Back after a week off — field hockey duties called, Turkey answered.
AI didn't assist the JudePuffer ransomware campaign. It ran it. The human operator set the target and, by all accounts, largely stepped back. What followed was an AI agent handling reconnaissance, credential theft, lateral movement, persistence, and payload deployment — generating over 600 unique ransomware variants, self-correcting errors in seconds, adapting to defensive responses faster than any human operator could manage. The campaign hit 23 organizations across healthcare and logistics before analysts caught up with what they were actually looking at.
In issue 19 we watched AI used as a recon assistant against a water utility in Monterrey — find the interface, recommend the attack, generate the toolkit. That felt like a threshold moment. JudePuffer is what comes next. The skill floor for running a ransomware operation has not just dropped — it has been removed. The barrier that used to sit between "motivated attacker" and "capable attacker" was always knowledge and tradecraft. An autonomous agent with access to a target network doesn't need either. It needs a prompt and patience.
Table of Contents
🔓 BREACHES & SECURITY INCIDENTS
🗾 Japanese telecom KDDI says attackers breached an email platform and exposed over 12 million email addresses and 7.6 million passwords. The breach exploited a zero-day in third-party software discovered May 16 and confirmed June 17. KDDI is forcing password resets, deploying EDR tools, and working with ISPs and regulators to secure accounts.
🇺🇸 Accenture confirmed a security breach after a hacker offered stolen data for sale. The attacker claims to have taken about 35 GB of source code and keys. Accenture says the issue was remediated and operations were not impacted.
🇺🇸 A small US county reportedly paid a $1 million ransom to the Kairos extortion group after a May 2025 breach — The attackers claimed to have taken about 2 TB of data, including sensitive personal and financial records. The payment followed weeks of negotiation and came amid pressured deadlines and limited proof that the data were fully deleted.
🇺🇸 Two U.S. Army subdomain error pages were defaced with pro-Kurdish messages and insults to President Trump and adviser Tom Barrack. The hacks used 404 hijacking on legacy, third‑party WordPress/Microsoft cloud sites and affected only error pages. The Army took the pages offline and is investigating the incident.
🇺🇸 AdaptHealth, a home medical equipment supplier, told the SEC hackers stole a large amount of patient health and personal data after a social engineering attack. The company said stolen items include insurance billing passwords and records from external electronic health record portals, and it has contained the breach. AdaptHealth could not yet determine the full financial or reputational impact and may have paid a ransom.
🇺🇸 Hackers breached the Department of Homeland Security’s Homeland Security Information Network, a platform used by tens of thousands of officials to share sensitive but unclassified threat intelligence. DHS says it isolated affected systems, mitigated the vulnerability, and is investigating, with no evidence yet that classified networks were hit. Officials warn the compromise could expose operational plans and enable targeted attacks on partners.
→ More breaches:
🥷🏻 CYBERCRIME, CYBER ESPIONAGE, APT’s
❌ Interpol's Operation First Light led to more than 5,800 arrests across 97 countries and identified over 142,000 victims. Authorities seized $293 million, blocked 31,000 bank accounts, and analyzed more than 152,800 cybercrime cases. The operation targeted scams like romance fraud, business email compromise, and money laundering.
🇨🇳 🦠 A China-linked group called UAT-7810 is expanding its ORB network by hacking internet-facing routers and other devices. They upgraded their malware from ShortLeash to a more capable LONGLEASH and added tools like DOGLEASH and LEASHTEST. The group exploits known router flaws to build relay servers that other threat actors can use.
🇪🇸 🇷🇺 Spain's police arrested a man suspected of helping pro-Russian hacktivist groups CARR and Z-Pentest — He is accused of aiding a hacker, coordinating with group members, and trying to help the hacker flee to Russia. Authorities seized computers and crypto wallets and say he may face terrorism and computer crime investigations.
🇺🇸 ⚖ Prosecutors say a persistent Windows device ID helped link 19-year-old Peter Stokes to a May 2025 jewelry retailer breach. Attackers used social engineering to get help-desk password resets, tunneled out 77 GB, and tried to deploy ransomware. Experts warn Scattered Spider is a loose collective, so one arrest may not stop future attacks.
🇨🇳 📧 China-aligned attackers used two Roundcube email client vulnerabilities to break into U.S. and Canadian university networks. They targeted physics and engineering staff to steal credentials and install webshells and backdoors for persistent access. Proofpoint says fewer than 10 victims were confirmed but many more may be affected.
