkers and autonomous agents are allowed to do, in real time, before they act. New BeyondTrust Pathfinder module… --- --- title: "Malicious browser extension targets cryptocurrency users with wallet address swapping" url: "https://www.scworld.com/brief/malicious-browser-extension-targets-cryptocurrency-users-with-wallet-address-swapping" lang: "en-US" type: "post" description: "The \"Google Notes\" extension, identified by McAfee researchers, operates by requesting broad permissions, including access to all websites, browsing history, and the clipboard, which are unusual for a note-taking application." last_modified: "2026-07-01T23:52:42+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/malicious-browser-extension-targets-cryptocurrency-users-with-wallet-address-swapping" --- # Malicious browser extension targets cryptocurrency users with wallet address swapping The “Google Notes” extension, identified by McAfee researchers, operates by requesting broad permissions, including access to all websites, browsing history, and the clipboard, which are unusual for a note-taking application. --- --- title: "New Financial Year, New Workplace Priorities: The Hybrid Work Trends Shaping Australian Organisations" url: "https://itwire.com/guest-articles/guest-opinion/new-financial-year-new-workplace-priorities-the-hybrid-work-trends-shaping-australian-organisations" lang: "en-US" type: "post" description: "As Australian organisations embark on a new financial year, many are reviewing technology roadmaps, workplace strategies and operational priorities. While the debate over the..." last_modified: "2026-07-01T23:50:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://itwire.com/feed.xml" wpe_sourcepermalink: "https://itwire.com/guest-articles/guest-opinion/new-financial-year-new-workplace-priorities-the-hybrid-work-trends-shaping-australian-organisations" --- # New Financial Year, New Workplace Priorities: The Hybrid Work Trends Shaping Australian Organisations As Australian organisations embark on a new financial year, many are reviewing technology roadmaps, workplace strategies and operational priorities. While the debate over the… --- --- title: "Apple releases early security updates, citing AI-driven exploit acceleration" url: "https://www.scworld.com/brief/apple-releases-early-security-updates-citing-ai-driven-exploit-acceleration" lang: "en-US" type: "post" description: "The updates address critical flaws in WebKit, the rendering engine for Safari and other applications on Apple devices." last_modified: "2026-07-01T23:49:56+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/apple-releases-early-security-updates-citing-ai-driven-exploit-acceleration" --- # Apple releases early security updates, citing AI-driven exploit acceleration The updates address critical flaws in WebKit, the rendering engine for Safari and other applications on Apple devices. --- --- title: "Cybersecurity professionals cite agentic AI, LLMs, and cloud infrastructure breaches as top concerns" url: "https://www.scworld.com/brief/cybersecurity-professionals-cite-agentic-ai-llms-and-infrastructure-breaches-as-top-concerns" lang: "en-US" type: "post" description: "The Bitdefender 2026 Cybersecurity Assessment Report surveyed over 1,200 professionals across six countries." last_modified: "2026-07-01T23:47:08+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/cybersecurity-professionals-cite-agentic-ai-llms-and-infrastructure-breaches-as-top-concerns" --- # Cybersecurity professionals cite agentic AI, LLMs, and cloud infrastructure breaches as top concerns The Bitdefender 2026 Cybersecurity Assessment Report surveyed over 1,200 professionals across six countries. --- --- title: "Major Russian-language cybercrime forum XSS.is shut down, alleged admin arrested" url: "https://www.scworld.com/brief/major-russian-language-cybercrime-forum-xss-is-shut-down-alleged-admin-arrested" lang: "en-US" type: "post" description: "Europol coordinated the operation, dubbed Ratatouille, which dismantled XSS.is, a forum with over 50,000 members." last_modified: "2026-07-01T23:44:14+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/major-russian-language-cybercrime-forum-xss-is-shut-down-alleged-admin-arrested" --- # Major Russian-language cybercrime forum XSS.is shut down, alleged admin arrested Europol coordinated the operation, dubbed Ratatouille, which dismantled XSS.is, a forum with over 50,000 members. --- --- title: "New phishing-as-a-service platform ARToken offers advanced BEC capabilities" url: "https://www.scworld.com/brief/new-phishing-as-a-service-platform-artoken-offers-advanced-bec-capabilities" lang: "en-US" type: "post" description: "ARToken operates as an affiliate of the EvilTokens phishing-as-a-service operation, which targets Microsoft 365 accounts and bypasses multi-factor authentication." last_modified: "2026-07-01T23:35:03+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/new-phishing-as-a-service-platform-artoken-offers-advanced-bec-capabilities" --- # New phishing-as-a-service platform ARToken offers advanced BEC capabilities ARToken operates as an affiliate of the EvilTokens phishing-as-a-service operation, which targets Microsoft 365 accounts and bypasses multi-factor authentication. --- --- title: "Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack?" url: "https://grahamcluley.com/smashing-security-podcast-474/" lang: "en-US" type: "post" description: "Polymarket has built an entire business on predicting the future. So how did it manage to spectacularly fail to predict its own hack? Plus, the Google engineer with a million-dollar secret, and the curious case of the airport hairdryer. Meanwhile," last_modified: "2026-07-01T23:12:11+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://grahamcluley.com/feed/" wpe_sourcepermalink: "https://grahamcluley.com/smashing-security-podcast-474/" --- # Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack? Polymarket has built an entire business on predicting the future. So how did it manage to spectacularly fail to predict its own hack? Plus, the Google engineer with a million-dollar secret, and the curious case of the airport hairdryer. Meanwhile, “FortiBleed” sees 75,000 Fortinet firewalls thrown wide open – and the real damage is going to roll on for years. All this and more in episode 474 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Quentyn Taylor. --- --- title: "Ousaban banking trojan targets Spain and Portugal with new stealth techniques" url: "https://www.scworld.com/brief/ousaban-banking-trojan-targets-spain-and-portugal-with-new-stealth-techniques" lang: "en-US" type: "post" description: "The Ousaban campaign begins with a phishing PDF disguised as a corrupted file, prompting users to click an \"Update\" button." last_modified: "2026-07-01T23:11:55+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/ousaban-banking-trojan-targets-spain-and-portugal-with-new-stealth-techniques" --- # Ousaban banking trojan targets Spain and Portugal with new stealth techniques The Ousaban campaign begins with a phishing PDF disguised as a corrupted file, prompting users to click an “Update” button. --- --- title: "Huntress CEO addresses insider threat claims amid employee-cybercriminal communication" url: "https://www.scworld.com/brief/huntress-ceo-addresses-insider-threat-claims-amid-employee-cybercriminal-communication" lang: "en-US" type: "post" description: "The controversy surfaced when former Huntress analyst Ben Folland alleged that a current employee disclosed law enforcement inquiries to Devman, a ransomware operator believed to be based in Russia and utilizing code derived from the leaked Conti source." last_modified: "2026-07-01T22:53:27+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/huntress-ceo-addresses-insider-threat-claims-amid-employee-cybercriminal-communication" --- # Huntress CEO addresses insider threat claims amid employee-cybercriminal communication The controversy surfaced when former Huntress analyst Ben Folland alleged that a current employee disclosed law enforcement inquiries to Devman, a ransomware operator believed to be based in Russia and utilizing code derived from the leaked Conti source. --- --- title: "CIA reorganizes to embrace AI and quantum computing" url: "https://www.scworld.com/brief/cia-reorganizes-to-embrace-ai-and-quantum-computing" lang: "en-US" type: "post" description: "The CIA has reorganized key acquisition and technology directorates to prioritize emerging technologies such as AI and quantum computing." last_modified: "2026-07-01T22:49:31+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/cia-reorganizes-to-embrace-ai-and-quantum-computing" --- # CIA reorganizes to embrace AI and quantum computing The CIA has reorganized key acquisition and technology directorates to prioritize emerging technologies such as AI and quantum computing. --- --- title: "Shell injection flaw found in 10 of 11 open-source AI agents" url: "https://www.scworld.com/brief/shell-injection-flaw-found-in-10-of-11-open-source-ai-agents" lang: "en-US" type: "post" description: "The GuardFall vulnerability stems from a fundamental mismatch between how security filters inspect commands and how the Bash shell interprets and executes them." last_modified: "2026-07-01T22:42:05+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/shell-injection-flaw-found-in-10-of-11-open-source-ai-agents" --- # Shell injection flaw found in 10 of 11 open-source AI agents The GuardFall vulnerability stems from a fundamental mismatch between how security filters inspect commands and how the Bash shell interprets and executes them. --- --- title: "ScreenConnect abused to deploy AsyncRAT in widespread campaign" url: "https://www.scworld.com/brief/screenconnect-used-to-deploy-asyncrat-in-widespread-campaign" lang: "en-US" type: "post" description: "This activity is part of a large, multi-language campaign that distributes malicious installer archives hosted on spoofed websites, according to a recent report by The Hacker News." last_modified: "2026-07-01T22:30:44+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/screenconnect-used-to-deploy-asyncrat-in-widespread-campaign" --- # ScreenConnect abused to deploy AsyncRAT in widespread campaign This activity is part of a large, multi-language campaign that distributes malicious installer archives hosted on spoofed websites, according to a recent report by The Hacker News. --- --- title: "DHS revives critical infrastructure cybersecurity information sharing program" url: "https://www.scworld.com/brief/dhs-revives-critical-infrastructure-cybersecurity-information-sharing-program" lang: "en-US" type: "post" description: "ANCHOR-CI will serve as a forum for federal, state, local, tribal, and territorial government representatives to engage with private sector entities and critical infrastructure owners and operators." last_modified: "2026-07-01T22:30:10+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/dhs-revives-critical-infrastructure-cybersecurity-information-sharing-program" --- # DHS revives critical infrastructure cybersecurity information sharing program ANCHOR-CI will serve as a forum for federal, state, local, tribal, and territorial government representatives to engage with private sector entities and critical infrastructure owners and operators. --- --- title: "US DOJ seizes nearly 400 domains used for illegal World Cup streaming" url: "https://www.scworld.com/brief/us-doj-seizes-nearly-400-domains-used-for-illegal-world-cup-streaming" lang: "en-US" type: "post" description: "The US Justice Department's Criminal Division, in coordination with the International Computer Hacking and Intellectual Property (ICHIP) network, took down the domains for violating copyright laws." last_modified: "2026-07-01T22:21:46+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/us-doj-seizes-nearly-400-domains-used-for-illegal-world-cup-streaming" --- # US DOJ seizes nearly 400 domains used for illegal World Cup streaming The US Justice Department’s Criminal Division, in coordination with the International Computer Hacking and Intellectual Property (ICHIP) network, took down the domains for violating copyright laws. --- --- title: "Progress Kemp LoadMaster vulnerability actively exploited" url: "https://www.scworld.com/brief/progress-kemp-loadmaster-vulnerability-actively-exploited" lang: "en-US" type: "post" description: "The operating system command injection flaw, with a CVSS score of 9.6, enables unauthenticated attackers to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input." last_modified: "2026-07-01T22:21:18+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/progress-kemp-loadmaster-vulnerability-actively-exploited" --- # Progress Kemp LoadMaster vulnerability actively exploited The operating system command injection flaw, with a CVSS score of 9.6, enables unauthenticated attackers to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input. --- --- title: "Healthcare Cybersecurity Threats Persist in 2026 " url: "https://www.esecurityplanet.com/threats/healthcare-cybersecurity-threats-persist-in-2026/" lang: "en-US" type: "post" description: "Healthcare organizations continue to face one of the most aggressive threat environments of any industry.  According to SonicWall’s The State of Healthcare Cybersecurity in 2026 report, healthcare experiences higher malware volumes, sustained intrusion attempts, and more targeted ransomware activity than" last_modified: "2026-07-01T22:17:55+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.esecurityplanet.com/feed/" wpe_sourcepermalink: "https://www.esecurityplanet.com/threats/healthcare-cybersecurity-threats-persist-in-2026/" --- # Healthcare Cybersecurity Threats Persist in 2026  Healthcare organizations continue to face one of the most aggressive threat environments of any industry.  According to SonicWall’s [_The State of Healthcare Cybersecurity in 2026_](https://www.sonicwall.com/resources/brief/protect-brief-healthcare-2026) report, healthcare experiences higher malware volumes, sustained intrusion attempts, and more targeted ransomware activity than other sectors.  ## **Key Takeaways in Healthcare for 2026** - Healthcare averaged 102,209 malware hits per firewall during the first half of 2026 — about 4x more than the next most targeted industry. - Healthcare recorded an 83% attack retention rate, the highest of any industry, showing cyberattacks persist year over year. - Remote access infrastructure remains a major attack vector, with 13.3 million UltraVNC exploitation attempts detected in the first five months of 2026. - Connected medical devices remain a growing security challenge, with 243 unique attack methods targeting healthcare IoT devices and legacy vulnerabilities like Hikvision CVE-2021-36260 still actively exploited. - Healthcare faced 16.6 million ransomware detections across 10 active ransomware families, highlighting the sector’s continued appeal to cybercriminals. ## **Healthcare Attacks Continue to Climb in 2026** SonicWall reported that healthcare [organizations](https://www.esecurityplanet.com/threats/data-breach-at-doctors-imaging-group-exposes-sensitive-patient-information/) averaged 102,209 malware hits per firewall during the first half of 2026 — approximately four times higher than the next most targeted industry.  Additionally, healthcare demonstrated an 83% attack retention rate, meaning attack activity persisted year over year more than in any other tracked vertical.  While IPS attack volumes declined across most industries, healthcare saw only a 16.9% decrease, suggesting attackers continue to prioritize the sector.  ## **Why Healthcare Remains a Top Cyberattack Target ** One of the report’s important findings is the continued exploitation of remote access infrastructure.  SonicWall observed 13.3 million detections targeting an UltraVNC buffer overflow during the first five months of 2026.  Healthcare environments often depend on remote desktop technologies to support telemedicine, clinical staff, medical equipment vendors, and distributed facilities.  Without phishing-resistant MFA or proper network controls, these services become easy entry points for attackers.  Once credentials are compromised, traditional VPNs often grant broad network access, enabling attackers to move laterally across EHR systems, clinical applications, medical devices, and backups.  ## **Medical IoT Devices Expand the Healthcare Attack Surface** The expanding use of connected medical devices also continues to increase organizational risk.  SonicWall identified 243 unique attack methods targeting Internet of Things (IoT) devices within healthcare environments.  Devices such as infusion pumps, patient monitors, and imaging systems often cannot run endpoint security software, receive infrequent firmware updates, and share networks with sensitive clinical systems.  As a result, vulnerabilities remain exploitable for years after disclosure.  The continued exploitation of Hikvision command injection ([CVE-2021-36260](https://nvd.nist.gov/vuln/detail/CVE-2021-36260)) shows that unpatched legacy vulnerabilities remain attractive targets.  ## **Ransomware Operators Continue to Prioritize Healthcare ** [Ransomware](https://www.esecurityplanet.com/threats/university-of-mississippi-medical-center-closes-clinics-after-ransomware-attack/) remains another threat to healthcare organizations.  SonicWall identified ten active ransomware families targeting healthcare during the first half of 2026, generating approximately 16.6 million detections.  Gandcrab accounted for the highest activity, followed by JobCrypter, Filecoder, VHDLocker, and Ryuk.  Multiple ransomware groups targeting healthcare simultaneously suggest deliberate attacks driven by the sector’s limited tolerance for downtime and willingness to pay.   ## **How Zero Trust Can Help Reduce Healthcare Cybersecurity Risk ** SonicWall suggests that organizations should instead adopt [Zero Trust architectures](https://www.esecurityplanet.com/trends/zero-trust-hype-vs-reality/) to help reduce exposure. This approach limits lateral movement opportunities and helps contain the blast radius throughout clinical environments. Beyond Zero Trust adoption, the report also recommends other security measures to help reduce risk.  Organizations should restrict UltraVNC and RDP to internal networks whenever possible and require phishing-resistant [MFA](https://www.esecurityplanet.com/applications/mfa-advantages-and-weaknesses/) for all remote access, including third-party vendors.  Medical IoT devices should be segmented into dedicated network zones separate from electronic health record (EHR) systems and other sensitive resources.  Security teams should also inventory legacy software and firmware and prioritize patching, virtual patching, or compensating controls for legacy vulnerabilities like [Log4Shell](https://www.esecurityplanet.com/threats/log4shell-exploitation-grows/) and the Hikvision command injection flaw.  ## **Bottom Line** Healthcare’s cybersecurity challenges are unlikely to diminish in the near future.  As attackers continue to focus on remote access infrastructure, legacy technologies, and connected medical devices, healthcare organizations must move beyond perimeter-based mindsets.  **To address these persistent threats, healthcare organizations are using **[**Zero Trust solutions**](https://www.esecurityplanet.com/products/zero-trust-security-solutions/)** that continuously verify users and devices before granting access. ** The post [Healthcare Cybersecurity Threats Persist in 2026 ](https://www.esecurityplanet.com/threats/healthcare-cybersecurity-threats-persist-in-2026/) appeared first on [eSecurity Planet](https://www.esecurityplanet.com/). --- --- title: "Exabeam expands security platform to monitor AI agents" url: "https://www.scworld.com/brief/exabeam-expands-security-platform-to-monitor-ai-agents" lang: "en-US" type: "post" description: "The new features aim to flag anomalous interactions between humans and AI agents, as well as unauthorized autonomous activity." last_modified: "2026-07-01T22:15:47+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/exabeam-expands-security-platform-to-monitor-ai-agents" --- # Exabeam expands security platform to monitor AI agents The new features aim to flag anomalous interactions between humans and AI agents, as well as unauthorized autonomous activity. --- --- title: "Microsoft Teams enhances bot protection with human verification" url: "https://www.scworld.com/brief/microsoft-teams-enhances-bot-protection-with-human-verification" lang: "en-US" type: "post" description: "The new technology acts like a security guard, requiring a human user to verify the identity of bots in the meeting lobby before the session begins." last_modified: "2026-07-01T22:12:15+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/microsoft-teams-enhances-bot-protection-with-human-verification" --- # Microsoft Teams enhances bot protection with human verification The new technology acts like a security guard, requiring a human user to verify the identity of bots in the meeting lobby before the session begins. --- --- title: "Norton’s scam detection tool now available in Claude and ChatGPT" url: "https://www.scworld.com/brief/nortons-scam-detection-tool-now-available-in-claude-and-chatgpt" lang: "en-US" type: "post" description: "Norton Genie can analyze suspicious emails, texts, messages, images and links using multi-layered detection intelligence." last_modified: "2026-07-01T22:10:05+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/nortons-scam-detection-tool-now-available-in-claude-and-chatgpt" --- # Norton’s scam detection tool now available in Claude and ChatGPT Norton Genie can analyze suspicious emails, texts, messages, images and links using multi-layered detection intelligence. --- --- title: "RustDuck botnet rapidly evolves with migration to Rust" url: "https://www.scworld.com/brief/rustduck-botnet-rapidly-evolves-with-migration-to-rust" lang: "en-US" type: "post" description: "RustDuck targets a variety of IoT devices, including routers, cameras, and Android set-top boxes, as well as exposed servers running software like ThinkPHP and Jenkins." last_modified: "2026-07-01T22:03:45+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/brief/rustduck-botnet-rapidly-evolves-with-migration-to-rust" --- # RustDuck botnet rapidly evolves with migration to Rust RustDuck targets a variety of IoT devices, including routers, cameras, and Android set-top boxes, as well as exposed servers running software like ThinkPHP and Jenkins. --- --- title: "FortiBleed credential-theft campaign linked to Lynx ransomware" url: "https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/" lang: "en-US" type: "post" description: "The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions." last_modified: "2026-07-01T21:37:24+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/" --- # FortiBleed credential-theft campaign linked to Lynx ransomware The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. […] --- --- title: "Kubota says hackers had month-long access to network systems" url: "https://www.bleepingcomputer.com/news/security/kubota-says-hackers-had-month-long-access-to-network-systems/" lang: "en-US" type: "post" description: "Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year." last_modified: "2026-07-01T21:09:06+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/security/kubota-says-hackers-had-month-long-access-to-network-systems/" --- # Kubota says hackers had month-long access to network systems Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. […] --- --- title: "The Cost of Non-Compliance: Why AI Governance Is the New Enterprise Imperative" url: "https://hackread.com/non-compliance-ai-governance-enterprise-imperative/" lang: "en-US" type: "post" description: "AI governance helps enterprises control tool use, reduce compliance risk, protect customer data, and avoid fines as teams adopt AI faster than policy." last_modified: "2026-07-01T20:52:10+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://hackread.com/feed/" wpe_sourcepermalink: "https://hackread.com/non-compliance-ai-governance-enterprise-imperative/" --- # The Cost of Non-Compliance: Why AI Governance Is the New Enterprise Imperative AI governance helps enterprises control tool use, reduce compliance risk, protect customer data, and avoid fines as teams adopt AI faster than policy. --- --- title: "The identity crisis at the heart of AI regulation" url: "https://www.scworld.com/perspective/the-identity-crisis-at-the-heart-of-ai-regulation" lang: "en-US" type: "post" description: "AI regulation may force the internet to solve its long-standing identity problem." last_modified: "2026-07-01T20:51:45+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/perspective/the-identity-crisis-at-the-heart-of-ai-regulation" --- # The identity crisis at the heart of AI regulation AI regulation may force the internet to solve its long-standing identity problem. --- --- title: "Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS" url: "https://www.darkreading.com/application-security/phishing-campaigns-auto-adapt-victims-device-os" lang: "en-US" type: "post" description: "Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability." last_modified: "2026-07-01T20:31:21+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.darkreading.com/rss.xml" wpe_sourcepermalink: "https://www.darkreading.com/application-security/phishing-campaigns-auto-adapt-victims-device-os" --- # Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability. --- --- title: "Fake Perplexity Chrome extension spies on