DJBSEC's CyberNews 2026-07-10

Today’s daily news covers the following categories: Vulnerability Nation-State/APT Data Breach Phishing Threat Intelligence Malware


AI Coding Assistants Can Be Manipulated Into Unsafe Actions

Vulnerability Researchers have demonstrated new techniques capable of manipulating AI coding assistants including Claude Code, Cursor, and Codex into performing unintended or potentially dangerous actions. The attacks exploit weaknesses in how these assistants interpret instructions from project files, external content, and integrated development tools. Since these AI assistants often have access to source code, credentials, and deployment environments, successful exploitation could have significant consequences. Security experts recommend limiting tool permissions, isolating development environments, and requiring human approval before executing sensitive actions. The findings reinforce that AI-assisted development platforms are becoming an increasingly important attack surface. Read More

APT-C-20 Conceals Malware Inside PNG Images

Nation-State/APT Researchers have uncovered a campaign by the APT-C-20 threat group that hides malicious shellcode within PNG image files to evade traditional security defenses. The images appear legitimate but contain embedded payloads that are extracted and executed in memory after delivery. This technique allows attackers to bypass many file-based detection systems while maintaining a low profile during initial compromise. The campaign appears focused on espionage operations targeting government and enterprise organizations. Analysts expect similar fileless delivery methods to become increasingly common among advanced threat groups. Read More

Accenture Investigates Breach Following Source Code Theft Claims

Data Breach Accenture has confirmed a cybersecurity incident after attackers claimed they had stolen company source code and other sensitive information. The organization is investigating the scope of the compromise while working with cybersecurity experts to determine whether customer or proprietary data was affected. Although details remain limited, the incident raises concerns about intellectual property theft and potential downstream supply chain risks. Large consulting firms continue to be attractive targets because they support numerous enterprise and government clients. The investigation remains ongoing as Accenture assesses the impact of the breach. Read More

Microsoft 365 Users Targeted in Entra Passkey Enrollment Vishing Campaign

Phishing Security researchers are warning of a voice phishing campaign that abuses Microsoft Entra passkey enrollment to compromise Microsoft 365 accounts. Attackers impersonate corporate IT staff and persuade victims to register attacker-controlled passkeys, allowing unauthorized access without requiring passwords. The campaign illustrates how social engineering techniques are evolving alongside modern authentication technologies. Organizations are encouraged to verify all identity-related requests through trusted channels and educate employees about fraudulent support calls. Strong enrollment policies and monitoring can help reduce the risk of successful attacks. Read More

Anthropic Expands Claude Cowork With Mobile AI Sessions

Threat Intelligence Anthropic has expanded its Claude Cowork platform by introducing mobile collaboration sessions, allowing teams to continue AI-assisted workflows across smartphones and tablets. The feature synchronizes shared conversations and project context between desktop and mobile devices to improve productivity. Security experts note that expanding AI collaboration capabilities also increases the importance of secure identity management, device protection, and session security. Anthropic says enterprise safeguards are built into the platform to help protect sensitive business information. The release reflects the growing integration of AI into enterprise collaboration environments. Read More

Researchers Uncover Five New Prompt Injection Techniques

Vulnerability Researchers have documented five new prompt injection techniques capable of manipulating AI systems into ignoring safeguards or performing unintended actions. The attacks exploit how language models process instructions from untrusted external sources, particularly when AI agents interact with websites, documents, or APIs. Experts warn that prompt injection remains one of the most significant unresolved security challenges in AI. Developers are encouraged to implement stronger input validation, permission controls, and contextual isolation between trusted and untrusted data. The research demonstrates that prompt injection attacks continue evolving rapidly. Read More

Claude Desktop Vulnerability Allows Remote Code Execution

Vulnerability Researchers have disclosed a vulnerability affecting Claude Desktop that could allow remote code execution under certain circumstances. A successful attack could enable threat actors to execute arbitrary code, potentially exposing local files, credentials, and development resources. AI desktop applications are increasingly attractive targets because they often have broad access to sensitive information and integrated tools. Anthropic is evaluating the findings while recommending users install available security updates. The discovery highlights the growing need to secure AI-powered desktop applications. Read More

Mycelium Framework Introduces Novel Botnet Architecture

Malware Researchers have analyzed a new malware platform known as the Mycelium framework, describing it as a unique botnet architecture built for resilience and scalability. The framework enables infected systems to communicate efficiently while supporting distributed command-and-control operations that are more difficult to disrupt. Although the malware is still in its early stages, analysts believe its design could support larger criminal operations in the future. Security researchers are closely monitoring adoption by cybercriminal groups. The framework represents another example of attackers investing in increasingly sophisticated malware infrastructure. Read More

GitHub Copilot Strengthens Protections Against Harmful Requests

Threat Intelligence GitHub has enhanced Copilot’s safety mechanisms to better refuse requests involving malware development, exploit creation, and other harmful activities. Microsoft says the updated safeguards are intended to reduce misuse while preserving Copilot’s usefulness for legitimate software development. The improvements are based on ongoing evaluations of AI safety and adversarial testing. Researchers note that safety controls will continue to evolve as attackers discover new methods of bypassing AI restrictions. The update reflects broader industry efforts to deploy more secure and responsible AI coding assistants. Read More

Attackers Exploit Known Roundcube Vulnerabilities

Vulnerability Threat actors are actively exploiting previously disclosed Roundcube webmail vulnerabilities against organizations that have not yet applied security updates. By targeting known “N-day” flaws, attackers can compromise email servers and gain access to sensitive communications without relying on new zero-day exploits. Researchers emphasize that delayed patching remains one of the biggest drivers of successful enterprise compromises. Administrators are encouraged to update Roundcube installations immediately and review logs for signs of intrusion. The campaign highlights the continuing importance of timely vulnerability management. Read More

Ubiquiti Warns of Critical UniFi OS Vulnerability

Vulnerability Ubiquiti has issued an alert for a maximum-severity vulnerability affecting UniFi OS deployments. If exploited, the flaw could provide attackers with administrative access to network management systems and connected infrastructure. Given UniFi’s widespread deployment in businesses, schools, and service providers, the vulnerability carries significant operational risk. Ubiquiti recommends applying security updates immediately and limiting exposure of management interfaces to the internet. Researchers expect attackers to begin widespread scanning for vulnerable systems shortly after disclosure. Read More

China Nexus Threat Group Targets Ruckus Routers

Nation-State/APT Researchers report that the China Nexus threat group is exploiting vulnerabilities in Ruckus networking equipment to support long-term espionage operations. Compromised routers provide attackers with persistent network access, visibility into traffic, and opportunities for lateral movement while remaining difficult to detect. Network infrastructure continues to be a preferred target for nation-state actors because it enables broad surveillance with minimal endpoint interaction. Organizations are advised to update affected devices, restrict administrative access, and monitor for unusual network activity. The campaign demonstrates the strategic value of networking hardware in modern cyber espionage. Read More




Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-07-16
  • DJBSEC's CyberNews 2026-07-15
  • DJBSEC's CyberNews 2026-07-14
  • DJBSEC's CyberNews 2026-07-13
  • DJBSEC's CyberNews 2026-07-09