DJBSEC's CyberNews 2026-07-02

Today’s daily news covers the following categories: Ransomware Data Breach Authentication Malware Vulnerability Policy & Legislation


FortiBleed Credential Theft Campaign Linked to Lynx Ransomware

Ransomware Researchers have linked the ongoing FortiBleed credential theft campaign to affiliates associated with the Lynx ransomware operation. Attackers are exploiting vulnerable Fortinet devices to harvest authentication credentials, which are later used to gain persistent access to enterprise networks before deploying ransomware. The campaign highlights the growing trend of combining credential theft with double-extortion ransomware tactics. Security experts urge organizations to patch exposed Fortinet systems, rotate potentially compromised credentials, and monitor authentication logs for suspicious activity. The findings demonstrate how stolen credentials continue to serve as the foundation for modern ransomware attacks. Read More

Kubota Reports Month-Long Network Intrusion

Data Breach Kubota has disclosed that attackers maintained unauthorized access to portions of its corporate network for approximately one month before the intrusion was discovered. During that time, threat actors may have accessed sensitive business information while moving laterally through internal systems. The company is continuing its investigation to determine the full scope of the compromise and what information may have been exposed. Long dwell times remain a significant concern because they allow attackers to expand access and collect valuable intelligence. The incident underscores the importance of continuous monitoring and rapid threat detection. Read More

Microsoft Warns of Azure Password Spray Campaign

Authentication Microsoft has identified an active password spraying campaign targeting Azure environments across multiple organizations. Rather than attempting many passwords against a single account, attackers test a small number of common passwords across thousands of accounts to evade account lockout protections. Researchers say the campaign is targeting cloud identities, making strong password policies and multi-factor authentication essential defenses. Microsoft recommends reviewing sign-in logs, enforcing conditional access policies, and blocking legacy authentication where possible. The activity highlights the continued importance of identity security in cloud environments. Read More

Weaponized Google Ads Deliver Malicious Claude Code Installer

Malware Threat actors are abusing Google Ads to distribute a trojanized version of Claude Code designed to compromise macOS systems. Victims searching for legitimate AI development tools are redirected to malicious websites that deliver malware capable of hijacking developer environments. Once installed, the malware can steal credentials, source code, API keys, and other sensitive information. Researchers say developers remain high-value targets because their systems often provide access to production infrastructure. Users are advised to download software only from official vendor websites and verify application signatures before installation. Read More

Anthropic Buffa Rust Library Vulnerability Enables Denial-of-Service Attacks

Vulnerability Researchers have disclosed a vulnerability in Anthropic’s Buffa Rust library that can be exploited to trigger denial-of-service conditions. The flaw allows specially crafted inputs to consume excessive system resources, potentially disrupting applications that rely on the library. Although no widespread exploitation has been reported, developers are encouraged to apply updates promptly. The incident highlights the importance of securing open-source components used within AI ecosystems. As AI frameworks mature, supporting libraries are increasingly becoming part of the enterprise attack surface. Read More

Citrix NetScaler Vulnerabilities Place Enterprise Gateways at Risk

Vulnerability Citrix has released security updates addressing multiple vulnerabilities affecting NetScaler appliances. Successful exploitation could allow attackers to compromise remote access gateways, steal session information, or gain unauthorized access to enterprise networks. NetScaler devices remain popular targets because they frequently serve as internet-facing entry points into corporate environments. Security researchers expect rapid scanning and exploitation attempts following public disclosure. Organizations are urged to apply patches immediately and review authentication logs for suspicious activity. Read More

RustDuck Botnet Shows Signs of Rapid Evolution

Malware Researchers are tracking a relatively small but rapidly evolving botnet known as RustDuck. Written in Rust, the malware demonstrates modular design and engineering practices suggesting its operators intend to scale operations significantly over time. Although current infections remain limited, analysts warn that early detection provides a valuable opportunity to disrupt the botnet before it grows. The malware supports remote command execution and infrastructure expansion, making it a potential long-term threat. Security teams are encouraged to monitor for emerging indicators associated with RustDuck activity. Read More

Attackers Abuse Windows Drivers to Disable AV and EDR

Malware Researchers have documented attacks that leverage vulnerable or malicious Windows drivers to disable antivirus and endpoint detection and response solutions. By abusing trusted kernel-level drivers, attackers can terminate security products before deploying additional malware or ransomware. This “bring your own vulnerable driver” technique continues to be favored by sophisticated threat actors because it operates with elevated privileges. Organizations should enable driver blocklists, keep systems updated, and monitor for unusual driver installation activity. The research highlights the growing importance of kernel-level security protections. Read More

GuardFall Vulnerability Impacts Most Open-Source AI Agents

Vulnerability Researchers have disclosed a vulnerability dubbed GuardFall that affects 10 of the 11 most popular open-source AI agent frameworks. The flaw allows attackers to bypass safety controls or manipulate AI agent behavior under certain conditions, raising concerns about autonomous AI security. As organizations increasingly deploy AI agents with access to internal systems and external services, weaknesses in these frameworks become increasingly significant. Developers are encouraged to review affected projects and apply available fixes. The research reinforces the importance of securing AI orchestration frameworks alongside traditional software. Read More

Amazon Fined €225 Million Over Fraud Investigation Practices

Policy & Legislation European regulators have fined Amazon €225 million after determining the company failed to provide sufficient evidence to victims investigating fraudulent activity. Authorities argued that Amazon’s handling of requested information hindered efforts to investigate and respond to fraud cases. The ruling highlights increasing regulatory expectations for technology companies to cooperate with investigations and protect consumers. Legal experts believe the decision may influence future compliance requirements across digital marketplaces. The case reflects the growing emphasis on corporate accountability in cybersecurity and fraud response. Read More

Azure CLI Password Spray Campaign Targets Organizations Worldwide

Authentication Researchers have identified a widespread password spraying campaign abusing Azure CLI to target organizations around the world. The attackers use legitimate Azure management tools to blend malicious authentication attempts with normal administrative activity, making detection more difficult. At least dozens of organizations have reportedly been affected as attackers seek cloud account access for follow-on compromise. Security experts recommend enforcing phishing-resistant multi-factor authentication, monitoring Azure CLI usage, and reviewing identity logs for abnormal behavior. The campaign demonstrates how attackers increasingly abuse legitimate administrative tools to evade detection. Read More




Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-07-16
  • DJBSEC's CyberNews 2026-07-15
  • DJBSEC's CyberNews 2026-07-14
  • DJBSEC's CyberNews 2026-07-13
  • DJBSEC's CyberNews 2026-07-10