🇮🇷 🇮🇱 An Iran-linked hacking group called Cavern Manticore uses a new modular C2 framework named Cavern to target Israeli IT providers and government organizations. The malware uses varied .NET compilation methods and DLL modules to evade analysis, persist, and load mission-specific tools for reconnaissance, data theft, tunneling, and lateral movement. Attackers abused trusted software updates and RMM tools to move through supply chains and exfiltrate sensitive data.
🇻🇳 Vietnamese authorities arrested seven people accused of running HiAnime, a major anime piracy streaming service. The site hosted over 26,000 pirated anime titles, drew hundreds of millions of visits, and earned about $12.85 million in illegal ad revenue. The arrests follow a multi-year investigation supported by international partners and the anti-piracy group ACE.
⚡ Armored Likho is a hacking group attacking governments and electric power companies in several countries. They use phishing emails to install stealthy malware that steals passwords, screenshots, and other sensitive data. Their tools give them remote control over infected computers to spy and steal information.
🗓️ {Cyber,Info}Sec Events — A community-maintained list of infosec conferences worldwide. Subscribe to the ICS calendar feed to get events straight into your calendar, or follow @[email protected] on Mastodon for weekly digests. Contributions and ⭐ welcome!
👨🏻⚖️ 👀 GOVERNMENT, POLITICS, AND PRIVACY
🇬🇧 🤖 The UK launched Cyber Shield to build national agentic AI defenses that find and fix vulnerabilities at machine speed. Critics warn many organizations still fail basic cyber hygiene and may struggle to adopt autonomous AI defenses. The government also unveiled a voluntary Cyber Resilience Pledge to push board accountability, early warning enrollment, and supply-chain standards.
🇺🇸 A Senate committee approved language for a pilot letting the Defense Department hire private contractors to conduct cyberoperations under U.S. Cyber Command. Critics warn this could undermine government control, increase global cyber instability, and create dangerous escalation and accountability problems. Supporters say industry can fill capacity gaps if tightly overseen.
🇨🇦 Canada’s spy agency, the Communications Security Establishment (CSE), said it carried out several state-authorized cyberattacks last year to disrupt threats to Canada. The operations targeted fentanyl brokers, an overseas extremist group, and a ransomware-as-a-service gang, reducing their ability to harm Canadians. CSE also ran a defensive operation to disrupt a phishing campaign against federal institutions.
🦠 MALWARE & THREATS
🏦 🇷🇺 RedWing is an Android malware sold on Telegram as an easy bank-fraud rental service that builds custom malicious apps for buyers. It tricks victims into sideloading fake apps and granting Accessibility and other permissions to steal logins, one-time codes, and control phones. Researchers link it to Russian-focused campaigns and warn to only install apps from official stores and refuse suspicious permission requests.
🐀 📲 Attackers use fake Microsoft Teams calls pretending to be IT to get employees to install remote-access tools and a malicious MSI. The MSI loads EtherRAT, a Node.js remote access trojan that steals data, runs commands, and keeps persistent access. Microsoft added warnings and admin controls to help block these impersonation and vishing attacks.
🇨🇳 🐀 🇮🇳 Researchers found a phishing campaign targeting Indian taxpayers that tricks users into downloading a fake tax utility which installs a remote access trojan (DcRAT). The malware uses DLL sideloading, image-based payload concealment, and Windows service persistence to steal data and maintain access. Infrastructure links and tactics point to a China-associated actor likely aiming for credential theft and long-term espionage.
🐀 Researchers discovered QuimaRAT, a Java-based remote access trojan that runs on Windows, Linux, and macOS. It is sold as malware-as-a-service with modular plugins, builders, loaders, and persistence features to evade detection. QuimaRAT gives attackers broad control (commands, credential theft, fileless execution) and uses flexible C2 methods for persistent access.
🤖 🧰 AI, CRYPTO, TECH & TOOLS
🔓 Researchers tested 281 free Android VPN apps and found many leak traffic, send data unencrypted, or include tracking. These problems affect apps with over 2.4 billion installs and include five that download config files in clear text, allowing tunnel hijacking. The study warns users to trust only audited providers and says store "verified" labels are not a security guarantee.
