Industrial Sector
- ABB T-MAC Plus
"ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. An attacker who successfully exploited any of these vulnerabilities could potentially compromise the system in different ways."
https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-03
- Rockwell Automation 1715-AENTR EtherNet/IP Adapter
"Successful exploitation of this vulnerability could allow an attacker to read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device."
https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-04
- ABB Advant Master Online Builder
"ABB became aware of vulnerability in the products versions listed as affected in the advisory, where an incorrect version of Online Builder (ONB) was included in the media. An update is available that resolves the vulnerability, see details in Recommended immediate actions."
https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-01
- ABB Ability Edgenius
"ABB is aware of public reports of a vulnerability CVE‑2026‑31431 (Copy Fail) in the product versions listed as affected in the advisory. An update is available that resolves a publicly reported vulnerability. CVE‑2026‑31431 (Copy Fail) is a Linux kernel vulnerability that may allow a locally authenticated user or compromised container workload to gain elevated (root) privileges on affected systems. Once root access is obtained, the attacker can effectively gain complete control of the system"
https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-02
New Tooling
Chatto: Open-Source Team Messenger With Privacy At Its Core
"Teams that want their group chats off commercial platforms have a growing menu of self-hosted options. Chatto joined that group when its developer released the code under an open-source license and posted binaries for anyone to run on their own hardware. The software aims at the same ground as the large team messaging services, and it keeps message data on infrastructure the operator controls. Installation runs through a single executable. An operator drops the binary onto a machine, runs it, and gets a working chat server that serves its own web frontend. Builds exist for Linux on x86_64 and ARM64, macOS, and Windows. A basic setup needs no separate database, and larger deployments scale out with Docker Compose or Kubernetes."
https://www.helpnetsecurity.com/2026/07/14/chatto-self-hosted-chat-app-privacy/
https://github.com/chattocorp/chatto
Vulnerabilities
- SonicWall Warns Of SMA1000 Flaws Exploited In Zero-Day Attacks, Patch Now
"SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates. CVE-2026-15409 is a critical (CVSS 10.0) server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface that allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations. CVE-2026-15410 is a high-severity (CVSS 7.2) post-authentication code injection flaw in the SMA1000 Appliance Management Console that could allow a remote authenticated administrator to execute arbitrary operating system commands."
https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-flaws-exploited-in-zero-day-attacks-patch-now/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008
https://www.helpnetsecurity.com/2026/07/14/sonicwall-sma-attacks-via-cve-2026-15409-cve-2026-15410/
- SAP Warns Of Critical Flaws In NetWeaver And Commerce Cloud
"SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. The first critical issue patched this month is a memory corruption security issue (tracked as CVE-2026-44747) stemming from an out-of-bounds write weakness in the NetWeaver Application Server ABAP (AS ABAP), the runtime environment, application server, and development platform for core SAP enterprise software."
https://www.bleepingcomputer.com/news/security/sap-warns-of-critical-flaws-in-netweaver-and-commerce-cloud/
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2026.html
https://thehackernews.com/2026/07/sap-patches-cvss-99-netweaver-abap-flaw.html
https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver-approuter-commerce-cloud/
- 7 Severe Vulnerabilities Patched In VMware Avi Load Balancer
"Broadcom announced on Tuesday that new VMware Avi Load Balancer updates patch several critical and high-severity vulnerabilities. VMware Avi Load Balancer is a software-defined platform that provides load balancing, application security, and analytics for applications in hybrid and multi-cloud environments. According to Broadcom, two external researchers recently discovered that the VMware product is affected by seven potentially serious vulnerabilities."
https://www.securityweek.com/7-severe-vulnerabilities-patched-in-vmware-avi-load-balancer/
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37926
- CISA Urges SharePoint Hardening After New Exploitations
"CISA is aware of active exploitation of vulnerabilities CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, enabling cyber threat actors to gain unauthorized access to on-premises SharePoint Server instances. These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware. Organizations should monitor affected SharePoint Servers closely for any signs of exploitation or unusual activity."
https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-urges-sharepoint-hardening-after-new-exploitations
- Microsoft July 2026 Patch Tuesday Fixes Massive 570 Flaws, 3 Zero-Days
"Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploited in attacks and one publicly disclosed. Patch Tuesday addresses 59 "Critical" vulnerabilities, 48 of which are remote code execution, 9 are elevation of privilege, 1 is a security bypass, and 1 is a spoofing."
