Cybersecurity Threats — July 1, 2026 Monthly
Key Findings
Executive Summary (5)
- •AI has structurally lowered the skill barrier for cyberattacks: documented multi-victim breaches by low-skill actors using commercial AI tools, combined with state-linked groups running parallel AI-powered attack chains, mean the adversary population capable of executing advanced operations has materially expanded and threat models must be recalibrated accordingly.
- •Supply chain compromise has evolved into a force-multiplier attack methodology: single upstream breaches now cascade across dozens of downstream victims, nation-state actors are targeting foundational open-source packages for maximum blast radius, and ransomware groups are deliberately routing through third-party supplier weaknesses — particularly in Europe.
- •Perimeter and security operations infrastructure have become primary exploitation targets: the FortiBleed campaign, Cisco SD-WAN's seventh exploited zero-day, and active Splunk Enterprise RCE exploitation collectively indicate that the devices and platforms organizations rely on for defense are themselves high-value attacker objectives requiring emergency-tier patch treatment.
- •Regulatory posture shifted from guidance to mandate: CISA's BOD 26-04 three-day patching requirement, updated Cisco SD-WAN emergency directives, a new Zero Trust Architecture guide, and a Five Eyes joint advisory on Russian messaging app targeting collectively represent a coordinated federal push toward architectural transformation, not just incremental compliance.
- •Law enforcement demonstrated sustained, multi-vector disruption capability across criminal, state-sponsored, and infrastructure targets simultaneously — but the parallel emergence of new ransomware groups like 'The Gentlemen' and continued nation-state activity confirms that enforcement actions are necessary but insufficient to reverse the structural growth of the threat landscape.
Key Points (5)
- 1.AI-assisted hacking crossed from proof-of-concept to operational reality: a single low-skill attacker used Claude and Codex to breach 14 companies, while Russia-linked group GreyVibe ran five simultaneous AI-powered attack chains against Ukrainian targets, and CrowdStrike documented an 89% year-over-year increase in AI-powered adversary attacks with eCrime breakout times collapsing to as fast as 27 seconds.
- 2.Supply chain attacks reached a new scale of cascading impact: the Klue breach propagated to Salesforce, LastPass, Huntress, and approximately two dozen notifying companies, while North Korea-nexus actors compromised the widely used Axios NPM package and IronWorm malware hit 57 projects across 9 organizations on npm.
- 3.The FortiBleed campaign escalated from 74,000 exposed credentials to 110 million stolen credentials from FortiGate targets via a diagnostic utility abuse tool, while Cisco SD-WAN recorded its 7th exploited zero-day of 2026 and Splunk Enterprise faced active unauthenticated RCE exploitation — collectively signaling that perimeter and security operations infrastructure are now primary attacker targets.
- 4.CISA issued Binding Operational Directive BOD 26-04 mandating federal agencies patch maximum severity vulnerabilities in as little as 3 days, published a Zero Trust Architecture guide, and coordinated a whole-of-government FIFA World Cup 2026 cybersecurity posture — representing the most aggressive federal patch and architecture modernization mandates of the reporting period.
- 5.Law enforcement achieved sustained high-tempo enforcement across all threat vectors: Dutch authorities seized 800+ servers linked to Russian cyber infrastructure, Scattered Spider members pleaded guilty covering 120 intrusions and $115 million in ransom, the Conti member Lytvynenko pleaded guilty following extradition, and Microsoft with Proofpoint, IBM, and Europol dismantled hundreds of StealC and Amadey C2 servers using AI-assisted analysis.
