Cyber Threat Brief

Carolina Clear Tech, LLC

Your daily cybersecurity briefing. Vulnerabilities, ransomware, threat actors, and patches that matter, explained for IT professionals and business leaders protecting small and mid-sized organizations. From Carolina Clear Tech.

  1. 2d ago

    2026-07-08: CISA added four actively exploited flaws to the KEV catalog with Adobe ColdFusion attacks starting

    Show Notes - 2026-07-08 Stories Covered: - July 8, 2026 - Today: - CISA Adds Four Actively Exploited Vulnerabilities to KEV (CVE-2026-48282, CVE-2026-56290, CVE-2026-55255, CVE-2026-48908) (https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html) - Critical Gitea Flaw Under Active Exploitation (CVE-2026-20896) (https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/) - GhostLock: 15-Year-Old Linux Kernel Flaw Enables Root and Container Escape (CVE-2026-43499) (https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html) - DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts (https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html) - China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware (https://thehackernews.com/2026/07/china-linked-uat-7810-expands-orb.html) - Vidar Stealer Campaign Uses Code Signing Abuse, Go Loaders, and File Inflation (https://unit42.paloaltonetworks.com/vidar-stealer-xmrig-miner-campaign-analysis/) - RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service (https://thehackernews.com/2026/07/redwing-maas-packages-android-bank.html) - Big Brand Jobs Scam Targets Marketing Pros' Google Accounts (https://www.darkreading.com/cyberattacks-data-breaches/big-brand-jobs-scam-marketing-pros-google-accounts) - Fake IT Support on Microsoft Teams Coaxes Workers Into Installing Malware (https://www.theregister.com/cyber-crime/2026/07/07/fake-it-bods-on-microsoft-teams-coax-workers-into-installing-malware/5267610) - The Ghost in the Database: Recovering Active ADFS Signing Keys via Machine DPAPI (https://cloud.google.com/blog/topics/threat-intelligence/recovering-active-adfs-signing-keys-machine-dpapi/) - Microsoft Flips Windows Backup to On by Default Unless You're in the EU (https://www.theregister.com/systems/2026/07/07/microsoft-flips-windows-backup-to-on-by-default-unless-youre-in-the-eu/5267664) - Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots (https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html) - Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data (GitLost) (https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html) - What Changes When Your Software Supply Chain Includes AI Writing Your Code? (https://thehackernews.com/2026/07/what-changes-when-your-software-supply.html) - Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants (WriteOut) (https://thehackernews.com/2026/07/writer-ai-flaw-could-let-agent-previews.html) - CrowdStrike Uncovers New Prompt Injection Techniques (https://www.crowdstrike.com/en-us/blog/crowdstrike-uncovers-new-prompt-injection-techniques/) - Hydro-Québec Le Circuit Electrique Charging Station Backend (CVE-2026-20744, CVE-2026-42952, CVE-2026-44383) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01) - Hitachi Energy e-mesh EMS (CVE-2026-42945) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-03) - Siemens SINEC OS (CVE-2025-6052, CVE-2025-7039, CVE-2025-1376, CVE-2025-1352, CVE-2025-6170, CVE-2025-6141) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-05) - Hitachi Energy PROMOD V (CVE-2026-10763) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-02) - Siemens Mendix Studio Pro (CVE-2026-48192) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-04) - Labcenter Proteus 9 (CVE-2026-49033, CVE-2026-42953, CVE-2026-42958) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-06) - Digi International PortServer TS, Digi One SP IA (CVE-2026-12948, CVE-2026-12352) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-07) CVEs Referenced: CVE-2020-22653, CVE-2020-22658, CVE-2023-25717, CVE-2025-1352, CVE-2025-1376, CVE-2025-2492, CVE-2025-6052, CVE-2025-614 ...