https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2026-patch-tuesday-fixes-massive-570-flaws-3-zero-days/
https://blog.talosintelligence.com/microsoft-patch-tuesday-july-2026/
https://thehackernews.com/2026/07/microsoft-patches-record-622-flaws.html
https://www.darkreading.com/vulnerabilities-threats/records-broken-patch-tuesday-raises-triage-stakes
https://cyberscoop.com/microsoft-patch-tuesday-july-2026/
https://www.securityweek.com/microsoft-patches-record-622-vulnerabilities-including-two-exploited-zero-days/
https://securityaffairs.com/195347/security/patch-tuesday-security-updates-for-july-2026-the-largest-update-ever-621-cves-in-one-month.html
- Adobe Patches Critical ColdFusion Vulnerabilities
"Adobe on Tuesday rolled out security updates for 12 products to address 88 vulnerabilities, including critical-severity bugs in ColdFusion, Commerce, Experience Manager, and Illustrator. Out of 13 security defects resolved in ColdFusion, eight – CVE-2026-48318, CVE-2026-48322, CVE-2026-48284, CVE-2026-48321, CVE-2026-48325, CVE-2026-48319, CVE-2026-48324, and CVE-2026-48327 – are critical issues that could lead to arbitrary code execution and privilege escalation."
https://www.securityweek.com/adobe-patches-critical-coldfusion-vulnerabilities/
- CISA Adds Four Known Exploited Vulnerabilities To Catalog
"CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability
CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability"
https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-adds-four-known-exploited-vulnerabilities-catalog
- Progress Confirms ShareFile Zero-Day Flaw Behind Storage Zone Shutdown
"Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates to patch the flaw. Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a "credible external security threat." At the time, the company temporarily disabled access to all ShareFile accounts using Storage Zone Controllers while it investigated the incident with cybersecurity experts."
https://www.bleepingcomputer.com/news/security/progress-confirms-sharefile-zero-day-flaw-behind-storage-zone-shutdown/
- Cursor 0day: When Full Disclosure Becomes The Only Protection Left
"Sometimes security research uncovers deeply technical vulnerabilities that require pages of explanation. This isn't one of those cases. This bug is simple. A developer opens a repository in Cursor on Windows, and if that repository contains a malicious git.exe in the project root, Cursor will execute it automatically. There are no clicks, prompts, approval dialogs, or warnings. The result is arbitrary code execution."
https://mindgard.ai/blog/cursor-0day-when-full-disclosure-becomes-the-only-protection-left
https://www.darkreading.com/application-security/cursor-ide-malicious-code-poisoned-repos
- Tego AI Finds Anthropic’s Claude Tag Slack Integration Can Trigger Unauthorized Enterprise Actions
"Drop a line of text into the right Slack channel and Claude will act on it. It doesn't matter who you are — in the workspace or not, in the channel or not, a human or not. A bot, a webhook, an RSS feed, a scraped web page: if the text contains @Claude, the agent wakes up and starts following instructions, under your organization's own credentials."
https://www.tego.ai/blog/tego-ai-finds-anthropics-claude-tag-slack-integration-can-trigger-unauthorized-enterprise-actions
- Forgotten UEFI Shims Undermining Secure Boot
"ESET researchers identified 11 old and forgotten UEFI shim bootloaders at versions 0.9 and below that can be used to bypass UEFI Secure Boot on any UEFI-based machine that trusts Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate authority (CA) certificate, regardless of the installed operating system (OS). Reported shims can be exploited to execute untrusted code during system boot, enabling attackers to deploy malicious UEFI bootkits (such as Bootkitty, HybridPetya, or BlackLotus) even on systems with UEFI Secure Boot enabled. We reported our findings to CERT/CC in February 2026, and the vulnerable UEFI applications were revoked on Microsoft’s June 9th, 2026 Patch Tuesday."
