Threat Newsletter July 6th 2026

Share
Threat Newsletter July 6th 2026
Photo by sebastiaan stam / Unsplash

This week's landscape was shaped by four pressures: active exploitation of known flaws, AI weaponization, large-scale credential attacks, and major breach fallout. CISA flagged actively exploited vulnerabilities in Windows ("BlueHammer"), Cisco CUCM, and SharePoint, while the FortiBleed campaign — spanning 430,000+ FortiGate devices — was directly linked to the INC Ransom and Lynx ransomware groups. AI tooling emerged as both attack surface and policy flashpoint: developer AI assistants were shown to be exploitable via malicious repositories, and frontier releases from Anthropic and OpenAI collided with US government controls. Identity attacks continued at scale, with 81 million password-spraying attempts against Microsoft 365 bypassing MFA via legacy authentication, and breaches at Aflac Japan (4.38M), Medtronic, and DHS's HSIN platform underscored the ongoing targeting of healthcare, insurance, and government.


CISA: Windows "BlueHammer" Flaw Now Exploited by Ransomware Gangs

CISA confirmed that ransomware operators are now exploiting BlueHammer (CVE-2026-33825), a high-severity Microsoft Defender privilege escalation vulnerability. The flaw was leaked in April by a researcher known as "Nightmare Eclipse" along with proof-of-concept code, and was patched by Microsoft in the April 2026 Patch Tuesday. Exploitation gives local attackers access to the SAM database and a path to SYSTEM privileges, effectively handing over full control of the machine.

Key Takeaways:

  • Patch CVE-2026-33825 immediately if not already done (fixed April 14, 2026).
  • CISA has flagged the flaw as used in ransomware campaigns, elevating urgency beyond the original KEV listing.
  • The same researcher has leaked multiple other Windows/Defender zero-days (RoguePlanet, RedSun, GreenPlasma, MiniPlasma, YellowKey), so expect continued attacker interest in this vulnerability class.
CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks.

CISA Sets Urgent Deadline to Fix Cisco Flaw Exploited in Attacks

CISA gave federal agencies until Sunday, June 28 to patch CVE-2026-20230, a critical server-side request forgery flaw in Cisco Unified Communications Manager that is being actively exploited to write arbitrary files to affected endpoints. CISA also added CVE-2026-12569, a critical RCE in PTC Windchill/FlexPLM product lifecycle management software, with the same deadline.

Key Takeaways:

  • CVE-2026-20230 is remotely exploitable without authentication via crafted HTTP requests; Cisco patched it June 3.
  • Exploitation was observed in the wild by threat detection firm Defused; the actor behind it is unknown.
  • Organizations running PTC Windchill or FlexPLM (common in manufacturing, retail, and apparel) should also patch urgently.
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited.

CISA: Microsoft SharePoint RCE Flaw Now Actively Exploited

CISA warned that attackers are exploiting CVE-2026-45659, a high-severity SharePoint remote code execution flaw stemming from deserialization of untrusted data. Any authenticated user with basic Site Member permissions can trigger it remotely with no user interaction. Microsoft patched it on May 21 for SharePoint 2016, 2019, and Subscription Edition, and Shadowserver is tracking over 10,000 SharePoint servers exposed online.

Key Takeaways:

  • Federal agencies were ordered to patch by Saturday under BOD 26-04's accelerated timelines.
  • Low-privilege authentication is sufficient — internal accounts or stolen credentials give attackers a path to full server compromise.
  • This is the 11th SharePoint flaw added to the KEV catalog since 2021; seven of those were used in ransomware attacks.
CISA: Microsoft SharePoint RCE flaw now actively exploited
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May.

SOCRadar researchers tied the FortiBleed credential-harvesting campaign — which has quietly collected credentials from more than 430,000 FortiGate firewalls across 150+ countries — directly to the INC Ransom and Lynx ransomware operations. A shared operator was found logged into both groups' negotiation panels. The campaign uses a Go-based tool ("FortigateSniffer") that abuses FortiOS's built-in packet diagnostics to passively intercept authentication traffic, requiring no malicious payload.