    45 min
  2. 3d ago

    2026-07-07: Oracle E-Business Suite faces active exploitation via CVE-2026-46817 affecting 950 instances

    Show Notes - 2026-07-07 Stories Covered: - July 7, 2026 - Today: - Oracle E-Business Suite Remote Code Execution (CVE-2026-46817) (https://research.checkpoint.com/2026/6th-july-threat-intelligence-report-2/) - Linux Kernel KVM Guest-to-Host Escape (CVE-2026-53359) (https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html) - Citrix NetScaler Memory Disclosure Under Active Exploitation (CVE-2026-8451) (https://research.checkpoint.com/2026/6th-july-threat-intelligence-report-2/) - Progress Kemp LoadMaster OS Command Injection (CVE-2026-8037) (https://research.checkpoint.com/2026/6th-july-threat-intelligence-report-2/) - Linux Bad Epoll Privilege Escalation (CVE-2026-46242) (https://research.checkpoint.com/2026/6th-july-threat-intelligence-report-2/) - Langflow Unauthenticated RCE (CVE-2025-3248) (https://www.darkreading.com/cyberattacks-data-breaches/jadepuffer-first-complete-llm-driven-ransomware-attack) - JadePuffer: First Fully Autonomous LLM-Driven Ransomware (https://www.darkreading.com/cyberattacks-data-breaches/jadepuffer-first-complete-llm-driven-ransomware-attack) - Ransomware Incidents This Week (https://research.checkpoint.com/2026/6th-july-threat-intelligence-report-2/) - Aflac Japan Data Breach (https://research.checkpoint.com/2026/6th-july-threat-intelligence-report-2/) - BeyondTrust Remote Support and PRA Critical Auth Bypass Flaws (CVE-2026-40138, CVE-2026-40139) (https://thehackernews.com/2026/07/beyondtrust-patches-critical-auth.html) - Gitea Docker Authentication Bypass Under Probing (CVE-2026-20896) (https://thehackernews.com/2026/07/threat-actors-probe-gitea-docker-flaw.html) - NetNut/Popa Residential Proxy Botnet Disrupted (https://thehackernews.com/2026/07/monday-recap-proxy-botnets-browser.html) - Navigate360 Anonymous Tip System Breach - Three Months Without Notification (https://databreaches.net/2026/07/06/the-anonymous-tip-system-that-wasnt-three-months-later-why-hasnt-navigate360-notified-anyone/?pk_campaign=feed&pk_kwd=the-anonymous-tip-system-that-wasnt-three-months-later-why-hasnt-navigate360-notified-anyone) - China-Nexus Threat Actors Target Universities via Roundcube Exploits (https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html) - China-Nexus Hackers Target Indian Taxpayers with DcRAT (https://thehackernews.com/2026/07/suspected-china-nexus-hackers-use-fake.html) - North Korean PolinRider Supply Chain Campaign Targets Developers (https://www.securityweek.com/north-korean-hackers-target-open-source-developers-in-supply-chain-attacks/) - Veil#Drop Framework Delivers PureLog Stealer via Blogspot (https://www.securityweek.com/blogspot-hosted-payloads-delivered-in-veildrop-attacks/) - ChocoPoC RAT Targets Vulnerability Researchers via Fake GitHub PoCs (https://thehackernews.com/2026/07/monday-recap-proxy-botnets-browser.html) - UAT-7810 ORB Network Infrastructure (https://blog.talosintelligence.com/uat-7810/) - Cavern Manticore: Iran-Linked Modular C2 Framework Targets Israel (https://thehackernews.com/2026/07/iran-linked-hackers-use-new-cavern-c2.html) - Browser-Native Ransomware Technique Using Chrome File System Access API (https://research.checkpoint.com/2026/6th-july-threat-intelligence-report-2/) - AI Coding Agents Fail Shell Command Injection Tests (https://research.checkpoint.com/2026/6th-july-threat-intelligence-report-2/) - LLM Phantom Squatting Exploited for Phishing (https://research.checkpoint.com/2026/6th-july-threat-intelligence-report-2/) - WhatsApp Usernames Raise Impersonation Concerns (https://thehackernews.com/2026/07/monday-recap-proxy-botnets-browser.html) - 19-Year-Old Scattered Spider Suspect Extradited to U.S. (https://thehackernews.com/2026/07/monday-recap-proxy-botnets-browser.html) - Tenda Router Hidden Admin Backdoor (CVE-2026-11405) (https://thehackernews.com/2026/07/certcc-warns-of-hidden-admin-backdoor.html) - Alberta Centur ...