https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/
https://thehackernews.com/2026/07/11-old-microsoft-signed-linux-uefi.html
https://www.helpnetsecurity.com/2026/07/14/eset-uefi-secure-boot-bypass/
- ClaudeBleed Reopened: Browser Extensions Can Still Push Claude For Chrome To Read Your Gmail
"We identified two vulnerabilities in Anthropic's Claude for Chrome browser extension that remain unpatched in v1.0.80, eight releases after we reported them to Anthropic in May. The first is a working attack delivered via any browser extension. Any browser extension with a content script on claude.ai can trigger Claude to execute one of nine prompts that read the victim's Gmail, Google Docs, and Calendar, by injecting a DOM element and dispatching a synthetic click. CVSS 7.7 High in default mode (coerced approval), 9.6 Critical when the user has previously enabled "Act without asking" (silent execution)."
https://www.manifold.security/blog/claude-for-chrome-extension-bypass
https://thehackernews.com/2026/07/claude-for-chrome-flaw-lets-other.html
https://www.securityweek.com/unpatched-claude-for-chrome-flaw-lets-extensions-read-gmail-calendar/
- Study Of 85 Crypto Wallet Extensions Finds Address Leaks And Cross-Site Tracking Risks
"Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or email, the same leaks can put a real name to an "anonymous" crypto identity. This is not a hack. The wallets behave exactly as they were built to. The 85 extensions together have about 35 million users listed on the Chrome Web Store."
https://thehackernews.com/2026/07/study-of-85-crypto-wallet-extensions.html
https://arxiv.org/abs/2607.06141
Malware
- Malicious GitHub Campaign: Fake “Arctic Wolf” And 290+ Brand-Impersonation Repositories Deliver BoryptGrab-Lineage Infostealer
"Since 26 June 2026, an unattributed threat actor has published at least 292 deceptive brand-impersonation GitHub pages and .github repositories that mimic legitimate software and trusted security tooling vendors, including a fake Arctic Wolf GitHub page. Each repository hosts a marketing-styled README document, with a concealed download link that routes victims to a malicious “secure download” page. The payload is a pure smash-and-grab in-memory infostealer, with a 41-entry cryptocurrency wallet path table and 19+ targeted browser names for broad, financially driven credential collection. Stolen data is packaged into a ZIP archive and exfiltrated to a C2 with an IP residing in Russia, on a hosting provider repeatedly associated with malware operations."
https://arcticwolf.com/resources/blog/fake-github-repositories-deliver-boryptgrab-lineage-infostealer/
https://www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/
- LastPass, Bitwarden Users Targeted With Fake Security Alerts
"LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review. LastPass emphasizes that its systems have not been compromised and that the phishing emails did not originate from its infrastructure, despite the attackers using domains designed to appear as legitimate company services."
https://www.bleepingcomputer.com/news/security/lastpass-bitwarden-users-targeted-with-fake-security-alerts/
- The Jalisco Toolkit And AI-Powered Phishing Surge
"ReliaQuest recently identified two phishing toolkits, “Jalisco” and “OmegaLord”—named in their own command-and-control (C2) panels—while investigating phishing campaigns targeting Microsoft 365 environments. Their discovery reflects a broader shift: An expanding ecosystem of purpose-built tools and AI-powered phishing-as-a-service (PhaaS) kits is lowering the barrier to sophisticated phishing campaigns that bypass MFA, putting techniques that once required significant skill within reach of threat actors of any level."
https://reliaquest.com/blog/threat-spotlight-jalisco-toolkit-and-ai-powered-phishing-surge
https://www.bleepingcomputer.com/news/security/new-phishing-kits-target-microsoft-365-accounts-evade-mfa/
https://www.bankinfosecurity.com/phishing-toolkits-harvest-entra-tokens-in-real-time-a-32220
- Report: Accelerating ClickFix Attacks Evade Antivirus And EDR Defenses
"ReversingLabs (RL), the trusted name in file and software security, today published new threat intelligence research on ClickFix, a fast-growing social engineering technique that tricks users into infecting their own computers. The research is detailed in a new report, “Copy, Paste, Compromise: The Tale of ClickFix” by RL researcher Toni Dujmović and the RL threat intelligence team."
https://www.reversinglabs.com/press-releases/clickfix-attacks-evade-antivirus-and-edr
https://www.darkreading.com/cyberattacks-data-breaches/clickfixs-ecosystem-demands-new-defense
- The Scam Will Go On: Beware Of Fake Offers For Celine Dion Concert Tickets
"The return of a global icon like Celine Dion to the stage is more than just another concert, for fans, it is a once in a lifetime historic return. But where there is massive demand and widespread excitement, fraudsters see a golden opportunity. In this research, Group-IB discovered a sophisticated multi-layered scam scheme targeting fans eager to secure their tickets for Celine Dion’s upcoming French tour. Group-IB analysts tracked a coordinated effort that blends high-pressure social engineering with technical digital manipulation. From scammers directly embedding themselves into online fanbase communities, to a network of professional fraudulent websites, built on the looks of official ticketing platforms, the “game” is played to perfection."