Market Trends
AI Weaponization Crosses from Theoretical to Operational Threat
Across the month, AI-assisted offensive capabilities progressed from documented research concern to confirmed multi-victim exploitation. Early weeks established the pattern with GreyVibe running five simultaneous AI-powered attack chains and Mandiant's 2026 AI Threat Tracker documenting adversary use of AI for zero-day exploits and autonomous malware. By the final week, a single low-skill attacker had used Claude and Codex to breach 14 companies, and Wired reported that AI models with advanced h…
Supply Chain Attacks Evolve into Cascading Multi-Victim Compromise Clusters
Supply chain threats intensified and diversified throughout the month. The IronWorm/Shai-Hulud franchise model produced active campaigns hitting 57 projects across 9 npm organizations, North Korea-nexus actors compromised the widely used Axios NPM package, and the Klue breach cascaded to Salesforce, LastPass, Huntress, and approximately two dozen notifying companies. Ransomware groups were separately identified as deliberately routing through third-party supplier weaknesses, particularly targeti…
Perimeter and Security Operations Infrastructure Become Primary Exploitation Targets
A consistent pattern across all five weeks was the active exploitation of the devices and platforms organizations rely on for defense. The FortiBleed campaign escalated from 74,000 exposed credentials to 110 million stolen via a diagnostic utility abuse tool. Cisco SD-WAN recorded its 7th exploited zero-day of 2026, with CVE-2026-20245 exploited for months before patching. Splunk Enterprise faced active unauthenticated RCE exploitation via CVE-2026-20253. Oracle PeopleSoft zero-day CVE-2026-3527…
Ransomware-as-a-Service Ecosystem Expands with New Entrants and Affiliate Competition
The ransomware threat landscape showed structural growth during the month. 'The Gentlemen' RaaS group emerged as the second most active ransomware gang by victim count, claiming more than 332 published victims since mid-2025 with over 240 in 2026 alone, and offering affiliates a 90/10 revenue split to attract experienced operators from competing programs. The infostealer-to-ransomware pipeline deepened, with OnyxC2 Stealer targeting more than 200 applications at $250 per month and infostealers i…
Trusted Platform Abuse Emerges as a Distinct Malware Distribution Pattern
Across the month, threat actors systematically weaponized legitimate, high-reputation platforms to distribute malware and evade detection controls. GitHub, YouTube, and VirusTotal were abused to push crypto-stealing malware. LinkedIn-themed phishing abused Adobe's A/B testing platform as a delivery mechanism. Fake ChatGPT and Claude installers on GitHub dropped Deno RAT malware. A clipboard hijacker campaign used VirusTotal manipulation and ghost networks on social media to gain false reputation…
Patch Volumes Remain Elevated with Compressed Exploitation Windows
Monthly patch volumes stayed at historically high levels throughout the reporting period. May 2026 Patch Tuesday addressed 130 CVEs including 30 critical vulnerabilities. June 2026 Patch Tuesday increased to 206 vulnerabilities including three publicly disclosed zero-days. Google's Android update patched an exploited zero-day CVE-2025-48595 alongside 123 other vulnerabilities. CISA's BOD 26-04 three-day patching mandate for maximum severity flaws, combined with Mandiant's documentation of AI col…
State-Sponsored Cyber Threats Escalate Across Multiple Nation-State Actors
Nation-state cyber activity intensified across multiple fronts throughout the month. Russian-linked GreyVibe conducted AI-powered attacks against Ukrainian targets. Russian APT Turla deployed the StockStay backdoor against Ukrainian government and military organizations. CISA and the Five Eyes alliance issued a joint advisory warning that Russian intelligence services continue to target commercial messaging applications. The FBI and DOJ disabled 13 Chinese agent-backed websites targeting U.S. se…
Competitor Trends
AI Labs Enter Cybersecurity Tooling Market as Direct Competitors
The month saw a decisive shift in the competitive landscape as major AI laboratories moved from peripheral to direct participants in cybersecurity tooling. Anthropic progressively expanded its Mythos platform from approximately 50 to 200 organizations, formally launched Claude Fable 5 with cybersecurity guardrails for public use, and provided the upgraded Mythos 5 to Project Glasswing trusted partners. OpenAI responded by launching its 'Patch the Planet' initiative on June 23, 2026, revealing an…
CrowdStrike Expands Agentic SOC and Identity Security Platform Across the Month