your searches" url: "https://www.malwarebytes.com/blog/privacy/2026/07/fake-perplexity-chrome-extension-spies-on-your-searches" lang: "en-US" type: "post" description: "Type “Perplexity” into the Chrome Web Store and you get a range of browser extensions offering access to the popular AI search service. Until last week, one of them was called “Search for perplexity ai,” and it delivered something extra" last_modified: "2026-07-01T20:11:27+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.malwarebytes.com/blog/feed/index.xml" wpe_sourcepermalink: "https://www.malwarebytes.com/blog/privacy/2026/07/fake-perplexity-chrome-extension-spies-on-your-searches" --- # Fake Perplexity Chrome extension spies on your searches Type “Perplexity” into the Chrome Web Store and you get a range of browser extensions offering access to the popular AI search service. Until last week, one of them was called “**Search for perplexity ai**,” and it delivered something extra that users hadn’t bargained for: a small hidden surveillance operation. On June 29, Microsoft’s Defender Security Research Team [revealed](https://www.microsoft.com/en-us/security/blog/2026/06/29/chromium-extension-uses-airelated-branding-redirect-browser-search/) that the extension had been impersonating the real AI search company while secretly recording what users typed. Google took it down, but users who already installed it are still at risk. ## How the extension harvested user queries The extension routed user traffic through the typosquatted domain `perplexity-ai[.]online` rather than the legitimate `perplexity.ai`. It requested `chrome_settings_overrides`, the standard permission that lets an extension become the browser’s default search engine. But it also asked for a rules-based network permission called `declarativeNetRequest` (DNR), which allowed it to send users’ searches through a server controlled by the attacker. Microsoft said this extra permission wasn’t necessary for the extension’s advertised purpose, making it a warning sign. Neither raised a flag during Web Store review, though. Using these permissions, searches entered into Chrome’s address bar were first funneled through an attacker-controlled server, allowing it to see users’ searches and log each request along with the IP address, browser headers, and user-agent string. Then it forwarded the search on to a real search engine so results came back looking normal. The extension didn’t just include Perplexity in its code. It was also able to redirect traffic to Google and Bing if the developer chose to enable it. The extension also had access to Chrome’s search suggestion feed, which powers predictive autocomplete. That meant the interception happened in real time. Anything typed, even if it was deleted before pressing Enter, still went to the operator’s server. Based on all of this, Microsoft concluded the surveillance was the point, not a side effect of the redirect architecture. No operator has been publicly identified. ## Taking it out of the store doesn’t uninstall it Google removed the extension after Microsoft’s disclosure, but that doesn’t remove it from the browsers of people who already installed it. If you added “**Search for perplexity ai**” at any point, it is still sitting in your extensions list until you uninstall it manually, which we advise you to do right away. ## How to uninstall it Open [`chrome://extensions/`](https://extensions/), turn on **Developer mode**, and check the 32-character ID of every extension you have installed. Extension names in Chrome are not unique, and criminals rely on that. Compare each ID against the one listed on the developer’s official website before you trust it. Uninstall anything you don’t use. A smaller extension list is a smaller attack surface. Only grant the permissions an extension needs to do its job. And be extra careful about checking the publisher behind an extension, along with the domains it uses. ## This is not a Perplexity-only problem A Stanford and CISPA [study](https://arxiv.org/abs/2406.12710) found that malicious extensions remain in the Chrome Web Store for about 380 days on average before removal. AI branding just makes the bait shinier and more appealing. In January, researchers [found](https://www.malwarebytes.com/blog/news/2026/01/malicious-chrome-extensions-can-spy-on-your-chatgpt-chats) malicious Chrome extensions spying on ChatGPT sessions, while a separate campaign last year [vacuumed up AI chats](https://www.malwarebytes.com/blog/news/2025/12/chrome-extension-slurps-up-ai-chats-after-users-installed-it-for-privacy) without victims’ knowledge and sent them on to a data broker. Another campaign, involving an extension called AITOPIA, [impersonated](https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html) AI-related tools and reached more than 900,000 users. That campaign targeted ChatGPT and DeepSeek chat histories rather than search queries. --- --- title: "New ChocoPoC malware targets researchers via trojanized PoC exploits" url: "https://www.bleepingcomputer.com/news/security/new-chocopoc-malware-targets-researchers-via-trojanized-poc-exploits/" lang: "en-US" type: "post" description: "Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers." last_modified: "2026-07-01T20:08:13+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/security/new-chocopoc-malware-targets-researchers-via-trojanized-poc-exploits/" --- # New ChocoPoC malware targets researchers via trojanized PoC exploits Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. […] --- --- title: "ChocoPoc malware delivered via trojanized exploits on GitHub" url: "https://www.bleepingcomputer.com/news/security/chocopoc-malware-delivered-via-trojanized-exploits-on-github/" lang: "en-US" type: "post" description: "Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data." last_modified: "2026-07-01T20:08:13+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.bleepingcomputer.com/feed/" wpe_sourcepermalink: "https://www.bleepingcomputer.com/news/security/chocopoc-malware-delivered-via-trojanized-exploits-on-github/" --- # ChocoPoc malware delivered via trojanized exploits on GitHub Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. […] --- --- title: "I tested the LG C6 OLED for a week, and its color accuracy and contrast levels left me in awe" url: "https://www.zdnet.com/article/lg-c6-oled-review/" lang: "en-US" type: "post" description: "LG's flagship OLED TV got a refresh with the C6, and continues to prove why OLED is worth the high asking price." last_modified: "2026-07-01T20:00:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.zdnet.com/news/rss.xml" wpe_sourcepermalink: "https://www.zdnet.com/article/lg-c6-oled-review/" --- # I tested the LG C6 OLED for a week, and its color accuracy and contrast levels left me in awe LG’s flagship OLED TV got a refresh with the C6, and continues to prove why OLED is worth the high asking price. --- --- title: "Rise of the machines: How to secure and win the AI revolution" url: "https://www.scworld.com/resource/rise-of-the-machines-how-to-secure-and-win-the-ai-revolution" lang: "en-US" type: "post" description: "Agentic SOC isn't here to take away your job -- it's here to make your job better." last_modified: "2026-07-01T19:53:47+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/resource/rise-of-the-machines-how-to-secure-and-win-the-ai-revolution" --- # Rise of the machines: How to secure and win the AI revolution Agentic SOC isn’t here to take away your job — it’s here to make your job better. --- --- title: "Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed" url: "https://securityaffairs.com/194599/security/oracle-e-business-suite-flaw-under-active-attack-950-systems-exposed.html" lang: "en-US" type: "post" description: "Oracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed. This week, Defused Cyber researchers warned that a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited. The flaw" last_modified: "2026-07-01T19:49:05+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://securityaffairs.com/feed" wpe_sourcepermalink: "https://securityaffairs.com/194599/security/oracle-e-business-suite-flaw-under-active-attack-950-systems-exposed.html" --- # Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed ## **Oracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed.