Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Google’s Continued Disruption of Malicious Residential Proxy Networks

    July 2, 2026

    Google loses final appeal to overturn €4.1 billion EU fine

    July 2, 2026

    Companies Are Throttling Employees’ AI Use Because It’s Too Expensive

    July 2, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Infosec News Nuggets — July 1, 2026 – AboutDFIR
    News

    Infosec News Nuggets — July 1, 2026 – AboutDFIR

    adminBy adminJuly 1, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts — A massive, ongoing automated password spray campaign targeting Microsoft’s Azure CLI compromised at least 78 accounts across 64 organizations between June 12 and June 26, making more than 81 million login attempts. The threat actor, operating from IPv6 space controlled by infrastructure provider LSHIY LLC, weaponized a deprecated OAuth flow called Resource Owner Password Credentials (ROPC) to bypass Conditional Access Policies — including those with MFA enabled — because ROPC doesn’t route through the authorization endpoint where such policies are enforced. Many of the credentials used were old, previously breached, and never rotated. Organizations are urged to require MFA for all users and all cloud apps, restrict Azure CLI for non-admin users, and audit their Conditional Access policies to ensure legacy auth flows are not inadvertently left open.

     

    Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets — Russia-linked APT Turla — also known as Snake and linked to Russia’s FSB — has been deploying a previously undocumented .NET backdoor called StockStay against Ukrainian government and military organizations, according to Google Threat Intelligence Group. Under development since at least 2022, the multi-component implant initially posed as a stock market data tool before evolving into disguises like PDF viewers and calculators; it communicates via encrypted WebSockets and supports file exfiltration, screen capture, registry modification, and a self-destruct capability. The group has delivered it through phishing emails exploiting a WinRAR vulnerability (CVE-2025-8088) and via malicious RDP configuration files, with early activity also targeting foreign affairs ministries and diplomatic institutions across Italy, the Netherlands, Poland, and Germany.

     

    CISA Sets Urgent Deadline to Fix Cisco Flaw Exploited in Attacks — CISA added CVE-2026-20230, a critical server-side request forgery (SSRF) flaw in Cisco Unified Communications Manager Server, to its Known Exploited Vulnerabilities catalog after threat actors were observed exploiting it to write arbitrary files to affected systems. Cisco had patched the vulnerability on June 3 and warned at the time that a proof-of-concept exploit existed; active exploitation was confirmed shortly before CISA issued its directive giving federal agencies until June 28 to remediate. In the same KEV update, CISA also flagged CVE-2026-12569, a critical remote code execution flaw in PTC Windchill and FlexPLM product lifecycle management software stemming from deserialization of untrusted data, affecting multiple release branches up through version 13.0.

     

    China-Linked Group Targets Southeast Asia Critical Systems — Palo Alto Networks’ Unit 42 researchers have detailed operations by a China-linked threat group, CL-STA-1062, that has pivoted from targeting Taiwanese web-hosting infrastructure to successfully compromising at least 10 critical infrastructure providers and government entities across Southeast Asia, including electricity and water utilities. The group deploys a novel, lightweight C# backdoor called TinyRCT — not derived from any known toolset — which supports remote command execution, data exfiltration, and a self-destruct mechanism designed to erase forensic evidence upon detection. Researchers remain uncertain whether CL-STA-1062 is conducting full espionage operations or acting as an initial access broker handing off footholds to downstream groups, as some intrusions ended after reconnaissance while others progressed to data exfiltration across multiple victim organizations in the same country.

     

    OpenAI Expands Daybreak to Help Defenders Patch Flaws — OpenAI has moved its cyber-defense program Daybreak from preview to a broader release, centering the expansion on patch automation and arguing that AI has shifted the hardest security challenge from finding vulnerabilities to fixing them. The company released the full version of GPT-5.5-Cyber — restricted to verified defenders with extra monitoring — which scored 85.6% on CyberGym, a benchmark for reproducing known vulnerabilities, outperforming the standard GPT-5.5 model. Alongside the model release, OpenAI reported its Codex Security tool has scanned over 30 million commits across 30,000 codebases since March, logging more than 500,000 fixed findings, and launched Patch the Planet — a new initiative with Trail of Bits and others to direct the same tooling at over 30 open-source projects including cURL, Go, and Python.

     



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleDHS confirms hackers breached HSIN info-sharing platform
    Next Article Podcast: The AI Tokenpocalypse Is Here
    admin
    • Website

    Related Posts

    News

    Google’s Continued Disruption of Malicious Residential Proxy Networks

    July 2, 2026
    News

    Google loses final appeal to overturn €4.1 billion EU fine

    July 2, 2026
    News

    Companies Are Throttling Employees’ AI Use Because It’s Too Expensive

    July 2, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Our Picks

    Google’s Continued Disruption of Malicious Residential Proxy Networks

    July 2, 2026

    Google loses final appeal to overturn €4.1 billion EU fine

    July 2, 2026

    Companies Are Throttling Employees’ AI Use Because It’s Too Expensive

    July 2, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.