https://www.group-ib.com/blog/fake-concert-ticket-scam-celine-dion/
- Upwind Finds Coordinated Supply Chain Campaign Compromising Multiple AsyncAPI Npm Packages
"Software supply chains have become an increasingly attractive target for attackers because a single compromise can ripple across countless development environments. Instead of breaking into individual organizations, threat actors are increasingly seeking access to the trusted infrastructure used to distribute software, allowing malicious code to spread through legitimate channels. New research from Upwind offers another example of that shift. The cloud security company disclosed findings from an investigation into a coordinated attack that affected multiple official AsyncAPI npm packages, revealing compromises across repositories and publishing pipelines rather than a single isolated package."
https://hackread.com/upwind-supply-chain-compromise-asyncapi-npm-packages/
- Warning: Scammers Are Using FaceTime To Empty Bank Accounts
"Apple is urging users to treat any suspicious FaceTime call or message as untrusted, especially if it involves payments, refunds, password resets, or requests for personal information. This warning appears in a broader Apple support article about scams that target iPhone and iPad users through social engineering. Apple says attackers may contact people by phone calls, FaceTime, text messages, or emails while pretending to represent a trusted organization."
https://www.malwarebytes.com/blog/news/2026/07/warning-scammers-are-using-facetime-to-empty-bank-accounts
- LabubaRAT: A Rust Based Remote Access Tool Masquerading As NVIDIA Software
"Blackpoint’s Adversary Pursuit Group (APG) discovered a previously undocumented malware sample that we are tracking as LabubaRAT, a Rust based remote access tool masquerading as NVIDIA software. The executable, nvidia-sysruntime.exe, used NVIDIA themed metadata and runtime naming, but its internal behavior showed a configurable implant built to register infected systems, receive operator tasking, execute commands, transfer files, capture screenshots, and proxy traffic."
https://blackpointcyber.com/blog/labubarat-a-rust-based-remote-access-tool-masquerading-as-nvidia-software/
https://thehackernews.com/2026/07/labubarat-masquerades-as-nvidia.html
- Lucide Proxy: Turning Student Web Proxies Into DDoS Bots
"We deobfuscated a massive campaign of 148 npm packages, including ilovefemboys, miguelphonk, and charlie-kirk. Disguised as student web proxies under names like Riverbend Tutoring, these packages hid mutable remote code execution vectors and a high-performance Wisp-compatible WebSocket traffic generator. They were designed to silently enlist visiting browsers into distributed denial-of-service botnets while generating aggressive popunder advertising revenue."
https://research.jfrog.com/post/lucide-proxy-npm-malware-campaign/
https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html
- Defending SaaS-Based Applications Against ShinyHunters OAuth Abuse
"In a series of campaigns observed between mid-2025 and mid-2026, Microsoft identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing) and supply chain compromise, to target customer SaaS-based applications such as Salesforce instances. The threat actors abused trusted OAuth relationships for unauthorized access, data exfiltration, and persistence. Two primary intrusion paths were observed including vishing techniques targeting OAuth consent and supply chain compromise through trusted workflows and integrations such as Salesloft and Gainsight. Abuse of these access paths led to inherited user and application privileges, allowing successful enumeration and querying of customer relationship management (CRM) records while evading conventional authentication detections."
https://www.microsoft.com/en-us/security/blog/2026/07/13/defending-saas-based-applications-against-shinyhunters-oauth-abuse/
https://thehackernews.com/2026/07/microsoft-maps-year-long-shinyhunters.html
- Not Every Fox Is Silver: Inside An AtlasRAT Loader Chain
"Public analyses of AtlasRAT are limited, and this report documents a four-stage loader chain and RAT capabilities not previously described in existing public reports. The chain operates entirely through memory execution throughout all stages, minimizing disk activity."