CrowdStrike sustained a high cadence of product and partnership announcements throughout the month, consistently extending its platform narrative from endpoint to identity to AI agent security. The company launched agentic MDR with a reported 1-minute median time to contain, announced Continuous Identity for AI Agents, integrated with Zscaler's Zero Trust Exchange using the OpenID Shared Signals Framework, and published research on cloud breach prevalence showing 94% of organizations reporting c…
Accenture's $4.1–4.2 Billion Dragos Acquisition Reshapes OT Security Market
The Accenture acquisition of a majority stake in Dragos, valued at $3.25 billion, along with all of runZero and NetRise in a total deal of approximately $4.1–4.2 billion, represents one of the largest OT cybersecurity acquisitions on record and the defining consolidation event of the month. runZero and NetRise will operate under Dragos. The deal signals that OT and ICS cybersecurity has moved from a niche segment to a strategic priority for major professional services firms, and is expected to a…
Identity and Access Management Market Consolidates Around Non-Human Identity
The month saw a cluster of M&A activity specifically targeting non-human identity and AI agent access governance. SailPoint agreed to acquire Israel-based Entro, specializing in non-human identity and credential security, in a reported $200 million deal. 1Password agreed to acquire Apono, specializing in just-in-time access governance for humans, machines, and AI agents, in a reported $250–300 million deal. CrowdStrike simultaneously announced Continuous Identity for AI Agents. The convergence o…
Law Enforcement Achieves Multi-Vector Disruption Across Criminal and State-Sponsored Infrastructure
Throughout the month, law enforcement demonstrated an expanding capability to execute simultaneous disruptions across criminal, state-sponsored, and infrastructure targets. Dutch FIOD arrested operators of Stark Industries Solutions and seized 800+ servers. The FBI and DOJ disabled 13 Chinese agent-backed websites. Law enforcement dismantled 106 SocGholish servers and cleaned 15,000 compromised sites. Microsoft, Proofpoint, IBM, and Europol dismantled hundreds of StealC and Amadey C2 servers usi…
Microsoft Faces Responsible Disclosure Controversy While Expanding Defensive Operations
Microsoft occupied a dual position in the competitive landscape during the month. The company faced significant backlash after threatening legal action against researchers who publicly disclose zero-day vulnerabilities, with SecurityWeek reporting Microsoft attempted to calm fears after the controversy — a development with direct chilling effects on the responsible disclosure ecosystem. Simultaneously, Microsoft led a major coordinated operation dismantling hundreds of Amadey and StealC command-…
MITRE ATT&CK v19 Imposes Ongoing Detection Mapping Burden Across the Month
MITRE ATT&CK v19, released April 28, 2026, remained the stable current framework throughout the entire reporting period with a minor v19.1 update also published. The framework's structural split of the Defense Evasion tactic into two new tactics — Stealth and Defense Impairment — continued to impose an ongoing operational compliance burden on security teams required to update SIEM rules, detection content, and threat hunt playbooks. New techniques including 'Query Public AI Services' and 'Genera…
Regulatory Trends
CISA Shifts from Guidance to Mandate: BOD 26-04 and Emergency Directives Impose Aggressive Federal Patch Timelines
The most significant regulatory development of the month was CISA's issuance of Binding Operational Directive BOD 26-04 on June 10, 2026, requiring federal agencies to patch maximum severity vulnerabilities in as little as 3 days. A CISA official explicitly cited AI-accelerated threats as the rationale, warning that defenders cannot afford to take weeks to patch. The directive was supplemented by a V1 update to Emergency Directive ED 26-03 covering Cisco SD-WAN systems and a separate V1 update t…
CISA Accelerates Federal Architecture Modernization with Zero Trust and SASE Guidance
Alongside patch mandates, CISA published a new Zero Trust Architecture guide on June 24, 2026 to assist federal agencies with modernization, and a separate advisory on using SASE in a Modern TIC 3.0 Solution. These publications represent a shift from reactive patch enforcement to proactive architectural transformation requirements. Private sector organizations aligned with federal supply chains should treat these publications as advance indicators of contractual security architecture requirement…