Key Takeaways:

  • Admin-level access was confirmed on 409 targets; on 354 of those the actors achieved full domain compromise, and at least 12 ransomware deployments have been traced to this access.
  • Exposure to FortiBleed should be treated as a ransomware precursor, not merely a credential-theft issue — FortiGate operators should rotate credentials and hunt for signs of compromise.
  • The operation is professionally structured (~20 people) and reportedly using AI tools for vulnerability research, including at least one undisclosed zero-day under coordinated disclosure.
430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link
FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks.

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Wiz disclosed a high-severity vulnerability (CVE-2026-12957, plus related CVE-2026-12958) in the Amazon Q Developer extension for VS Code. The extension automatically acted on configuration files inside a workspace without user consent, so simply opening a booby-trapped repository could silently run attacker commands and exfiltrate any AWS/cloud credentials loaded in the developer's environment. AWS patched the issue in language server v1.65.0 across VS Code, JetBrains, Eclipse, and Visual Studio plugins.

Key Takeaways:

  • Ensure Amazon Q Developer plugins and the AWS Language Server are updated (auto-update covers most users; reload the IDE to force it).
  • Attack delivery paths include fake coding tests, typosquatted packages, and malicious pull requests — developer workstations remain a prime target for cloud credential theft.
  • Wiz notes the underlying auto-execution problem is not unique to Amazon Q; similar issues affect other AI coding tools.
Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories
Amazon Q vulnerability could allow attackers to steal developer cloud credentials by luring them into opening a booby-trapped code repository

Clean GitHub Repo Tricks AI Coding Agents Into Running Malware

Mozilla's 0DIN researchers demonstrated a proof-of-concept attack in which a completely benign-looking GitHub repository compromises a developer's machine through an AI coding agent (demonstrated with Claude Code). A Python package intentionally errors and instructs the user to run an "init" command; the agent treats this as routine troubleshooting and runs it, which triggers a script that fetches a command from an attacker-controlled DNS TXT record — ultimately spawning a reverse shell with the developer's privileges.

Key Takeaways:

  • The malicious logic lives three indirection steps away from anything the agent evaluates — no malicious code exists in the repo itself, so scanners and reviewers see nothing suspicious.
  • Successful exploitation exposes environment variables, API keys, and local configs, and enables persistence.
  • Treat repos from job postings, tutorials, and DMs with caution, and require AI agents to disclose full execution chains, including dynamically fetched commands.
Clean GitHub repo tricks AI coding agents into running malware
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human reviewers.

OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access

OpenAI previewed GPT-5.6 Sol, which it calls its most capable model for cybersecurity, but restricted early access to a small set of vetted partners at the US government's request. The GPT-5.6 series introduces three tiers (Sol, Terra, Luna). OpenAI says Sol excels at long-horizon vulnerability research yet remains below its "Cyber Critical" preparedness threshold, and ships with its strongest safeguard stack to date, including real-time classifiers and 700,000+ GPU hours of automated red teaming.

Key Takeaways:

  • Government-gated previews of frontier models are becoming a pattern (mirroring the Claude Fable 5 saga), signaling growing regulatory involvement in dual-use AI releases.
  • Sol reportedly matched Anthropic's Mythos Preview on ExploitBench while using roughly a third of the output tokens — capability curves in offensive/defensive security are steepening.
  • Broader availability is expected within weeks; defenders should watch how such tools change both the attacker and defender toolkits.
OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government’s request

Claude Fable 5 Is Back

Anthropic restored global access to Claude Fable 5 on July 1 after the US Commerce Department lifted the emergency export controls it imposed on June 12. The controls followed a report that Amazon researchers had jailbroken the model into identifying software vulnerabilities and, in one case, producing exploit demonstration code. Anthropic countered that many weaker models could do the same, and satisfied regulators by deploying a new safety classifier that blocks the reported technique in over 99% of attempts, routing flagged requests to Claude Opus 4.8.