** This week, Defused Cyber researchers warned that a critical vulnerability in Oracle E-Business Suite, tracked as [CVE-2026-46817](https://securityaffairs.com/tag/cve-2026-46817), is being actively exploited. The flaw affects Oracle Payments versions 12.2.3 through 12.2.15 and allows unauthenticated attackers to take over vulnerable systems over HTTP. Oracle [fixed](https://www.oracle.com/security-alerts/cspumay2026verbose.html) the issue in last month’s Critical Patch Update and urges customers to apply the patches immediately. Defused Cyber did not disclose technical details about the attacks that exploited the flaw or the motivation of the attackers. > ![🚨](https://s.w.org/images/core/emoji/17.0.2/72x72/1f6a8.png) CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots This vulnerability has no known previous exploitation and no public POC code… [pic.twitter.com/qL4dgPvoMP](https://t.co/qL4dgPvoMP) — Defused (@DefusedCyber) [June 29, 2026](https://x.com/DefusedCyber/status/2071555353733394618?ref_src=twsrc%5Etfw) Now, Internet monitoring firm Shadowserver counts roughly [950 EBS instances](https://dashboard.shadowserver.org/statistics/iot-devices/map/?date_range=1&vendor=oracle&model=oracle+e-business+suite&data_set=count&scale=log&auto_update=on) still reachable from the public internet, most of them in the United States. Nobody knows how many of those have been patched. _“We have improved our Oracle E-Business Suite fingerprinting by adding domain based scans in collaboration with [@ValidinLLC](https://x.com/ValidinLLC). Around 950 exposed instances now seen globally (no vulnerability assessment).” reads the post published by The Shadowserver Foundation._ > We have improved our Oracle E-Business Suite fingerprinting by adding domain based scans in collaboration with [@ValidinLLC](https://x.com/ValidinLLC?ref_src=twsrc%5Etfw). Around 950 exposed instances now seen globally (no vulnerability assessment). CVE-2026-46817 attempts have been observed in the wild by [@DefusedCyber](https://x.com/DefusedCyber?ref_src=twsrc%5Etfw) [pic.twitter.com/gghdTt5b1X](https://t.co/gghdTt5b1X) — The Shadowserver Foundation (@Shadowserver) [July 1, 2026](https://x.com/Shadowserver/status/2072267510439686276?ref_src=twsrc%5Etfw) Despite researchers confirming active exploitation of the vulnerabilities, Oracle hasn’t officially flagged this vulnerability as exploited in the wild. If your organization runs Oracle EBS and hasn’t applied it, that’s the immediate priority. If a public-facing EBS instance is genuinely required for business operations, verify it’s patched before checking anything else on your list today. If it doesn’t need to be internet-facing, take it off the internet. Shadowserver’s scan suggests the exposed population is not small, and active exploitation without a public proof-of-concept means the attacker community is already ahead of most defenders on this one. **Follow me on Twitter: **[**@securityaffairs**](https://twitter.com/securityaffairs)** and **[**Facebook**](https://www.facebook.com/sec.affairs)** and **[**Mastodon**](https://infosec.exchange/@securityaffairs)**** [**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**** **(**[**SecurityAffairs**](http://securityaffairs.co/wordpress/)** – hacking, Oracle E-Business**) --- --- title: "And the Winner in Dominant Malware Delivery? ClickFix" url: "https://www.darkreading.com/vulnerabilities-threats/winner-dominant-malware-delivery-clickfix" lang: "en-US" type: "post" description: "Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it's now the rule." last_modified: "2026-07-01T19:46:34+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.darkreading.com/rss.xml" wpe_sourcepermalink: "https://www.darkreading.com/vulnerabilities-threats/winner-dominant-malware-delivery-clickfix" --- # And the Winner in Dominant Malware Delivery? ClickFix Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it’s now the rule. --- --- title: "The 5 pillars of agentic AI security" url: "https://www.scworld.com/perspective/the-5-pillars-of-agentic-ai-security" lang: "en-US" type: "post" description: "Companies that build governance into their agentic AI programs will succeed in this new era." last_modified: "2026-07-01T19:43:40+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/perspective/the-5-pillars-of-agentic-ai-security" --- # The 5 pillars of agentic AI security Companies that build governance into their agentic AI programs will succeed in this new era. --- --- title: "Secure Amazon container workloads using container attribute-based rules in AWS Network Firewall" url: "https://aws.amazon.com/blogs/security/secure-amazon-container-workloads-using-container-attribute-based-rules-in-aws-network-firewall/" lang: "en-US" type: "post" description: "Today, you can use AWS Network Firewall to protect traffic flowing to and from containerized applications on Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS) clusters. If you run AI and machine learning (ML) workloads" last_modified: "2026-07-01T19:40:22+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://aws.amazon.com/blogs/security/feed/" wpe_sourcepermalink: "https://aws.amazon.com/blogs/security/secure-amazon-container-workloads-using-container-attribute-based-rules-in-aws-network-firewall/" --- # Secure Amazon container workloads using container attribute-based rules in AWS Network Firewall Today, you can use [AWS Network Firewall](https://aws.amazon.com/network-firewall/) to protect traffic flowing to and from containerized applications on [Amazon Elastic Kubernetes Service (Amazon EKS)](https://aws.amazon.com/eks/) and [Amazon Elastic Container Service (Amazon ECS)](https://aws.amazon.com/ecs/) clusters. If you run AI and machine learning (ML) workloads on Amazon EKS—such as model inference, RAG pipelines, or JupyterHub—your containerized workloads require the same firewall protections you enforce for traditional applications. However, traditional firewall rules rely on IP addresses, and pod IPs in Kubernetes change frequently as containers scale or restart. Writing and maintaining static firewall rules based on these ephemeral IPs, CIDRs, and subnets is difficult and error-prone, which can leave gaps in your security posture. Kubernetes Network Policies offer basic traffic control at the namespace level, operating at layers 3 and 4. Depending on your security requirements, you might need additional capabilities beyond what network policies provide: Layer 7 inspection, FQDN-based filtering, and protection from threats detected by managed IDS/IPS rules. Visibility into which pod or service generates blocked traffic is equally important, so you can troubleshoot faster and meet audit requirements. You can use container attribute-based rules for Network Firewall to define firewall rules for your containerized workloads on both Amazon EKS and Amazon ECS using native container attributes, rather than relying on ephemeral IP addresses. For Amazon EKS, these attributes include namespaces, pod names, cluster names, and labels. This reduces the need to maintain IP-based rules in dynamic container environments. While this capability supports both Amazon EKS and Amazon ECS, this post focuses on Amazon EKS. Your containerized workloads get the same Network Firewall capabilities you use today. There is no additional charge for the feature itself, because it’s included in the base tier of Network Firewall. ## **How it works** When you create a container association and link it to your EKS cluster, Network Firewall automatically discovers and tracks the pods that match your defined attributes (namespace, labels, cluster name) and resolves them to their current IP addresses. As pods scale up or restart, the firewall dynamically updates the IP-to-attribute mapping in near real-time and no manual rule updates are required. This approach keeps your firewall rules accurate in dynamic environments while minimizing performance impact on the EKS cluster. In multi-cluster environments, this feature enables centralized cross-cluster traffic inspection for any traffic that passes through the firewall. Container attribute-based rules also enrich firewall alert logs with container context. Alert logs now include a new metadata field with the container association name associated with the matched rule. This gives security teams the ability to trace blocked, allowed, or alerted traffic directly back to the originating workload. Network Firewall exports these enriched logs to [Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html) and [Amazon Simple Storage Service (Amazon S3)](https://aws.amazon.com/s3), from where you can forward them to the SIEM of your choice. To bind these attribute groups to running workloads, Network Firewall continuously watches your EKS cluster