Five Eyes Alliance and CISA Issue Coordinated Multilateral Advisories on State-Sponsored Threats
The final week of the month saw a coordinated multilateral regulatory response to escalating state-sponsored cyber threats. The Five Eyes alliance issued a joint cybersecurity agencies statement on June 22, 2026. CISA separately published an advisory on June 26, 2026 warning that Russian intelligence services continue to target commercial messaging applications. These actions represent a formal intelligence community designation of consumer messaging platforms as active intelligence collection t…
DOJ CCIPS Sustains Highest-Tempo Prosecution Pipeline on Record Across All Threat Categories
The DOJ's Computer Crime and Intellectual Property Section maintained an unprecedented prosecution tempo throughout the month, expanding across criminal, state-sponsored, and new enforcement categories. Actions included ALPHV BlackCat ransomware sentencings, a Romanian national sentenced to 56 months for network access brokering, Conti member Lytvynenko's guilty plea following extradition, seizure of deepfake domains CFAKE.com and SOCFAKE.com, Vercel contempt resolution, Huione Group cloud infra…
CISA KEV Catalog Governance Evolves with Community Nomination Mechanism
CISA enhanced the Known Exploited Vulnerabilities catalog during the month by adding a community nomination form enabling vendors and researchers to submit vulnerability nominations and accelerate identification of actively exploited vulnerabilities. The catalog received additions throughout the month including a critical Ivanti Sentry flaw CVE-2026-10520 allowing root-level remote code execution, LiteLLM vulnerability CVE-2026-42271, Check Point VPN zero-day CVE-2026-50751, PTC Windchill CVE-20…
Whole-of-Government FIFA World Cup 2026 Cyber Posture Evolves from Preparedness to Active Threat Response
The regulatory posture around FIFA World Cup 2026 cybersecurity evolved across the month from preparedness exercises to active threat response. CISA conducted full-scale exercises and security assessments with host cities in early weeks, published venue-specific security resources on June 11, 2026, and the FBI maintained an active warning about threat actors spoofing FIFA websites. The DOJ seized nearly 400 sites engaged in unauthorized streaming of World Cup matches on June 26, 2026. The coordi…
Trump Executive Order Establishes Pre-Release AI National Security Vetting Framework
President Trump signed an executive order establishing a framework for the federal government to vet national security risks of the most advanced AI systems for up to a month before their public release, representing the first formal pre-release AI security review mechanism at the federal level. The order directly addresses the structural concern that AI regulatory responses have lagged offensive capability development, and creates a new compliance obligation for AI model developers and deployer…
Sources Activity
Since last month
AI-Assisted Hacking Crosses from Theoretical to Demonstrated Multi-Victim Exploitation
Across the month, AI-assisted offensive capabilities progressed from documented research concern to confirmed operational threat. GreyVibe ran five simultaneous AI-powered attack chains against Ukrainian targets. Mandiant's 2026 AI Threat Tracker documented adversary use of AI for zero-day exploits and autonomous malware. By the final week, a single low-skill attacker used Claude and Codex to breach 14 companies. CrowdStrike documented an 89% year-over-year increase in AI-powered adversary attac…
FortiBleed Campaign Escalates from 74,000 to 110 Million Stolen Credentials
The FortiBleed campaign began with reports of 74,000 Fortinet firewall credentials exposed in a data leak, with SOCRadar detecting 30,000 compromised Fortinet firewalls. CISA issued a hardening alert on June 18, 2026. By the final week, SC Magazine reported the campaign had stolen 110 million credentials from FortiGate targets using a tool called FortigateSniffer that abuses a diagnostic utility to continuously monitor network traffic. The scale of credential theft grew by orders of magnitude wi…
Klue Supply Chain Breach Cascades to Salesforce, LastPass, and Approximately 24 Companies
The Klue breach propagated to Salesforce data theft affecting Huntress, exposed LastPass customer data, and resulted in approximately two dozen companies notifying their customers of impact. Wired reported LastPass users had their data stolen again on June 27, 2026. The incident illustrates how third-party compromise now functions as a force multiplier, with a single upstream breach producing downstream victim counts far exceeding direct targeting.