    38 min
  3. 4d ago

    2026-07-06: Microsoft SharePoint zero-day under active attack after patches failed to fix the vulnerability

    Show Notes - 2026-07-06 Stories Covered: - Date: - Today: - Microsoft Patches Failed to Fix On-Prem SharePoint, Now Under Zero-Day Attack (https://www.theregister.com/security/2026/07/05/mfa-optional-banks-leave-safe-doors-and-accounts-wide-open-for-thieves-to-pillage/5266161) - Device Code Phishing Attack via Microsoft Website (https://securelist.com/microsoft-device-code-phishing-attack/120350/) - SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners (https://thehackernews.com/2026/07/new-skillcloak-technique-lets-malicious.html) - Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data (https://thehackernews.com/2026/07/opera-gx-flaw-let-malicious-sites-auto.html) - Russians Posing as Signal Support to Launch Phishing Attacks (https://www.theregister.com/security/2026/07/05/mfa-optional-banks-leave-safe-doors-and-accounts-wide-open-for-thieves-to-pillage/5266161) - TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions (https://thehackernews.com/2026/07/new-trojpix-attack-leaks-data-from-air.html) - MFA-Optional Banks Leave Accounts Wide Open for Thieves (https://www.theregister.com/security/2026/07/05/mfa-optional-banks-leave-safe-doors-and-accounts-wide-open-for-thieves-to-pillage/5266161) - Android 17 Drops PIN Guessing Limit from 1,800 Attempts to 20 (https://news.risky.biz/risky-bulletin-android-drops-pin-guessing-limit-from-1-800-attempts-to-just-20/) - DEF CON Franklin Project Enlists Hackers to Harden Critical Infrastructure (https://www.theregister.com/security/2026/07/05/mfa-optional-banks-leave-safe-doors-and-accounts-wide-open-for-thieves-to-pillage/5266161) - EQT Buys Majority Share in Swiss Cybersecurity Firm Acronis (https://www.theregister.com/security/2026/07/05/mfa-optional-banks-leave-safe-doors-and-accounts-wide-open-for-thieves-to-pillage/5266161) - AdaptHealth Discloses Breach to SEC (https://news.risky.biz/risky-bulletin-android-drops-pin-guessing-limit-from-1-800-attempts-to-just-20/) - Grand Line Hacked by Ukrainian Hacktivists (https://news.risky.biz/risky-bulletin-android-drops-pin-guessing-limit-from-1-800-attempts-to-just-20/) - Alibaba Bans Employees from Using Claude (https://news.risky.biz/risky-bulletin-android-drops-pin-guessing-limit-from-1-800-attempts-to-just-20/) - New Java-Based QuimaRAT MaaS Built for Cross-Platform Targeting (https://thehackernews.com/2026/07/new-java-based-quimarat-maas-built-to.html) Full brief: https://carolinacleartech.com/brief/2026-07-06/

    14 min
  4. 6d ago

    2026-07-04: A new Linux kernel privilege escalation bug called Bad Epoll achieves root from unprivileged