for pod lifecycle events (create and delete) across the namespaces covered by your container association definition. This definition is stored in a container association, keyed by attribute name and value. When published, you reference these @ aliases in stateful Suricata rules. The following are some common patterns: - **Pod group rules:** Allow only payment-service pods to reach the external payment gateway over TLS: ```text pass tls @ecommerce_pods any -> any 443 (msg:"allow ecommerce to payment gateway"; tls.sni; content:“checkip.amazonaws.com”; flow:to_server,established; sid:1; rev:1;) ``` - **Layer 7 application rules** : Enforce block from all pods from reaching malicious destinations: ```text drop tls @all-pods any -> $EXTERNAL_NET any (msg:"Block malicious sites"; aws_domain_category:malicious-sites; sid:10; rev:1;) ``` At packet evaluation time, Network Firewall expands each @ reference against the current catalog. When pods scale, restart, or move between nodes, the controller refreshes group membership, and the firewall picks up the new IPs, hence no rule edits or operator intervention is required. Each match—whether alert, pass, or drop—streams to the logging destination of your choice with container context. This gives your team a real-time, auditable view of policy effectiveness and a feedback loop for tuning rules and pod-group definitions over time. ## **Getting started** The Network Firewall container attribute-based rules for Amazon container workloads can be configured using the AWS Management Console for [Amazon Virtual Private Cloud (Amazon VPC](https://aws.amazon.com/vpc)), [AWS Command Line Interface (AWS CLI)](https://aws.amazon.com/cli), or AWS SDK by creating a container association. This container association then can be used to create attribute-based Network Firewall rules. ### **Prerequisites** This walkthrough requires an existing Network Firewall configured to filter traffic through your Amazon VPC. If you haven’t set one up yet, see [Getting started with AWS Network Firewall](https://docs.aws.amazon.com/network-firewall/latest/developerguide/getting-started.html). **Step 1 – Create a container association:** - In the AWS VPC console, navigate to **Network Firewall**, select **Container associations**. Choose **Create container association**. - Enter a **Name** and optional **Description **for this container association. - Under **Cluster configuration**, select the **Cluster type** and select your EKS cluster from the **Cluster** drop down. - For **Attribute filters**, configure the EKS attribute to identify which pods to associate: **Attribute key**: Enter the attribute key defined in your EKS cluster (for example, namespace, pod, cluster, or custom label key). - **Attribute value**: Enter an attribute key value defined in your EKS cluster. ![Figure 1: Create container association](https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2026/06/29/Figure-1-3.png) Figure 1: Create container association **Step 2 – Create an attribute-based firewall rule:** - In the AWS VPC console, navigate to **Network Firewall**, then select **Network Firewall rule groups**. - Select **Create rule group**. - For **Rule group type**, select **Stateful rule group**. - For **Rule group format**, select **Suricata compatible rule string**.** ![Figure 2: Rule group selection](https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2026/06/29/Figure-2-4.png) Figure 2: Rule group selection - For Rule evaluation order**, select **Strict order**. Choose **Next**. - Under **Describe rule group**, enter a **Name**,** Description**, and **Capacity** for the **rule group**. Choose **Next**.** ![Figure 3: Describe rule group](https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2026/06/29/Figure-3-3.png) Figure 3: Describe rule group - Under IP set references**, enter a variable name and from the **resource ID** drop-down**, **select the container association created in **step 1**. - Under **Suricata compatible rule string**, enter your Suricata rule string. The following is a sample string used for this post: ```text pass tls @ecommerce_pods any -> any any (msg:"allow ecommerce to payment gateway"; flow:to_server; tls.sni; dotprefix; content:".checkip.amazonaws.com"; endswith; nocase; alert; sid:101; rev:1;) reject tls @ecommerce_pods any -> any 443 (msg:"block ecommerce pods to external ecommerce website"; flow:to_server; tls.sni; dotprefix; content:".amazon.com"; endswith; nocase; alert; sid:104; rev:1;) ``` ![Figure 4: Configure rules](https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2026/06/29/Figure-4-1.png) Figure 4: Configure rules - Choose **Next.** - Enter the details if required on the next options. For this post, we’re using the default values. - On the review and create page, choose **Create rule group**. ### **Tests and results** To verify these rules are working as expected, test using the curl command on a pod in the ecommerce namespace. A curl request to www.amazon.comshould fail, because action=rejectis defined in the Suricata rule string. Similarly, a request to the payment gateway URL should succeed, because action=passis defined in the Suricata rule string. **Test 1 – Allowed traffic:** ```text kubectl exec -n ecommerce deployment/payment-service -- curl -sk --max-time 5 -w "nHTTP_CODE:%{http_code}n" https://checkip.amazonaws.com/ HTTP_CODE:200 ``` **Test 2 – Blocked traffic:** ```text kubectl exec -n ecommerce deployment/payment-service -- curl -sk --max-time 5 https://www.amazon.com 2>&1 curl: (35) Recv failure: Connection reset by peer command terminated with exit code 35 ``` Container association can also be used in a Standard stateful rules format. ## **Considerations** There are several important considerations when adopting this feature. - Source NAT (SNAT) must be disabled so that the Network Firewall can see pod IP addresses. If SNAT remains enabled, only the node IP will be visible, preventing granular pod-level egress controls. - This feature can’t enforce security on pod-to-pod traffic within the same node, because that traffic doesn’t traverse the Network Firewall endpoint. A separate solution is needed for this use case. - Performance impact can vary based on rule complexity and traffic volume. ## **Conclusion** In this post, you learned how container attribute-based rules for AWS Network Firewall solve the challenge of securing dynamic containerized workloads. You explored how the feature maps Kubernetes attributes such as namespaces, pod names, cluster names, and labels to firewall rules, eliminating the need to track ephemeral IP addresses. You walked through how to create a container association to link your EKS cluster attributes to Network Firewall, and then how to reference that association using IP set references in Suricata compatible rule strings. This gives you granular traffic control of your Amazon EKS workloads with the same Network Firewall capabilities as traditional applications including layer 7 inspection, FQDN filtering, TLS decryption, and managed IDS/IPS rules along with enriched logging that traces traffic back to the originating workload. If you have feedback about this post, submit comments in the **Comments** section below. --- ![Amit Gaur](https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2025/06/15/Amit-Gaur.jpg) ### Amit Gaur Amit, a Cloud Infrastructure Architect at AWS, brings his passion for technology and knowledge-sharing to the networking community. Specializing in network architecture design, he helps customers build highly scalable and resilient environments on AWS. Through technical guidance and architectural expertise, Amit enables customers to accelerate their cloud adoption journey while making sure their systems are built for scale and reliability. ![Preetkumar Shah](https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2026/06/29/Preetkumar-Shah.jpeg) ### Preetkumar Shah Preetkumar is a Technical Account Manager at AWS, based in Atlanta, GA. He specializes in helping customers design and operate secure, scalable network architectures in the cloud. At AWS, he works with SMB customers and collaborates closely with service teams to proactively resolve complex challenges and ensure customers get the most from their AWS environment. Outside of work, his interests include spending time with family and going on trails. ![Akash Kuman Sinha](https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2026/06/29/Akash-Kuman-Sinha.jpg) ### Akash Kumar Sinha Akash is a DevOps Consultant and GenAI Ambassador at AWS, where he helps