Cisco SD-WAN Records 7th Exploited Zero-Day of 2026; CVE-2026-20245 Exploited for Months Before Patching
Cisco SD-WAN was identified as a sustained, unresolved exploitation target throughout the month. CVE-2026-20182 was documented as the sixth exploited zero-day, followed by CVE-2026-20245 actively exploited with no patch available as of June 5, 2026. By the final week, SecurityWeek confirmed CVE-2026-20245 was exploited for months before patching and is the 7th Cisco SD-WAN vulnerability exploited in 2026. CISA issued a V1 update to Emergency Directive ED 26-03 adding new reporting requirements f…
CISA BOD 26-04 Mandates 3-Day Patching for Maximum Severity Vulnerabilities
CISA issued Binding Operational Directive BOD 26-04 on June 10, 2026, requiring federal agencies to prioritize vulnerability remediation based on risk with deadlines as short as 3 days for maximum severity flaws. A CISA official cited AI-accelerated threats as the rationale. The directive was supplemented by updated Cisco SD-WAN and device compromise emergency directives. This represents the most aggressive federal patch timeline requirement documented in the reporting period and is expected to …
Accenture Acquires Dragos, runZero, and NetRise in $4.1–4.2 Billion OT Security Deal
Accenture agreed to acquire a majority stake in Dragos, valued at $3.25 billion, and all of runZero and NetRise in a total deal of approximately $4.1–4.2 billion, representing one of the largest OT cybersecurity acquisitions on record. runZero and NetRise will operate under Dragos. The deal signals major consolidation in the industrial security market and is expected to affect competitive dynamics, vendor relationships, and pricing for OT security customers.
Scattered Spider Members Plead Guilty; Group Linked to 120 Intrusions and $115 Million in Ransom
Thalha Jubair, 20, and Owen Flowers, 18, pleaded guilty in the UK to conspiring to commit unauthorized acts against Transport for London. U.S. prosecutors allege the Scattered Spider group conducted 120 intrusions against 47 U.S. entities between May 2022 and September 2025, with victims paying at least $115 million in ransom. The guilty pleas represent a significant accountability milestone for one of the most prolific English-speaking cybercrime groups.
Dutch FIOD Arrests Operators of Stark Industries Solutions; 800+ Servers Seized
Dutch financial crime investigators arrested Andrey Nesterenko and Youssef Zinad on May 18, 2026, charging them with violating sanctions law by making economic resources available to EU-sanctioned entities. Investigators seized more than 800 servers across three businesses and two data centers linked to Russian cyberattack and disinformation infrastructure including Stark Industries Solutions. Data reviewed by de Volkskrant showed the arrested individuals' networks were the most-used in pro-Russ…
'The Gentlemen' RaaS Group Emerges as Second Most Active Ransomware Gang
A new ransomware-as-a-service group called 'The Gentlemen' claimed at least 332 published victims since mid-2025, with more than 240 in 2026 alone, making it the second most active ransomware group by victim count. The group offers affiliates a 90/10 revenue split compared to the industry standard 80/20, attracting experienced operators from competing programs. The group targets internet-facing VPNs and firewalls as entry points and moves quickly to encrypt entire networks within hours.
Oracle PeopleSoft Zero-Day CVE-2026-35273 Exploited by ShinyHunters; University of Nottingham Breached
Oracle addressed CVE-2026-35273 amid reports of zero-day attacks linked to the ShinyHunters group. Mandiant published dedicated research on ShinyHunters targeting the education sector via the Oracle PeopleSoft exploit. The University of Nottingham confirmed a breach with more than 450,000 email addresses leaked. The incident illustrates deliberate targeting of verticals with large data stores and historically slower patch cycles.