    Show Notes - 2026-07-04 Stories Covered: - Today: - Bad Epoll Linux Kernel Privilege Escalation (CVE-2026-46242) (https://thehackernews.com/2026/07/new-bad-epoll-linux-kernel-flaw-lets.html) - First Fully Autonomous AI Ransomware Attack via Langflow (https://www.securityweek.com/agentic-ai-used-to-conduct-ransomware-attack-via-langflow/) - Avalon Malware Framework Packs CrownX Ransomware (https://thehackernews.com/2026/07/new-avalon-malware-framework-packs.html) - Shun Hing Group Breach Affects 920,000 Customers (https://databreaches.net/2026/07/03/hk-shun-hing-group-data-breach-affects-920000-customers-1-05m-files-encrypted-in-cyber-attack/?pk_campaign=feed&pk_kwd=hk-shun-hing-group-data-breach-affects-920000-customers-1-05m-files-encrypted-in-cyber-attack) - North Korea npm Campaign Mimics Rollup Polyfills (https://thehackernews.com/2026/07/north-korea-linked-npm-packages-mimic.html) - Seven Unpatched Flaws in FatFs Filesystem Affect Millions of Embedded Devices (https://thehackernews.com/2026/07/unpatched-flaws-disclosed-in-filesystem.html) - Chinese LLMs GLM 5.2 and Tulongfeng Close the Gap in Vulnerability Discovery (https://www.darkreading.com/cyber-risk/chinese-llms-broaden-gap-between-attackers-and-defenders) - Russians Pose as Signal Support to Steal Backup Keys (https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-27-7/) - AdaptHealth Data Breach via Social Engineering (https://www.theregister.com/security/2026/07/03/adapthealth-crooks-stole-our-passwords-patient-health-data/5266512) - Google and FBI Target 2 Million-Device NetNut Botnet (https://www.theregister.com/security/2026/07/03/netnut-cracked-as-google-and-fbi-target-2-million-device-botnet/5266414) - Armored Likho Targets Government and Power Sector with BusySnake Stealer (https://thehackernews.com/2026/07/armored-likho-targets-government.html) - Week in Brief: Anonymous Hacker Jailed, KDDI Breach, Push Security Poisoned Tenant Attack, Russian Hackers Behind Jaguar Land Rover Breach, Pegasus Spyware Targeted EU Investigator, LLM Fuzzing Yields Dozens of Zero-Days (https://www.securityweek.com/in-other-news-canadian-hacker-jailed-open-source-zero-days-two-sentenced-for-atm-jackpotting/) - European Parliament Member Investigating Pegasus Was Hacked With Pegasus (https://thehackernews.com/2026/07/european-parliament-member.html) - Microsoft Edge Chromium CVEs (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-13933) CVEs Referenced: CVE-2021-29441, CVE-2025-3248, CVE-2025-9491, CVE-2026-13775, CVE-2026-13776, CVE-2026-13780, CVE-2026-13790, CVE-2026-13801, CVE-2026-13820, CVE-2026-13860, CVE-2026-13886, CVE-2026-13933, CVE-2026-14082, CVE-2026-14125, CVE-2026-14153, CVE-2026-31431, CVE-2026-43074, CVE-2026-46242, CVE-2026-53223, CVE-2026-55945, CVE-2026-6682, CVE-2026-6683, CVE-2026-6684, CVE-2026-6685, CVE-2026-6686, CVE-2026-6687, CVE-2026-6688 Indicators of Compromise: Domains: 236[.]244, 236[.]244. Full brief: https://carolinacleartech.com/brief/2026-07-04/

    22 min
  5. Jul 3

    2026-07-03: Anubis ransomware exploits Citrix Bleed 2 with CISA-mandated July 11 deadline