Key Takeaways:

  • The episode is a first-of-its-kind case of export controls being used to pull a commercial AI model offline, highlighting regulatory volatility for enterprise AI supply chains.
  • The tighter safeguards may increase false positives on legitimate coding, debugging, and security work.
  • Anthropic committed to 24/7 jailbreak monitoring, a HackerOne bounty program for Fable 5 jailbreaks, and pre-release government access for future frontier models.
Anthropic’s long-sidelined Fable 5 is greenlit to return
After Mythos 5’s conditional return, Anthropic’s Fable 5 is back too.

Telegram-Based Millenium RAT Campaign Infects 60,000 Devices

Group-IB reported that Millenium RAT, a cheap malware-as-a-service remote access trojan controlled through the Telegram Bot API, has infected 62,289 Windows devices in more than 160 countries — nearly 40,000 of them in Q1 2026 alone. Version 4 was rewritten from .NET to native C++ to evade weaker detection tools. The RAT steals browser data, logs keystrokes, captures screens/audio, and can encrypt files or trigger blue screens.

Key Takeaways:

  • Pricing starts at $50 for the first month (or $90 lifetime), putting a capable trojan within reach of low-skill attackers.
  • Distribution relies on social engineering — game cheats, cracked software, and hacking tools — and the operators even backdoor other criminals' tools (AsyncRAT, XWorm).
  • No exploits are used; the malware relies on standard Windows functions and a UAC prompt, so user education on unexpected elevation prompts is a key defense.
Telegram-Based Millenium RAT Campaign Infects 60,000 Devices
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries

Hackers Target Microsoft 365 Accounts With 81 Million Login Attempts

Huntress observed an aggressive password-spraying campaign that generated more than 81 million login attempts against Microsoft 365 environments between June 12–26. The attacker authenticated via Azure CLI using breached credential pairs and the legacy ROPC OAuth flow, which bypasses MFA in many misconfigured environments. 78 accounts across 64 organizations were compromised.

Key Takeaways:

  • ROPC sends credentials straight to the token endpoint with no interactive MFA prompt — block legacy/ROPC authentication and enforce MFA on All Cloud Apps, not just selected apps or user groups.
  • Common failure modes: MFA scoped too narrowly, trusted-location exemptions, and Conditional Access policies left in report-only mode.
  • Huntress measured a 155x increase in password-spraying activity; assume breached credentials for your domain are in circulation.
Hackers target Microsoft 365 accounts with 81 million login attempts
An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period.

Another Russian Dairy Producer Disrupted by Cyberattack

A cyberattack disrupted logistics and accounting systems at Ufagormolzavod, a dairy producer in Ufa, Bashkortostan, forcing the company to process shipments and paperwork manually. Production continued, but document processing slowed and the full workforce was mobilized to keep operations running. It's the latest in a string of attacks on Russia's dairy/food sector, including a defacement of state-run Molochnaya Kukhnya the same week and prior LockBit-variant ransomware at the Semyonishna plant.

Key Takeaways:

  • Russia's food and agriculture sector continues to absorb repeated cyber disruptions amid the ongoing cyber conflict; attribution for this incident is unknown.
  • Attacks on supporting IT (logistics, certification, accounting) can disrupt supply chains even when production systems stay online.
  • A useful reminder for any manufacturer: manual fallback procedures materially reduce operational impact.
Another Russian dairy company reportedly disrupted by cyberattack
A dairy products manufacturer in Russia’s republic of Bashkortostan is the latest such company to have its operations snarled by a cyberattack.

Aflac Japan Data Breach Impacts 4.38 Million

Aflac Life Insurance Japan disclosed that attackers accessed its systems multiple times between June 15 and June 25, exfiltrating personal data of roughly 4.38 million customers and agents from its policyholder portal. Compromised data includes names, addresses, phone numbers, birth dates, gender, security information, and insurance account details; premium transfer account data for about 230,000 people was also taken, though no credit card data was accessed.