Microsoft and Partners Dismantle StealC and Amadey C2 Infrastructure Using AI-Assisted Analysis
Microsoft, Proofpoint, IBM, and Europol dismantled hundreds of command-and-control servers in a coordinated operation targeting the shared infrastructure of Amadey and StealC malware. SC Magazine reported the takedown was assisted by AI analysis and C2 infiltration. The operation represents a significant multi-stakeholder disruption of active infostealer infrastructure and signals that AI is becoming a standard tool for defensive infrastructure disruption operations.
OpenAI Launches 'Patch the Planet' Initiative and GPT-5.5-Cyber as Competitive Counter to Anthropic Mythos
OpenAI launched its 'Patch the Planet' initiative on June 23, 2026, revealing an improved version of GPT-5.5-Cyber to fix open-source software vulnerabilities, framed as a competitive response to Anthropic's Mythos cybersecurity model. Anthropic had progressively expanded Mythos access from approximately 50 to 200 organizations and formally launched Claude Fable 5 with cybersecurity guardrails. The competitive dynamic between major AI labs in the cybersecurity tooling market is a new structural …
CISA Zero Trust Architecture Guide and Five Eyes Joint Advisory Issued in Final Week
CISA published a new Zero Trust Architecture guide on June 24, 2026 and a SASE advisory for federal agencies, representing a shift from patch-mandate enforcement to architectural transformation requirements. The Five Eyes alliance issued a joint cybersecurity statement on June 22, 2026, and CISA published an advisory on June 26, 2026 warning that Russian intelligence services continue to target commercial messaging applications. These coordinated multilateral actions represent a new regulatory p…
MITRE ATT&CK v19 Stable Throughout Month; AI-Specific Techniques Added
MITRE ATT&CK v19, released April 28, 2026, remained the current framework throughout the entire reporting period with a minor v19.1 update also published. The framework contains 949 pieces of software, 178 groups, and 59 campaigns. The structural split of Defense Evasion into Stealth and Defense Impairment tactics, and new techniques including 'Query Public AI Services' and 'Generate Content,' continued to impose an ongoing detection mapping compliance burden on security teams. ATT&CKcon 7.0 is …
Splunk Enterprise RCE CVE-2026-20253 Under Active Attack; SIEM Platform Patching Elevated to Tier-Zero Priority
An unauthenticated remote code execution vulnerability in Splunk Enterprise, CVE-2026-20253, came under active attack as of June 19, 2026. Splunk also patched an OS command injection in its AI Toolkit. Active exploitation of a widely deployed SIEM platform creates a compounding risk: an attacker who compromises the SIEM can suppress alerts, delete logs, and blind defenders while conducting further operations, requiring SIEM platform patching to be treated as a tier-zero security control.
Strategic Insights (5)
- 1.The convergence of AI-assisted low-skill attacker breaches, GreyVibe's parallel attack chains, and CrowdStrike's documented 89% year-over-year increase in AI-powered attacks collectively signal that threat modeling assumptions calibrated against sophisticated adversaries are now structurally insufficient — organizations must recalibrate to assume a much larger and more capable adversary population, and evaluate whether SOC detection and triage capacity can match AI-accelerated attack throughput.
- 2.The Klue-Salesforce-LastPass cascade, the Axios NPM compromise, and the IronWorm npm campaign collectively demonstrate that n-tier supply chain risk is now the primary attack surface expansion vector — organizations should conduct urgent audits of their third-party dependency maps for cascade exposure, implement software composition analysis for top-tier open-source packages, and establish contractual breach notification obligations with all direct suppliers.
