Emerging Threats

Spirals Ransomware Encrypts Network in Record Time
In a lightning-fast attack, the newly identified Spirals ransomware gang compromised a network and encrypted its entire system in under 24 hours, showcasing an alarming level of speed and sophistication. The attack began with a simple vulnerability - an exposed IIS server - which allowed hackers to upload a web shell and rapidly escalate their privileges.

Privacy Breach at Qantas Exposed by Tech Support Scam Tactics
A clever tech-support scam led to a massive 2025 Qantas privacy breach, where 5.7 million customer records were compromised after a social engineering call tricked a contact-centre agent into giving away sensitive access. The sneaky tactic, not a systemic failure, was the surprising root cause of the breach.

Law Firm's Single Password Weakness Exposes Client Data
A shocking security lapse at a law firm has put client data at risk due to a single, weak password that was used across the board. This simple yet critical mistake highlights the importance of robust password management in protecting sensitive information.

Cyberattack Disrupts Japan's Frozen Food Supply Chain
A cyberattack has crippled Nichirei Group's operations, causing system failures and disrupting Japan's frozen food supply chain, with the company confirming it is struggling to resume shipments and operations. The incident has already impacted downstream customers, with Nichirei hoping to restore services by Friday.

Attackers Exploit Zero-Days in SonicWall Appliances
Cyber attackers are exploiting two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, in SonicWall appliances, with ransomware attacks seemingly their ultimate goal. Rapid7's team has thwarted attempts at data exfiltration and encryption, but the threat remains.

Dutch Police Disrupts €100 Million Investment Fraud Ring
Dutch police have cracked down on a massive €100 million investment fraud ring, arresting multiple suspects, including a 46-year-old Israeli-Polish national with a notorious hacking past. The international sweep resulted in detentions across Cyprus, Greece, and Belgium, with authorities vowing to bring the alleged perpetrators to justice.

TuxBot Evolution Shows AI-Assisted IoT Botnet Development
Researchers just uncovered a cutting-edge IoT botnet framework, TuxBot v3 Evolution, that leverages AI to streamline its development - but surprisingly, the AI also slipped in a crucial safety disclaimer that was left intact. This innovative framework combines old-school botnet tactics with modern tools, making it a potent threat.

Google's Gemini CLI Exploited in Botnet Operation
A Russian-speaking hacker, known as "bandcampro", cleverly exploited Google's open-source Gemini CLI AI tool to create a small but powerful botnet, taking control of eight systems at a dental clinic and breaching the OpenDental database. The AI tool even helped the hacker troubleshoot problems and optimize operations in real-time, making it a highly effective accomplice in the cyber attack.

OkoBot Malware Targets Hardware Wallets with Seed Phrase Phishing
Beware of OkoBot malware, a sneaky threat that's been targeting hardware wallet users since April 2025, tricking hundreds of victims in over 25 countries into divulging their seed phrases through clever phishing tactics. This malicious software can even infiltrate legitimate wallet apps like Ledger and Trezor, replacing their interfaces with fake recovery pages.

CISA Warns of Actively Exploited SharePoint Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of three SharePoint vulnerabilities, including CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, that are being actively exploited by attackers. These flaws, affecting on-premises SharePoint Server installations, pose a significant threat, with one remote code execution flaw rated 8.8 in severity.

Malicious AsyncAPI Packages Target npm Users with Credential-Stealing Malware
On July 14, a supply-chain intrusion briefly introduced trojanized AsyncAPI packages into the npm ecosystem, putting users at risk of credential-stealing malware. Five malicious releases in the @asyncapi namespace were downloaded hundreds of thousands of times during a four-hour window.

Phishing Campaign Exploits eCards to Deploy Legitimate RMM Tools
A massive six-month phishing campaign, dubbed SeasonalInvite, used fake electronic greeting cards to trick victims into installing legitimate remote monitoring and management software on their devices. Over 959 domains were used in this scam, which went undetected from January to June 2026.

