AI Attacks Escalate, Zero-Days Exploit, and Supply Chain Risks Dominate Cybersecurity News

Publication Date: July 4, 2026

X Composer Copy Block

Use Plain Text first. If your posting workflow supports markdown, use Markdown.

Suggested hashtags (5): #Vulnerability #CyberSecurity #Ransomware #DataBreach #Malware

Summary

The cybersecurity landscape remains highly active with significant updates and new threats emerging. Microsoft's June Patch Tuesday addressed over 200 vulnerabilities, including three zero-days, with a critical RCE in the Windows DHCP Client (CVE-2026-44815) highlighted for its potential to be triggered by rogue DHCP servers. The Five Eyes intelligence alliance's warnings about AI-powered cyberattacks have been validated by a successful, albeit thwarted, AI-enhanced attack on the UAE's financial sector, demonstrating attackers' use of AI for advanced phishing and malware. Supply chain risks are amplified by the FBI's alert on "Industrialized Ransomware" from VECT and TeamPCP, impacting over 1,000 cloud environments and compromising developer tools like the Telnyx Python SDK. Medtronic's data breach, affecting 3.8 million individuals, has been further detailed with new detection observables and MITRE ATT&CK mappings.

New threats include two critical, zero-click RCE vulnerabilities in the Cursor AI code editor (CVE-2026-50548, CVE-2026-50549), dubbed "DuneSlide," allowing full control of developer machines. Millions of IoT and embedded devices are at risk from unpatched flaws in the FatFs library (CVE-2026-6682 to -6688), with the library's developer unresponsive. A new APT group, "Armored Likho," is targeting energy and government sectors with its "BusySnake Stealer" malware. The source code for the SCADA hacking tool 'TRK25' has been leaked, lowering the barrier for ICS attacks. Ransomware activity remains high, with INC, ANUBIS, Qilin, and Bashe groups claiming responsibility for numerous global breaches. North Korea-aligned hackers are escalating their 'PolinRider' supply chain attack, publishing numerous malicious packages and extensions to compromise developers and steal secrets. Finally, an EU lawmaker was reportedly hacked with Pegasus spyware while serving on a committee investigating its abuse.

Today New Articles

Zero-Click RCE in Cursor AI IDE Lets Attackers Take Over Developer Machines

Two critical, zero-click remote code execution (RCE) vulnerabilities, dubbed "DuneSlide," have been discovered in the popular Cursor AI code editor. Tracked as CVE-2026-50548 and CVE-2026-50549, both flaws are rated 9.8 on the CVSS scale. They allow an attacke...


Millions of IoT and Embedded Devices at Risk from Unpatched Flaws in FatFs Library

Security firm runZero has disclosed seven vulnerabilities in the FatFs filesystem library, a component embedded in millions of IoT and industrial devices from vendors like Espressif and STMicroelectronics. The flaws, tracked as CVE-2026-6682 to -6688, can be t...


New APT 'Armored Likho' Deploys 'BusySnake' Stealer Against Energy & Government

Kaspersky researchers have identified a new advanced persistent threat (APT) group, "Armored Likho," targeting government and electric power sectors in Russia, Brazil, and Kazakhstan. The group conducts cyber-espionage and financially motivated attacks using a...


Irony and Outrage: EU Lawmaker on Spyware Committee Hacked with Pegasus

In an audacious attack, former Greek Member of European Parliament (MEP) Stelios Kouloglou was hacked with NSO Group's Pegasus spyware while he was a member of the PEGA committee, the official body investigating spyware abuse in Europe. A forensic report from...


SCADA Hacking Tool 'TRK25' Source Code Leaked, Lowering Bar for ICS Attacks

The source code for TRK25 ADVANCED SCADA, a Python-based tool for attacking industrial control systems (ICS), has been leaked online. The tool, originally sold by a group called 'Infrastructure Destruction Squad,' automates the discovery and compromise of expo...


Ransomware Frenzy: INC, ANUBIS, Qilin and Bashe Hit Raft of Global Firms

A significant number of data breaches were disclosed on July 3, 2026, as multiple ransomware groups listed new victims. The attacks span numerous industries and countries, showcasing the relentless pace of cyber extortion. The INC_RANSOM group claimed responsi...


North Korean Hackers Escalate 'PolinRider' Supply Chain Attack on Devs

North Korea-aligned threat actors are escalating their 'PolinRider' supply chain campaign, publishing 108 new malicious packages and browser extensions across npm, Packagist (PHP), and Go repositories. The campaign, attributed to the 'Contagious Interview' gro...

Article Updates

Microsoft's Record-Breaking June Patch Tuesday: Over 200 Flaws and Three Zero-Days Patched

Update:This update provides a deep dive into CVE-2026-44815, a critical RCE in the Windows DHCP Client. It details how a stack-based buffer overflow is triggered by a malicious DHCP response from a rogue server, leading to code execution with NT AUTHORITY\LocalServic...


AI-Powered Cyberattacks 'Months Away,' Five Eyes Intelligence Alliance Warns

Update:The UAE Cyber Security Council successfully thwarted a coordinated, AI-enhanced cyberattack on its financial sector on July 3, 2026. This incident serves as a concrete example of the AI-powered threats predicted by the Five Eyes alliance just weeks prior. Atta...


FBI Warns of "Industrialized Ransomware" as VECT and TeamPCP Join Forces

Update:A new FBI FLASH alert confirms the TeamPCP (also known as PCPcat) supply chain campaign has impacted over 1,000 cloud environments, significantly increasing the known scale of the attack. The group has added the Telnyx Python SDK to its list of compromised dev...


Medtronic Data Breach Exposes Personal and Health Data of 3.8 Million

Update:This update provides a more precise timeline for the Medtronic data breach, specifying it occurred between April 13 and April 19, 2026. It also explicitly clarifies that Medtronic's medical devices and patient safety were not directly impacted by the incident....


New 'Friends' Ransomware Strain Uses Double-Extortion Strategy

Update:The 'Friends' ransomware, targeting Windows, now has detailed MITRE ATT&CK TTPs identified, such as T1059.003, T1083, T1562.001, T1041, T1486, and T1490. New hunting hints include monitoring for 'vssadmin.exe' execution and large outbound data transfers. Detec...


CitrixBleed-Like Flaw (CVE-2026-8451) Exploited Within 24 Hours

Update:Further information regarding the actively exploited CVE-2026-8451 has emerged. Specific affected versions of NetScaler ADC and Gateway include 14.1 before 14.1-29.72, 13.1 before 13.1-55.39, and 13.0 before 13.0-94.25. An observed attacker IP address, 146.70....