customers transform their cloud operations through containerization and modern delivery practices. He specializes in container orchestration and DevOps automation, and is a regular speaker at AWS events across Europe. Outside of work, Akash is passionate about knowledge-sharing and exploring the intersection of generative AI and cloud-native innovation. ![](https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2024/12/05/amishsh.jpg) ### Amish Shah Amish is a seasoned product leader with over 15 years of experience in developing innovative and scalable solutions for networking, security, and cloud use cases. He currently leads the AWS Network Firewall service, where he helps to develop security solutions that protect AWS workloads. Outside of work, Amish enjoys playing cricket and soccer, loves to travel, and has recently started collecting niche fragrances. --- --- title: "Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters" url: "https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html" lang: "en-US" type: "post" description: "Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug," last_modified: "2026-07-01T19:40:06+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://feeds.feedburner.com/TheHackersNews?format=xml" wpe_sourcepermalink: "https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html" --- # Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component’s internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD’s maintainers in --- --- title: "19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges" url: "https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html" lang: "en-US" type: "post" description: "A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and" last_modified: "2026-07-01T19:28:07+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://feeds.feedburner.com/TheHackersNews?format=xml" wpe_sourcepermalink: "https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html" --- # 19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody. Finnish police --- --- title: "Phishing Tactics Target Session Tokens and Deliver Malware " url: "https://www.esecurityplanet.com/threats/phishing-tactics-target-session-tokens-and-deliver-malware/" lang: "en-US" type: "post" description: "Barracuda’s June 2026 research shows phishing campaigns are evolving beyond credential theft to session hijacking, authentication attacks, and malware delivery.  Attackers now abuse legitimate Microsoft services, short-lived phishing infrastructure, and advanced evasion techniques to bypass security controls and users.   “Cybercriminals" last_modified: "2026-07-01T19:23:36+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.esecurityplanet.com/feed/" wpe_sourcepermalink: "https://www.esecurityplanet.com/threats/phishing-tactics-target-session-tokens-and-deliver-malware/" --- # Phishing Tactics Target Session Tokens and Deliver Malware  Barracuda’s June 2026 [research](https://blog.barracuda.com/2026/06/29/email-threat-radar-june-2026) shows phishing campaigns are evolving beyond credential theft to session hijacking, authentication attacks, and malware delivery.  Attackers now abuse legitimate Microsoft services, short-lived phishing infrastructure, and advanced evasion techniques to bypass security controls and users.   “Cybercriminals are creative and can leverage legitimate applications, systems that people already trust, and short-lived infrastructure,” said Merium Khalid, Director of AI and Automation at Barracuda, in an email to eSecurityPlanet. Merium added, “Businesses need controls to identify and investigate signs of unusual behavior after credentials, tokens, or account access have been exposed.”  ## **Key Takeaways** - Barracuda found phishing campaigns increasingly target session tokens, Microsoft authentication, and malware delivery instead of relying solely on credential theft. - The Tycoon 2FA phishing-as-a-service (PhaaS) platform abuses legitimate Microsoft login pages and OAuth permissions to compromise Microsoft 365 accounts. - Attackers are using device code phishing, CAPTCHA verification, self-expiring phishing pages, and split-click techniques to evade traditional security controls. - Phishing campaigns are increasingly delivering fileless malware and obfuscated JavaScript payloads to establish persistence and evade endpoint detection.  ## **How Attackers Abuse Microsoft Authentication for Phishing ** One of the most notable campaigns analyzed by Barracuda leverages the Tycoon 2FA phishing-as-a-service (PhaaS) platform to abuse a legitimate Microsoft login page. Victims receive convincing emails warning that their mailbox is nearly full, along with a calendar invitation that appears to originate from Microsoft security.  Instead of directing users to a fake website, the phishing campaign routes victims through a legitimate Microsoft authentication page associated with an attacker-controlled Microsoft Entra application. After users authenticate, attackers capture their session tokens and OAuth permissions, allowing immediate access to Microsoft 365 services.  In some cases, victims are subsequently redirected to a fake login page to steal their passwords as well. Because the attack uses genuine Microsoft infrastructure, it can bypass URL reputation checks while making phishing detection more difficult. ## **How Device Code Phishing Evades Traditional Defenses ** Barracuda researchers also observed new variations of device code phishing designed to evade automated security tools. Rather than embedding suspicious links directly in phishing emails, attackers place them inside PDF attachments, reducing the likelihood of detection by URL scanning technologies.  The attached PDF directs victims through a fake Microsoft device authentication workflow that mimics legitimate device registration. The campaign incorporates CAPTCHA verification to block automated analysis and uses self-expiring phishing pages that automatically disappear after a predefined period.  This built-in kill switch limits forensic investigation while reducing opportunities for defenders to identify malicious infrastructure after an attack. ## **Advanced Phishing Evasion Techniques Bypass Detection ** Researchers also documented an unusual “split-click” phishing technique. Emails contain a single “Resolve Issue” button that behaves differently depending on where users click.  Selecting the top portion opens a legitimate Microsoft webpage, while clicking the lower section silently redirects victims through a malicious phishing chain associated with the Sneaky 2FA platform. The attack uses browser-generated blob URLs that are dynamically created at runtime, making them more difficult for traditional security tools to inspect or block. These techniques demonstrate how attackers continue developing methods specifically designed to bypass automated analysis and security testing. ## **Phishing Shifts from Credential Theft to Malware Delivery ** Barracuda also identified a growing trend toward malware delivery through phishing campaigns. In one campaign, victims attempting to download what appeared to be a PDF invoice instead received an obfuscated JavaScript file containing hidden malicious code.  The script uses steganography and obfuscation techniques to conceal its payload before gathering system information, establishing persistence, and downloading additional malware. Another campaign impersonated the U.S. Social Security Administration to distribute fileless malware.  The malicious JavaScript reconstructed hidden URLs, downloaded secondary payloads, and executed them directly in memory using Windows ActiveX components, reducing visibility to traditional endpoint defenses. Researchers also observed multi-stage Microsoft impersonation attacks that redirected victims through fake OneDrive and Excel login pages to further improve credential theft success rates. ## **How to Defend Against Modern Email Phishing Attacks ** Barracuda recommends that organizations expand phishing defenses beyond password protection by focusing on identity security and behavioral detection. Key defensive measures include: - Protect authentication tokens and identities in addition to passwords. - Monitor calendar invitations, attachments, OAuth activity, and authentication flows. - Deploy [behavioral](https://www.esecurityplanet.com/products/best-user-and-entity-behavior-analytics-ueba-tools/) detection capable of identifying evasive phishing techniques. - Strengthen attachment and [endpoint](https://www.esecurityplanet.com/products/edr-solutions/) protection against embedded and fileless malware. - Improve [incident response](https://www.esecurityplanet.com/networks/incident-response/) speed to address short-lived phishing infrastructure. - Update security awareness [training](https://www.esecurityplanet.com/products/cybersecurity-training/) to reflect modern phishing techniques that abuse legitimate cloud services. ## **Bottom Line** Barracuda’s latest research shows phishing attacks have evolved beyond just fake login pages to abuse trusted Microsoft infrastructure, authentication tokens, advanced evasion, and malware delivery.  **As phishing attacks increasingly target identities, authentication tokens, and trusted cloud services, adopting **[**zero trust solutions**](https://www.esecurityplanet.com/products/zero-trust-security-solutions/)** can help organizations reduce overall risk.** The post [Phishing Tactics Target Session Tokens and Deliver Malware ](https://www.esecurityplanet.com/threats/phishing-tactics-target-session-tokens-and-deliver-malware/) appeared first on [eSecurity Planet](https://www.esecurityplanet.com/). --- --- title: "Researchers spot exploitation of another critical Oracle defect" url: "https://cyberscoop.com/oracle-ebs-critical-vulnerability-exploited/" lang: "en-US" type: "post" description: "A cybercriminal exploited a critical defect Saturday in the payments processing feature of Oracle E-Business Suite that could mark the early stages of a potentially broader campaign, researchers said. Defused, a threat intelligence firm, spotted six instances of exploitation during" last_modified: "2026-07-01T19:23:26+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://cyberscoop.com/feed/" wpe_sourcepermalink: "https://cyberscoop.com/oracle-ebs-critical-vulnerability-exploited/" --- # Researchers spot exploitation of another critical Oracle defect A cybercriminal exploited a critical defect Saturday in the payments processing feature of Oracle E-Business Suite that could mark the early stages of a potentially broader campaign, researchers said. Defused, a threat intelligence firm, spotted six instances of exploitation during a two-hour window on its honeypots, or decoys designed to monitor malicious activity in non-production environments, Simo Kohonen, founder and CEO of the company, told CyberScoop. Oracle [disclosed and patched](https://www.oracle.com/security-alerts/cspumay2026.html) the vulnerability, which is tracked as [CVE-2026-46817](https://nvd.nist.gov/vuln/detail/CVE-2026-46817) with a 9.8 severity rating, in late May and warned that exploitation complexity is low. Kohonen said the exploits were attributed to a single IP address and occurred before any proof-of-concepts were publicly available.  “With only one IP and one day of data, it reads more like reconnaissance and weaponization testing than a targeted campaign against a specific victim,” he added. The potential expansion of malicious activity on live networks could be significant. Shadowserver scans found [about 950 potentially vulnerable instances](https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=other_range&d1=2026-06-27&d2=2026-06-30&vendor=oracle&model=oracle+e-business+suite&dataset=count&limit=10000&group_by=geo&stacking=stacked&auto_update=on) of Oracle E-Business Suite on Wednesday, and more than half of those publicly exposed deployments are based in the United States.  The defect impacts a popular collection of business applications that attackers have hit before in widespread attack sprees.  The notorious Clop ransomware group attempted to extort [dozens of victims](https://cyberscoop.com/oracle-customers-attacks-clop-google-mandiant/) after it exploited a zero-day and other vulnerabilities in Oracle E-Business Suite last year. The aggressive extortion campaign got underway in October, roughly two months after Clop exploited the defect and stole data en masse. Oracle customers were more recently impacted by an actively exploited [zero-day vulnerability in PeopleSoft](https://cyberscoop.com/oracle-peoplesoft-zero-day-vulnerability-shinyhunters-extortion/), which includes more than 40 tools for human resources and customer relationship management.  ShinyHunters, the group behind that attack spree dating back to late May, potentially infiltrated the networks of more than 100 organizations mostly in higher education, according to Mandiant and Google Threat Intelligence Group. The post [Researchers spot exploitation of another critical Oracle defect](https://cyberscoop.com/oracle-ebs-critical-vulnerability-exploited/) appeared first on [CyberScoop](https://cyberscoop.com/). --- --- title: "I wore the Oura Ring 5 for a month, and it’s an even bigger upgrade than expected" url: "https://www.zdnet.com/article/oura-ring-5-review/" lang: "en-US" type: "post" description: "However, you're really buying the Oura Ring 5 for one reason." last_modified: "2026-07-01T19:12:00+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.zdnet.com/news/rss.xml" wpe_sourcepermalink: "https://www.zdnet.com/article/oura-ring-5-review/" --- # I wore the Oura Ring 5 for a month, and it’s an even bigger upgrade than expected However, you’re really buying the Oura Ring 5 for one reason. --- --- title: "Microsoft Azure’s CLI target of automated password spray attacks" url: "https://www.scworld.com/news/microsoft-azures-cli-target-of-automated-password-spray-attacks" lang: "en-US" type: "post" description: "Huntress researchers saw 78 user accounts compromised across 64 organizations." last_modified: "2026-07-01T19:09:57+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.scworld.com/feed/topic/latest" wpe_sourcepermalink: "https://www.scworld.com/news/microsoft-azures-cli-target-of-automated-password-spray-attacks" --- # Microsoft Azure’s CLI target of automated password spray attacks Huntress researchers saw 78 user accounts compromised across 64 organizations. --- --- title: "Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution" url: "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2026-066" lang: "en-US" type: "post" description: "Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Campaign Classic is an enterprise-grade marketing automation platform that helps organizations design, automate, and track complex, personalized cross-channel marketing campaigns.Adobe ColdFusion" last_modified: "2026-07-01T19:09:27+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.cisecurity.org/feed/advisories" wpe_sourcepermalink: "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2026-066" --- # Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. - Adobe Campaign Classic is an enterprise-grade marketing automation platform that helps organizations design, automate, and track complex, personalized cross-channel marketing campaigns. - Adobe ColdFusion is a commercial rapid web application development platform used to build and deploy dynamic web and mobile applications. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. --- --- title: "Your old Android phone can be turned into a dashcam for free – how I did it in 5 easy steps" url: "https://www.zdnet.com/article/how-to-turn-phone-into-dashcam-for-free/" lang: "en-US" type: "post" description: "Want a dashcam? Before buying one, repurpose an old phone. It's free, takes minutes, and works well." last_modified: "2026-07-01T19:00:08+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.zdnet.com/news/rss.xml" wpe_sourcepermalink: "https://www.zdnet.com/article/how-to-turn-phone-into-dashcam-for-free/" --- # Your old Android phone can be turned into a dashcam for free – how I did it in 5 easy steps Want a dashcam? Before buying one, repurpose an old phone. It’s free, takes minutes, and works well. --- --- title: "Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution" url: "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2026-065" lang: "en-US" type: "post" description: "Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Thunderbird is a free, open-source email, calendar, and chat application.Successful exploitation of" last_modified: "2026-07-01T18:48:04+00:00" categories: [Global Security News] custom_fields: wpe_campaignid: 53 wpe_feed: "https://www.cisecurity.org/feed/advisories" wpe_sourcepermalink: "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2026-065" --- # Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.  - Mozilla Firefox is a web browser used to access the Internet. - Thunderbird is a free, open-source email, calendar, and chat application. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. ---