Daily Digest

APT Activity, Zero-Days, and Ransomware Guilty Plea Highlight Cybersecurity Landscape

APT Activity, Zero-Days, and Ransomware Guilty Plea Highlight Cybersecurity Landscape

July 13, 2026
11 articles (7 new, 4 updated)
33 min read

Summary

This daily cybersecurity publication covers significant updates and new threats impacting various sectors. The Armored Likho APT group has evolved its tactics, now employing AI-generated loaders and malicious LNK files to deploy the BusySnake Stealer, which targets cryptocurrency wallets and Telegram sessions. Microsoft has patched a high-severity Defender zero-day, CVE-2026-50656, following the public release of a proof-of-concept exploit, with detection methods and ASR rules recommended for remediation. A supply chain attack on the Injective Labs SDK via npm involved a malicious version that exfiltrated private keys and seed phrases by encoding them in HTTP headers, active for a brief but impactful period.

CISA has added two actively exploited Joomla plugin flaws, iCagenda (CVE-2026-48939) and Balbooa Forms (CVE-2026-56291), to its Known Exploited Vulnerabilities catalog, both critical zero-days allowing unauthenticated remote code execution. The NSA, alongside international partners, warns of Russian FSB targeting vulnerable routers in critical infrastructure, exploiting misconfigurations and known vulnerabilities. In legal news, a Ryuk ransomware operator has pleaded guilty to charges related to a $15 million extortion scheme targeting U.S. companies and educational institutions.

New incidents include a data breach at Dutch telecom provider Odido, affecting six million customers due to a phishing attack, and a breach at Centers Laboratory exposing health information for over 540,000 individuals, claimed by 'WorldLeaks'. First National Holdings LLC disclosed a breach impacting over 34,500 people, exposing sensitive financial and personal data. Finally, APT-C-60 is targeting Japan with 'SpyGlace' malware, abusing trusted cloud services for delivery, and a new RedHook Android malware variant abuses Wireless ADB for persistent shell access on newer Android versions.

Filter by Category

New Articles (7)

Updated Articles (4)

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.