    Show Notes - 2026-07-03 Stories Covered: - Today: - Citrix Bleed 2 Exploited in Anubis Ransomware Campaigns (CVE-2025-5777) (https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html) - FortiBleed Feeds Ransomware Operations (Inc, Lynx) (https://www.darkreading.com/threat-intelligence/fortibleed-actors-inc-lynx-ransomware-gangs) - SharePoint On-Premises RCE Added to CISA KEV (https://www.theregister.com/security/2026/07/02/microsoft-said-exploitation-was-less-likely-but-cisa-just-added-sharepoint-rce-to-kev-list/5265886) - Interpol Impersonation Campaign Targets Small Business (https://www.darkreading.com/cyberattacks-data-breaches/attackers-use-interpol-lure-target-small-businesses) - AI Agent Conducts End-to-End Ransomware Attack (https://www.theregister.com/security/2026/07/02/smooth-ai-criminal-drives-first-end-to-end-agentic-ransomware-attack/5266073) - Google Disrupts NetNut Residential Proxy Network (https://cloud.google.com/blog/topics/threat-intelligence/google-continued-disruption-residential-proxy-networks/) - SIEM Data Volume Becomes Liability (https://www.darkreading.com/cyber-risk/too-much-security-data-risk) - Cursor AI IDE Sandbox Escape (CVE-2026-50548, CVE-2026-50549) (https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/) - macOS PamStealer Uses PAM Validation (https://thehackernews.com/2026/07/pamstealer-uses-fake-maccy-sites-and.html) - FatFs Filesystem Vulnerabilities (Seven CVEs) (https://news.risky.biz/risky-bulletin-fatfs-bugs-enable-physical-access-attacks-on-a-load-of-devices/) - ST Engineering iDirect iQ-Series Terminals (CVE-2026-38059, CVE-2026-38057) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01) - Gardyn IoT Hub (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03) - Additional Microsoft CVE Publications (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-14164) - Claude Cowork Sandbox Root Escape (https://thehackernews.com/2026/07/threatsday-ai-compute-hijacking-apple.html) - Apple Hide My Email Vulnerability (https://thehackernews.com/2026/07/threatsday-ai-compute-hijacking-apple.html) - BeepRAT Distributed via Chinese Utility (https://thehackernews.com/2026/07/threatsday-ai-compute-hijacking-apple.html) CVEs Referenced: CVE-2025-5777, CVE-2026-13768, CVE-2026-14164, CVE-2026-14258, CVE-2026-38057, CVE-2026-38059, CVE-2026-50521, CVE-2026-50548, CVE-2026-50549, CVE-2026-52911, CVE-2026-52944, CVE-2026-53046, CVE-2026-54477, CVE-2026-55726 Indicators of Compromise: Domains: maccyapp[.]com, avenger-sync[.]live, maccy[.]app IPs: 4.5.2.2, 4.5.2.1 Full brief: https://carolinacleartech.com/brief/2026-07-03/

    24 min
  6. Jul 2

    2026-07-02: SharePoint RCE hits CISA's known exploited list with a Friday deadline

    Show Notes - 2026-07-02 Stories Covered: - July 2, 2026 - Today: - SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation (https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html) - Microsoft Uncovers Parallel Threat Activity from 2 Clusters (https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html) - FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations (https://thehackernews.com/2026/07/fortibleed-credential-theft-linked-to.html) - AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack (https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html) - AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android (https://thehackernews.com/2026/07/ai-generated-browser-ransomware-abuses.html) - Missed Incidents and Persistent Threats: Insights from Compromise Assessment Projects (https://securelist.com/compromise-assessment-findings-2025/120542/) - New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos (https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html) - Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts (https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html) - Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters (https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html) - Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS (https://www.darkreading.com/application-security/phishing-campaigns-auto-adapt-victims-device-os) - This phishing kit looks more like BEC-as-a-service (https://cyberscoop.com/artoken-bec-platform-cisco-talos/) - Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings (https://www.securityweek.com/microsoft-adds-new-teams-controls-to-block-unauthorized-ai-bots-from-meetings/) - Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic (https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html) - Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands (https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html) - And the Winner in Dominant Malware Delivery? ClickFix (https://www.darkreading.com/vulnerabilities-threats/winner-dominant-malware-delivery-clickfix) - 19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges (https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html) - Microsoft Accelerates Post-Quantum Cryptography Shift to 2029 (https://thehackernews.com/2026/07/microsoft-accelerates-post-quantum.html) CVEs Referenced: CVE-2021-29441, CVE-2024-1212, CVE-2024-31989, CVE-2025-11371, CVE-2025-14847, CVE-2025-3248, CVE-2025-55182, CVE-2025-64446, CVE-2026-0257, CVE-2026-10520, CVE-2026-35616, CVE-2026-45659, CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48282, CVE-2026-48283, CVE-2026-48286, CVE-2026-48313, CVE-2026-48315, CVE-2026-48316, CVE-2026-48908, CVE-2026-50548, CVE-2026-50549, CVE-2026-50751, CVE-2026-8037 Indicators of Compromise: IPs: 91.132.163.78, 192.42.116.58, 192.42.116.105, 146.70.139.154 Full brief: https://carolinacleartech.com/brief/2026-07-02/