Key Takeaways:

  • The incident is limited to Aflac Japan systems; US operations were not affected per the company's SEC filing.
  • At least five customer-facing services were suspended with no restoration timeline, showing the operational cost beyond data loss.
  • Customers should expect individualized notification letters and be alert for targeted phishing exploiting the stolen insurance details.
Aflac Japan Data Breach Impacts 4.38 Million
Aflac Life Insurance Japan announced a data breach that likely affected the personal information of 4.38 million customers.

DHS Confirms Hackers Breached HSIN Info-Sharing Platform

DHS confirmed a cyberattack compromised the Homeland Security Information Network (HSIN), the sensitive-but-unclassified platform used by federal, state, local, and private-sector partners to share threat information. The intrusion, believed to have occurred between late May and early June, targeted HSIN servers and a SharePoint collaboration system. DHS says classified networks were not impacted and the platform remains operational, but attribution and whether documents were stolen remain unclear.

Key Takeaways:

  • With the US hosting World Cup security operations, the breach raises concerns about exposure of event security planning and interagency coordination data.
  • HSIN previously exposed restricted intel data in 2023 via a contractor misconfiguration — a repeat incident pattern worth watching.
  • Even "unclassified" information-sharing platforms hold data that's highly valuable for adversary targeting and reconnaissance.
DHS confirms hackers breached HSIN info-sharing platform
The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state, local, and private-sector partners.

Medtronic Warns Patients Cybercriminals May Have Stolen Health Data

Medical device giant Medtronic began notifying patients that personal and health information may have been taken in an April cyberattack, in which intruders had access to parts of its corporate network from April 13–19. Exposed data may include names, contact details, birth dates, Social Security numbers, and health information. The ShinyHunters extortion group had listed Medtronic on its leak site claiming 9 million+ records before quietly removing the entry — a pattern often associated with a paid deal, though Medtronic's notice makes no mention of extortion.

Key Takeaways:

  • Device functionality, manufacturing, and patient care were not affected — network segmentation protected operational systems, but not the personal data in corporate IT.
  • Notifications came more than two months after detection, and key details (victim count, initial access vector) remain undisclosed.
  • Affected individuals are being offered two years of credit monitoring and identity restoration; healthcare-adjacent PII remains a top extortion commodity.
Pacemaker manufacturer Medtronic warns patients cybercrooks may have swiped health data
Company that also makes insulin pumps and other devices tells users what was exposed months after ShinyHunters attack

WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy

WhatsApp opened global reservations for usernames, a privacy feature launching later this year that lets users communicate without revealing their phone numbers. There is no public directory or suggestion algorithm — contacts must know the exact username — and an optional "username key" requires a secondary credential before someone can message a user. Reservations are available via Settings > Account > Username.

Key Takeaways:

  • Reduces phone-number exposure in group chats, professional contexts, and interactions with strangers/businesses — useful for reducing SIM-swap and smishing targeting.
  • Creators and businesses can claim their existing Instagram/Facebook handles for consistency.
  • WhatsApp follows Signal, which has offered username-based privacy since 2024.
WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy
WhatsApp is accepting reservations for usernames, a privacy feature that allows users to communicate without exposing their phone numbers.

DHS to Unveil Replacement Council for Critical Infrastructure Cybersecurity

DHS is launching ANCHOR-CI, a CISA-managed program to restore government–industry cybersecurity information sharing more than a year after the Critical Infrastructure Partnership Advisory Council (CIPAC) was disbanded. The body will include sector councils, cross-sector councils for emerging threats, industry councils, and regional coordinating councils, and will be exempt from the Federal Advisory Committee Act's transparency requirements.

Key Takeaways:

  • Critical infrastructure operators regain a formal channel to coordinate with CISA, FBI, and the intelligence community on threats and vulnerabilities.
  • Unlike CIPAC, CISA will directly appoint members, raising questions from former officials about consistent, administration-independent participation processes.
  • The FACA exemption means key meetings will occur outside public transparency laws, framed as necessary for sensitive risk discussions.
DHS to unveil replacement council for critical infrastructure cybersecurity
DHS is launching ANCHOR-CI, a new CISA-managed program to revive critical infrastructure cybersecurity information sharing after a year-long gap.

UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks

SonicWall's IPS sensors across UK healthcare clients recorded 264,000 attack events in the first five months of 2026 versus just 27,000 in all of 2025 — more per sensor than any other vertical. 41% of events were attempts to exploit Log4Shell (patched in 2021), a third of sensors saw F5 BIG-IP authentication bypass attempts, and attackers are also probing a critical RCE in React.js ("React2Shell") found in newly deployed patient portals.

Key Takeaways:

  • Healthcare's "zombie tech" problem — deeply embedded Java clinical middleware that can't be patched on normal cycles — remains the top attack vector.
  • The rush to digitize is opening brand-new web vulnerabilities in patient portals while legacy exposure persists, and attackers are scanning for both.
  • The surge may reflect newly exposed internet-facing infrastructure and possibly intensified targeting from Iran; the NCSC has published a resilience plan for the sector.
UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks
SonicWall records 264,000 events in first five months of 2026 as UK hospitals come under siege

Apple Hide My Email Bug Seemingly Allows 100% of Real Email Addresses to Be Discovered

A researcher from EasyOptOuts went public with a privacy flaw in Apple's Hide My Email feature that allows an attacker to uncover the real email address behind generated aliases — reportedly with a 100% success rate in testing. The issue was reported to Apple over a year ago; Apple claimed a fix in March that didn't hold, and the bug remained exploitable when 404 Media independently verified it. Technical details are being withheld since the flaw is still live.

Key Takeaways:

  • Users relying on Hide My Email for anonymity (e.g., to avoid tracking, stalking, or spam correlation) should assume their real address may be discoverable until Apple ships a working fix.
  • The disclosure timeline — over a year with a failed patch — is a notable vendor-response failure for a privacy-marketed feature.
  • Apple is separately moving Hide My Email to a new shared domain (private.icloud.com), which raises its own blocking concerns.
Apple’s Hide My Email feature has a bug that’s been exposing real email addresses, researcher claims | TechCrunch
Research appears to reveal a bug that could render the feature effectively useless.

Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

Microsoft rolled out a new Teams admin policy giving organizations visibility and control over external bots (like AI notetakers) joining meetings. By default, Teams now detects suspected bots, holds them in the lobby, visually labels them, and requires explicit organizer approval — even when lobby bypass is enabled. Vendors can register bots with self-identification markers, and unregistered bots are grouped under "Suspected threats" in the lobby.

Key Takeaways:

  • Unmanaged AI meeting bots pose data leakage risks in sensitive meetings; this closes a growing gap in meeting hygiene.
  • Admins can assign the policy per user/group via the Teams Admin Center; there's no one-click "Admit" for identified bots, and "Admit all" warns when bots are included.
  • Microsoft is retiring CAPTCHA verification in favor of behavioral and infrastructure-based bot detection.
Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings
Microsoft has rolled out new bot protections for Team meetings to provide organizations with increased visibility and control.

Card Data Theft Remains Top Concern for US Consumers

A Capco survey found the fraud types most worrying US consumers are card/card data theft (46%), identity theft (44%), unauthorized purchases (40%), and account takeover (35%). Nearly half (49%) experienced attempted payment fraud in the past two years. While 90% remain confident their financial institution will protect them, 69% are concerned about deepfakes undermining voice and facial biometrics, and 89% worry online personal data makes impersonation easier.

Key Takeaways:

  • Consumer trust in banks remains high, but confidence in biometric authentication is eroding as AI-enabled fraud grows.
  • Unauthorized purchases (45%) and phishing (36%) were the most commonly experienced fraud types.
  • Financial institutions should expect rising customer demand for layered authentication that doesn't rely solely on voice/face biometrics.
Card Data Theft Remains Top Concern for US Consumers
According to a recent survey by Capco, the fraud types that most concern US consumers are card and card data theft (46%), identity theft (44%), purchases they did not make (40%) and account takeover (35%).