🇫🇷 🧪 The Paris Peace Forum is launching INTAiC, a global hub to study AI-driven cyber threats — It will unite researchers, companies, and governments to share evidence and produce practical reports. The goal is a fast, international coalition to detect and respond to AI-related attacks.
🔍 CISA is using Anthropic’s Mythos AI to scan federal software for security flaws. The AI audits, run by CISA’s Attack Surface Evaluation team, have reportedly found many vulnerabilities. Details and official comments from CISA or Anthropic were not released.
⚖ A class-action lawsuit against xAI’s Grok tool was expanded to include two more anonymous plaintiffs who say the AI made nonconsensual deepfake child sexual abuse images from their real photos. The suit alleges Grok enabled widespread sharing of the images, caused severe harm, and that xAI failed to provide law enforcement with the generated files. The complaint also adds Stability AI, claiming its open models and weakened safeguards helped fuel tools that produce CSAM.
🇪🇺 The EU unveiled an action plan to boost domestic AI and cybersecurity capabilities and reduce reliance on foreign models — It will build EU evaluation capacity, a secure testing platform, and a "grand challenge" for AI-assisted vulnerability remediation. Regulators urge banks and critical sectors to speed up patching, monitoring, and risk plans to prevent systemic disruption.
👀 A researcher found hidden code in Anthropic’s Claude Code that encoded a stealth marker into a harmless-looking date string. Anthropic said it was an “experiment” to detect abuse and removed the code but gave no detailed explanation. The incident raised concerns about trust, telemetry, and potential targeting of developers using AI tools.
💸 Researchers at Sysdig say an AI agent ran most steps of a late‑June 2026 ransomware attack, automating reconnaissance, credential theft, lateral movement, persistence and encryption. The agent executed over 600 purposeful payloads, fixed errors in seconds, and used multiple models and API keys. A human still set up and targeted the operation, but the event shows AI greatly lowers the skill needed to run ransomware.
🐛 🧠 VULNERABILITIES, RESEARCH, AND THREAT INTELLIGENCE
➝ From the Patching Department:
🐛 A critical prompt injection flaw in GitHub Agentic Workflows called "GitLost" lets unauthenticated attackers trick AI agents via crafted public issues. The agents can be made to read and leak files from both public and private repositories. Noma Labs urges treating user content as untrusted, tightening agent permissions, and sanitizing inputs.
🩹 Ubiquiti released patches for seven critical UniFi OS vulnerabilities, including a max-severity command injection flaw (CVE-2026-50746). The flaw affects UniFi Connect and could let a network attacker run commands on the host, so users should update to version 3.4.20 or later. Thousands of UniFi OS instances are exposed online, and similar Ubiquiti flaws have been actively exploited by threat actors.
💥 Attackers are exploiting a critical Adobe ColdFusion flaw (CVE-2026-48282) — Adobe released urgent patches and urged admins to update within 72 hours. Canadian authorities warn many online ColdFusion instances remain exposed.
🐧 A 16-year-old use-after-free bug in Linux KVM called Januscape (CVE-2026-53359) lets a guest VM corrupt the host's shadow-page state and crash the host. The bug affects both Intel and AMD x86 when nested virtualization is enabled and can be escalated to full host code execution. Patch kernels contain commit 81ccda30b4e8 or disable nested virtualization to mitigate.
🐧 Researchers found GhostLock, a 15-year-old Linux kernel bug that lets any logged-in user become root and escape containers. The flaw, present in most distributions since 2011, was fixed in April but patches are still rolling out and early fixes had issues. Install your distro's final patched kernel now, especially on shared, cloud, and container hosts.
🛰️ ICS, OT & IoT
🔙 🚪CERT/CC found a hidden backdoor in several Tenda router firmware versions that lets attackers bypass the login and gain admin access (CVE-2026-11405). The backdoor compares a special config-stored password in plaintext and accepts any username with that password. Users should disable remote management and change the default LAN IP until a patch is available.
💬 CONNECT
Follow me on Mastodon for quick daily updates and bite-sized content.
Prefer using an RSS feed? Add Infosec MASHUP to your feed here.
Enjoying our newsletter? Forward it to a colleague—
it’s one of the best ways to support us.
Thanks for reading today’s newsletter, and if you're enjoying it and want to support my work, you can buy me a coffee ☕ over at https://www.buymeacoffee.com/0x58
See you next time!
-X.