    28 min
  7. Jul 1

    2026-07-01: Citrix patches a high-severity NetScaler memory disclosure flaw reminiscent of CitrixBleed

    Show Notes - 2026-07-01 Stories Covered: - Today: - Langflow RCE Actively Exploited for Cryptocurrency Mining (CVE-2026-33017, CVE-2025-3248) (https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html) - Citrix NetScaler SAML Memory Disclosure Flaw (CVE-2026-8451) (https://cyberscoop.com/citrix-netscaler-flaw-cve-2026-8451-citrixbleed/) - Anonymous Researcher Drops 15+ Zero-Day Exploits Without Vendor Notification (https://news.risky.biz/risky-bulletin-researcher-drops-giant-cache-of-zero-day-exploits/) - Massive Azure CLI Password Spray Bypasses MFA via ROPC Flow (https://www.securityweek.com/massive-password-spray-campaign-targeting-azure-cli/) - EvilTokens Affiliate Panel Targeting Microsoft 365 (ARToken) (https://blog.talosintelligence.com/artoken-inside-an-eviltokens-affiliate-panel-targeting-microsoft-365/) - AI-Hallucinated Domains as Software Supply Chain Attack Vector (Phantom Squatting) (https://unit42.paloaltonetworks.com/phantom-squatting-hallucinated-web-domains/) - DHS HSIN Network Breach (https://news.risky.biz/risky-bulletin-researcher-drops-giant-cache-of-zero-day-exploits/) - Microsoft Defender Extends Endpoint Protection to Local AI Agents (https://www.microsoft.com/en-us/security/blog/2026/06/30/whats-new-in-microsoft-security-june-2026/) - Podman Host Environment Variable Leakage (CVE-2026-57231) (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57231) - Multiple Cryptographic Library Vulnerabilities (https://msrc.microsoft.com/update-guide/) - KubeVirt Virtualization Vulnerabilities (https://msrc.microsoft.com/update-guide/) - GLib Library Vulnerabilities (https://msrc.microsoft.com/update-guide/) - NGINX and Node.js Package Vulnerabilities (https://msrc.microsoft.com/update-guide/) - Browser Security Beyond Zero-Days (https://www.crowdstrike.com/en-us/blog/browser-security-zero-days-are-only-part-of-the-problem/) - Huntress CEO Addresses Threat Hunter Judgment Call (https://www.theregister.com/security/2026/06/30/huntress-ceo-says-threat-hunter-used-poor-judgment-in-alerting-ransomware-crim-about-law-enforcement-probe/5264532) CVEs Referenced: CVE-2025-3248, CVE-2026-10592, CVE-2026-11703, CVE-2026-12340, CVE-2026-13208, CVE-2026-13218, CVE-2026-13322, CVE-2026-13325, CVE-2026-3055, CVE-2026-33017, CVE-2026-42055, CVE-2026-48779, CVE-2026-55958, CVE-2026-55960, CVE-2026-55961, CVE-2026-55962, CVE-2026-55964, CVE-2026-57062, CVE-2026-57231, CVE-2026-57918, CVE-2026-58010, CVE-2026-58011, CVE-2026-58012, CVE-2026-58013, CVE-2026-58014, CVE-2026-58015, CVE-2026-58016, CVE-2026-6291, CVE-2026-6329, CVE-2026-6412, CVE-2026-6450, CVE-2026-6731, CVE-2026-7532, CVE-2026-8451 Indicators of Compromise: Domains: 209[.]214 Full brief: https://carolinacleartech.com/brief/2026-07-01/

    24 min

About

Your daily cybersecurity briefing. Vulnerabilities, ransomware, threat actors, and patches that matter, explained for IT professionals and business leaders protecting small and mid-sized organizations. From Carolina Clear Tech.