https://asec.ahnlab.com/en/94479/
Breaches/Hacks/Leaks
- Synopsys Finds No Evidence Of Data Breach Amid Bosch Hack Claims
"Silicon-to-systems design firm Synopsys says it has found no evidence of a data breach after a cybercrime group claimed to have hacked its systems and gained access to valuable data belonging to one of its major customers, Bosch. A new ransomware group named D1R in recent days listed Synopsys and Bosch on its Tor-based leak website. The cybercriminals claimed to have exploited a vulnerability in Synopsys’ website to access a corporate client database containing 40,000 entries, and they are threatening to leak the stolen data unless a ransom is paid."
https://www.securityweek.com/synopsys-finds-no-evidence-of-data-breach-following-bosch-hack-claims/
General News
- June 2026 Threat Trend Report On APT Groups
"The June 2026 Threat Trend Report on APT Groups summarizes the trend of state-sponsored threat groups actively incorporating generative AI, cloud services, OAuth tokens, and commercial MaaS (Malware-as-a-Service) platforms into their attack operations. A key finding is that the scope of attacks has expanded beyond traditional Malware infections to include account and token theft, exploitation of legitimate services, and compromises of supply chains and cloud environments."
https://asec.ahnlab.com/en/94441/
- Spanish Police Take Down €140 Million Cyber Fraud Ring, Arrest Four
"The Spanish Police dismantled a cybercrime and money-laundering organization that made €140 million ($160 million) from investment fraud and business email compromise (BEC) attacks. As part of the law enforcement operation, four people were arrested in Spain, Portugal, and Panama. The police describe the operation as an industrial-level scheme as it involved at least 800 bank accounts, 120 business accounts, and 67 external accomplices who acted as “money mules.”"
https://www.bleepingcomputer.com/news/security/spanish-police-take-down-140-million-cyber-fraud-ring-arrest-four/
- 6 GHz Wi-Fi Flaws Could Disrupt Critical Systems
"The technology keeping 6 GHz Wi-Fi from interfering with critical infrastructure has a number of security issues — and researchers are starting to sound the alarm. Researchers from Pennsylvania State University and Idaho National Laboratory will discuss their findings in a session called "Blind Trust in the 6 GHz Band: Weaponizing Wi-Fi Automated Frequency Coordination (AFC)" at Black Hat USA 2026. Two pieces of technology are at the center of this research: the cutting edge 6 GHz Wi-Fi spectrum and AFC, which regulates the 6 GHz band and keeps its powerful signal from interfering with radio towers, cellular backhaul, and spectrum-adjacent public safety networks."
https://www.darkreading.com/perimeter/6-ghz-wi-fi-flaws-disrupt-critical-systems
- Manage Vendor Risk In a Few Practical Steps
"Third-party information risk reaches beyond cybersecurity. A third-party failure can create operational disruption, privacy impact, regulatory exposure, contractual loss, business interruption, reputational harm, customer impact, uninsured financial loss, and continuity failure. The issue for boards and senior management is exposure: what risk the enterprise carries because information, systems, processes, and dependencies sit outside their control."
https://www.darkreading.com/cyber-risk/manage-vendor-risk-in-a-few-practical-steps
- Frontier AI: The Genie's Out Of The Bottle, But Where's The Rulebook?
"As frontier artificial intelligence (AI) models grow more powerful and unpredictable, three states are racing to rein them in with new disclosure laws. Illinois Gov. JB Pritzker recently signed Senate Bill 315 (SB315), the Artificial Intelligence Safety Measures Act, in an effort to boost reporting requirements for frontier AI models that generate more than $500 million in annual revenue. New York and California also recently enacted similar disclosure laws."
https://www.darkreading.com/cybersecurity-operations/frontier-ai-genie-out-of-bottle-where-rulebook
- Context Bombs: Stopping AI Attackers In Their Tracks.
"AI agents can now run complex cyberattacks on their own: given a foothold, the strongest models can escalate privileges and exfiltrate data within minutes. Canaries - decoy resources we plant to catch intruders - reliably spot these agents in the act, but spotting an attack isn't the same as stopping it. So we tried something more ambitious: a context bomb - a short string, hidden in a canary, that trips an AI agent's safety guardrails and stops it in its tracks."