AI-Powered Tool Discovers Zero-Day in WordPress Plugin
Meet the AI-powered tool that just discovered a zero-day vulnerability in a popular WordPress plugin, and learn how its automated pipeline can detect and exploit weaknesses in code. This game-changing technology can extract sensitive data, like password hashes and secret tokens, from live databases.

Microsoft Faces New Zero-Day Exploit Disclosure Amid Ongoing Security Dispute
A security researcher has unveiled a proof-of-concept exploit, called LegacyHive, that targets a vulnerability in Windows User Profile Service, allowing for a potential elevation of privileges. This newly disclosed exploit requires just a standard user credential and a third username to launch.

Ransomware Attacks Surge Through Compromised Logins
Ransomware attacks are surging, with a staggering 79% of incidents linked to compromised identities and legitimate user logins, making it the most common entry point for hackers. This marks a significant shift away from traditional software flaw exploitation, now accounting for just 18% of initial attacks.

Nightmare Eclipse Unveils Windows Zero-Day Exploit
A security researcher is sounding the alarm about a newly unveiled Windows zero-day exploit, dubbed LegacyHive, which targets the Windows User Profile Service and could allow for a full system compromise. The proof-of-concept exploit, published by a zero-day hunter known as NightmareEclipse, is just a glimpse of the potential damage this vulnerability could cause.

OkoBot Malware Targets Crypto Users Worldwide
Meet OkoBot, a sneaky malware framework that's got crypto users worldwide in its crosshairs, with over 20 malicious payloads and implants that can be assembled in different ways to wreak havoc. It spreads through clever tactics like ClickFix attacks and fake GitHub packages masquerading as legitimate software.

TuxBot Exposes IoT Botnet Framework With LLM-Assisted Development
Meet TuxBot, a cutting-edge IoT botnet framework that's equipped with a powerful arsenal of tools, including 1,496 username/password pairs for Telnet brute-forcing and a highly adaptable bot that can target a wide range of devices. This sophisticated framework is capable of automating attacks and can be easily customized to wreak havoc on a massive scale.

Compromised AsyncAPI Packages Deliver Multi-Stage Botnet Malware
Malicious actors have compromised several AsyncAPI packages, delivering a sophisticated multi-stage botnet malware that uses a command framework with six independent communication channels. The affected packages include @asyncapi/generator-helpers, @asyncapi/generator-components, @asyncapi/generator, and @asyncapi/specs in specific versions.

CISA Warns of Actively Exploited SharePoint Flaws
Don't let your SharePoint servers become an easy target: over 800 Internet-exposed servers remain unpatched against actively exploited vulnerabilities, including CVE-2026-32201 and CVE-2026-45659. Act now to protect your systems from potential attacks.

US Charges Russian Nationals for Bulletproof Hosting Services
US authorities have charged three Russian nationals with operating illicit bulletproof hosting services that enabled cybercrime, affecting victims across 21 states, including banks, schools, hospitals, and media companies. The accused, Aleksandr Volosovik, Yulia Pankova, and Kirill Zatolokin, allegedly facilitated a range of malicious activities through their services.

SonicWall Zero-Days Exploited, Enable Admin Command Execution
SonicWall is urging immediate action to fix two zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 series appliances, which are being actively exploited by attackers to execute admin-level commands. These critical flaws, tracked as CVE-2026-15409 and CVE-2026-15410, could compromise your system's security if not patched right away.

DHS Breach Exposes Flaws in Cyber Detection Process
A recent cyber incident at the Department of Homeland Security went undetected for weeks, despite raising red flags in not one, but two separate assessments that were initially dismissed as harmless. The breach, which occurred on the Homeland Security Information Network (HSIN), highlights alarming flaws in the cyber detection process.

Treasury Disrupts Ransomware Networks with Sanctions on VPN Service
The US Treasury Department has cracked down on a notorious VPN service, 1VPNS, and its alleged administrators, sanctioning them for enabling ransomware groups to launch devastating attacks on US companies and institutions. This move disrupts the cybercriminal ecosystem, cutting off a key tool used to hide attack origins, deploy malware, and manage stolen data.