- 3.The FortiBleed escalation to 110 million stolen credentials via diagnostic utility abuse, combined with Cisco SD-WAN's seventh exploited zero-day and active Splunk Enterprise RCE exploitation, establishes that perimeter devices and security operations platforms are now high-priority attacker targets requiring emergency-tier patch treatment — organizations should immediately rotate all Fortinet credentials, implement out-of-band monitoring for SD-WAN infrastructure, and treat SIEM patching as a t…
- 4.CISA's BOD 26-04 three-day patching mandate, layered with Cisco SD-WAN emergency directives and a new Zero Trust Architecture guide, signals a regulatory trajectory from incremental compliance toward architectural transformation requirements — private sector organizations aligned with federal supply chains should treat these publications as advance notice of contractual security architecture requirements likely to be imposed within 12–18 months, and begin mapping current architectures against Ze…
- 5.The competitive entry of OpenAI and Anthropic into cybersecurity tooling — with GPT-5.5-Cyber, 'Patch the Planet,' Claude Fable 5, and Mythos 5 — combined with the SailPoint-Entro and 1Password-Apono acquisitions and CrowdStrike's Continuous Identity for AI Agents, signals that non-human identity governance and AI-assisted vulnerability discovery are crystallizing as the two highest-growth product categories in enterprise security for the remainder of 2026, and organizations should initiate inve…
Trust Summary
12 sources cited this weekDetected across 15 monitored URLs you selected — one URL can surface multiple articles.
Each source is weighted by its trust level. Single-source claims are flagged as unverified during AI synthesis.
Sources
Primary source for CVE exploitation reporting, ransomware group tracking, M&A coverage including Accenture-Dragos deal, Microsoft disclosure controversy, and Patch Tuesday analysis throughout the month.
Primary source for Dutch FIOD Stark Industries arrest, 'The Gentlemen' RaaS group emergence, Meta AI support bot exploitation, and Scattered Spider guilty plea reporting.
Primary source for FortiBleed campaign reporting, Splunk Enterprise RCE exploitation, Klue supply chain breach cascade, IronWorm npm campaign, and Cisco SD-WAN zero-day tracking.
Source for 2026 AI Threat Tracker, ShinyHunters Oracle PeopleSoft research, North Korea Axios NPM supply chain attack documentation, and Chinese-language PhaaS evolution analysis.
Source for BOD 26-04 issuance, Fortinet hardening alert, Zero Trust Architecture guide, Five Eyes joint statement, Russian messaging app advisory, FIFA World Cup preparedness resources, and KEV catalog updates.
Source for Kali365 PhaaS warning, Silent Ransom Group advisory, KimWolf botnet arrest, FIFA website spoofing warning, Chinese agent website takedown, and DNS hijacking network disruption reporting.
Source for ALPHV BlackCat sentencings, Romanian national sentencing, Conti member guilty plea, deepfake domain seizures, Huione Group infrastructure seizure, FIFA streaming domain seizures, and ATM jackpotting sentencings.
Source for AI bug-hunting arms race reporting, hotel reservation spear-phishing, TeamPCP open source poisoning, Claude Fable 5 launch, OpenAI Patch the Planet initiative, and LastPass data theft reporting.
Source for GreyVibe AI attack chain corroboration, IronWorm npm campaign, FortiBleed 110 million credential escalation, StealC infrastructure takedown, and CISA BOD 26-04 three-day deadline reporting.
Source for AI-powered adversary attack statistics, Patch Tuesday CVE analysis, Glassworm botnet takedown, agentic MDR launch, Continuous Identity for AI Agents, State of CDR Survey, and 2026 Technology Threat Landscape Report. Note: company announcements may reflect promotional framing.
Source for ATT&CK v19 release details including Defense Evasion tactic split, new AI-specific techniques, framework statistics, and ATT&CKcon 7.0 announcement.
Source for KEV catalog additions including Ivanti Sentry CVE-2026-10520, LiteLLM CVE-2026-42271, PTC Windchill CVE-2026-12569, Trend Micro Apex One CVE-2026-34926, and Fortinet hardening advisory.