https://agentic.tracebit.com/context-bombs/
https://www.helpnetsecurity.com/2026/07/14/context-bombs-for-defensive-prompt-injection/
- The Best Defense Against AI Attacks Turns Out To Be a Skeptical Human
"Analysts across the security industry now run generative AI through their daily work, from log triage to incident write-ups. Active use in cybersecurity strategy reached 78% of practitioners in 2026, up from half the field a year earlier. The 2026 SANS AI Survey, drawn from 536 IT and security professionals, describes what that commitment costs to keep. Reliability trailed adoption over the year. Sixty-three percent of practitioners report significant shortcomings when AI detects or responds to threats, well above the share who said so a year earlier. The failures cluster around false positives, trouble spotting new threats, and confident output that turns out wrong. Teams running AI in production describe this as the routine experience."
https://www.helpnetsecurity.com/2026/07/14/ai-attacks-skeptical-human/
- Fake Smart Home Residents Could Stand In For Real Ones In Security Research
"Smart home security research runs on a scarce ingredient: recordings of how real people use the gadgets in their homes. Getting that data means wiring up someone’s house and watching for months, which is slow, costly, and about as invasive as it sounds. So the datasets stay small and cover a thin slice of how people live. A group from Leipzig University and ipoque, a Rohde & Schwarz company, has a workaround that sounds a little strange at first. Let a language model play the resident. Hand it a persona and a house, let it decide how that person moves through a morning, and have it produce the device commands that follow. Simulate the person, and the lights and locks come along for the ride."
https://www.helpnetsecurity.com/2026/07/14/iot-smart-home-security-research/
https://arxiv.org/pdf/2607.08231
- A Guide To The Convergence Of Electronic Warfare And Cyber Operations
"Cyberspace is recognized as a critical warfighting domain. Operations in the electromagnetic (EM) spectrum have also long been an important piece of the arsenal. Recent advances in software-defined radio (SDR), radio frequency system on chip (RF SoC), and artificial intelligence (AI) have demonstrated that electronic warfare (EW) techniques can be even more potent and readily available. For example, manipulation of intelligently adaptive radio signals could disable adversaries’ sensors and communication systems. Beyond the boundaries of the battlefield, the Pentagon signaled the need for EM capability in 2020, with the DoD Electromagnetic Spectrum Superiority Strategy and Joint Publication 3-85: Joint Electromagnetic Spectrum Operations."
https://www.sei.cmu.edu/blog/a-guide-to-the-convergence-of-electronic-warfare-and-cyber-operations/
- NATO Logistics, Ukrainian Troops Are Top Subjects Of Russian Camera Hacks, Advisory Says
"Russian state-backed hackers are systematically compromising internet-connected security cameras across Europe and Ukraine to gather intelligence on NATO military logistics and identify Ukrainian troops for battlefield targeting, Dutch intelligence agencies warned. In a public advisory, the Netherlands' General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD) said at least one Russian intelligence service has been carrying out cyber-espionage operations against internet-accessible cameras in the Netherlands, other NATO and EU member states and Ukraine."
https://therecord.media/russian-intelligence-compromising-cameras-nato-ukraine-netherlands
- Five Charged In NCA Investigation Into Fraud Platform Responsible For Millions Of Scam Calls
"Five people have been charged as part of a National Crime Agency investigation into Russian Coms, a group which made products used by criminals to defraud victims all over the world. The platform, established in 2020, started as a handset and then moved to a web-based application, with both products being marketed and sold. They allowed criminals to hide their identity by appearing to call from pre-selected numbers. These would often be of financial institutions, telecommunications companies and law enforcement agencies with the aim of stealing funds and personal details from victims."
https://www.nationalcrimeagency.gov.uk/news/five-charged-in-nca-investigation-into-fraud-platform-responsible-for-millions-of-scam-calls
https://www.infosecurity-magazine.com/news/five-charged-in-russian-coms-fraud/
https://www.helpnetsecurity.com/2026/07/14/russian-coms-nca-charges-scam-calls/
- New Tutorials On Underground Hacking Forums Have Roughly Doubled
"Underground hacking forums are producing more original tutorials again, with growing attention on financial fraud, particularly the theft and fraudulent use of payment card data, known as carding, and cash-out techniques. Radware analyzed 8,870 tutorial posts published across 24 deep- and dark-web forums between December 2022 and April 2026. After removing reposts, the dataset contained 3,034 unique hacking and fraud guides."
https://www.helpnetsecurity.com/2026/07/14/underground-hacking-forums-tutorials-research/
อ้างอิง
Electronic Transactions Development Agency (ETDA) 