DJBSEC's CyberNews 2026-07-07

Today’s daily news covers the following categories: Malware Phishing Nation-State/APT Privacy Ransomware Vulnerability


BusySnake Infostealer Targets Critical Infrastructure Networks

Malware Researchers have identified a new infostealer known as BusySnake that is actively targeting organizations operating critical infrastructure. The malware is designed to harvest credentials, system information, browser data, and other sensitive intelligence that can be used to facilitate follow-on attacks. Analysts believe the campaign focuses on gaining long-term access rather than causing immediate disruption, making it particularly concerning for industrial environments. Critical infrastructure operators are being urged to strengthen endpoint monitoring, segment sensitive networks, and review credential security practices. The campaign highlights the growing interest attackers have in intelligence gathering against essential services. Read More

Fake Microsoft Teams IT Support Calls Deliver EtherRAT Malware

Phishing Cybercriminals are impersonating IT support staff through Microsoft Teams to convince employees to install EtherRAT malware. Attackers use social engineering techniques, posing as legitimate help desk personnel while persuading victims to run malicious software under the guise of technical support. Once installed, EtherRAT provides remote access, allowing attackers to steal data, deploy additional malware, and move laterally through corporate networks. Researchers say the campaign demonstrates the continued effectiveness of combining voice phishing with trusted collaboration platforms. Organizations are encouraged to verify support requests through established channels and educate employees about help desk impersonation attacks. Read More

Iranian Threat Actors Deploy New Cavern C2 Framework

Nation-State/APT Researchers have uncovered a new command-and-control framework called Cavern C2 that is being used by Iranian-linked threat actors. The framework enables attackers to manage compromised systems, execute remote commands, and maintain long-term persistence during espionage operations. Analysts say Cavern C2 includes improved stealth capabilities designed to evade traditional detection tools. The campaign appears focused on intelligence gathering against strategic organizations and government-related targets. Security teams are advised to monitor for indicators associated with the new framework and strengthen behavioral detection capabilities. Read More

Microsoft Warns of Device Code Phishing Campaigns

Phishing Microsoft is warning organizations about a growing wave of device code phishing attacks that abuse legitimate authentication workflows. Instead of stealing passwords directly, attackers trick users into entering legitimate device authorization codes, allowing threat actors to obtain valid authentication tokens. Because the technique leverages trusted Microsoft authentication processes, it can bypass some traditional phishing defenses. Researchers recommend implementing conditional access policies, monitoring token usage, and educating users about unexpected device code requests. The campaign illustrates how attackers continue adapting to modern authentication technologies. Read More

New EU Spyware Scandal Sparks Calls for Stronger Oversight

Privacy A new spyware controversy involving European officials has triggered renewed calls for stricter oversight of commercial surveillance software. Lawmakers and privacy advocates argue that stronger legal safeguards are needed to prevent spyware from being used against journalists, investigators, politicians, and civil society organizations. The latest revelations have intensified concerns about accountability within the commercial spyware industry. Officials are pushing for improved transparency, export controls, and independent oversight of surveillance technologies. The case continues the broader international debate over balancing national security with digital privacy rights. Read More

The Gentlemen Ransomware Expands Remote Execution Capabilities

Ransomware Researchers report that The Gentlemen ransomware group now employs at least 21 different remote execution techniques to compromise victim environments. By supporting numerous execution methods, the ransomware operators can adapt to different network configurations and bypass defensive controls more effectively. Analysts say the expanded toolkit demonstrates continued investment in operational flexibility and evasion techniques. Organizations are encouraged to restrict remote administration capabilities, harden privileged accounts, and monitor unusual remote execution activity. The findings illustrate how ransomware groups continue evolving beyond simple encryption-based attacks. Read More

Hidden Web Prompts Trick AI Agents Into Sending Money

Vulnerability Researchers have demonstrated a novel attack in which hidden prompts embedded within web content manipulate AI agents into performing unauthorized financial transactions. The technique exploits weaknesses in how autonomous AI systems process external content and follow embedded instructions. Security experts warn that as AI agents gain the ability to access payment systems and perform real-world tasks, prompt injection attacks could have increasingly serious consequences. The research highlights the need for stronger permission controls, validation mechanisms, and human oversight for autonomous AI workflows. The findings reinforce that AI agent security is becoming an increasingly important area of cybersecurity research. Read More




Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-07-16
  • DJBSEC's CyberNews 2026-07-15
  • DJBSEC's CyberNews 2026-07-14
  • DJBSEC's CyberNews 2026-07-13
  • DJBSEC's CyberNews 2026-07-10