The Argentine Football Association is investigating an alleged hack by Egyptian nationals that led to unauthorized emails criticizing World Cup refereeing and favoring Egypt after their controversial match.
The Argentine Football Association is investigating an alleged hack by Egyptian nationals that led to unauthorized emails criticizing World Cup refereeing and favoring Egypt after their controversial match.
Conti ransomware gang leak reveals cyber vulnerabilities in crypto sector
The leak of Conti ransomware gang messages highlights persistent cyber vulnerabilities within the cryptocurrency sector. Consequently, prediction markets currently reflect an 82% expectation that the total value of crypto hacks will exceed $1.2 billion in 2026.
The Argentine Football Association suffered a major database breach after an infostealer malware infection compromised an employee’s computer, granting attackers administrative access. This incident highlights how dormant stolen credentials can facilitate unauthorized data exfiltration and the weaponization of official communication channels.
GPT-5.6: Frontier intelligence that scales with your ambition | OpenAI
The GPT-5.6 family of models, featuring the flagship Sol, the balanced Terra, and the efficient Luna, delivers state-of-the-art performance across coding, science, and knowledge work with significantly improved efficiency. These models introduce advanced agentic capabilities and robust safeguards to provide faster, more accurate results for complex professional tasks at a lower cost.
www.crowdstrike.com/en-us/blo…
The CrowdStrike State of Cloud Detection and Response Survey reveals that 94% of organizations have experienced cloud breaches due to poor visibility, fragmented security tools, and an inability to distinguish malicious activity from normal operations. These systemic gaps delay critical detection and response efforts, leaving companies vulnerable as they scale their cloud environments.
opensourcemalware.com/blog/cybe…
A cybersecurity startup founder published malicious NPM packages disguised as AI developer tools to harvest sensitive identity data and environment configurations from victim machines. The attacker utilized typosquatting and install-time execution to exfiltrate information, suggesting a potential effort to build a proprietary dataset for future operations.
1-in-2 phones sold in Africa exfiltrate telemetry to China - NowSecure
Research from NowSecure reveals that Transsion smartphones and various popular mobile applications utilize the Athena SDK to exfiltrate sensitive user telemetry to Chinese servers. This hidden data collection includes precise GPS location, device identifiers, and granular app usage activity, which can only be mitigated by blocking all traffic to shalltry.com at the DNS level.
Where: Germany / Europe
When: Published July 8, 2026; exposure discovered May 18, 2026; closed May 27, 2026
What happened: Cybernews reported that a hosting misconfiguration exposed an Elasticsearch database containing about 367,000 internal records and 7.92 GB of data. Exposed material included invoices, contracts, employee details, emails and client setup scripts, some with hardcoded database credentials. Nextcloud said the issue was fixed, reported to the state data protection officer, and that it had no evidence of exploitation.
Where: Germany
When: Published July 8, 2026; exact occurrence date not public
What happened: Unsafe ransomware claimed it breached Deutsche Bank and posted alleged employee database extracts. Cybernews reported samples included employee emails, password hashes, physical addresses and internal records. Deutsche Bank confirmed an incident at an external German service provider operating a marketing/incentive platform, but said there was no indication its own internal systems or network were affected.
Where: Global / United States-listed company
When: Published July 7, 2026; alleged theft occurred in July 2026; exact access date not public
What happened: Accenture confirmed an isolated security breach after a threat actor offered 35 GB of alleged source code and other data for sale. Claimed data included source code, RSA/SSH keys, Azure PATs, storage keys and configuration files. Accenture said it remediated the source and that operations/service delivery were not impacted.
Where: Canada
When: Published July 7, 2026; cyberattack occurred in June 2026
What happened: Mount Royal University said a June cyber incident was confirmed as a targeted data breach affecting students and staff. CityNews reported that data was stolen and deleted during the cyberattack.
Where: United States
When: Published July 7, 2026 by DataBreaches; original notice/reporting published June 29, 2026; incident occurred in March 2026
What happened: DSHS said a former employee improperly accessed about 8,600 client records for reasons unrelated to their duties. Potentially accessed information included full names, dates of birth, Social Security numbers, DSHS client numbers and program-enrolment information. DSHS said there was no evidence of access to specific health information such as diagnoses, test results, treatments, claims or chart notes.
Where: United States
When: Published July 7, 2026; disclosed to Texas Attorney General July 7, 2026; occurrence date not public
What happened: TriWest disclosed a breach involving personal and health-insurance information. The Texas filing identified 2,408 Texas residents as affected. Reported compromised information included names, health-insurance data and other personal data.
Where: United States
When: Published July 7, 2026; reported to Texas Attorney General July 7, 2026; occurrence date not public
What happened: Markel disclosed a breach exposing sensitive personal and medical information. At least 268 Texas residents were listed in the Texas filing. Exposed categories included Social Security numbers, driver’s licence numbers and medical information.
Where: United States
When: Published July 7, 2026; first disclosed to Texas Attorney General July 7, 2026; occurrence date not public
What happened: YKK AP America reported a breach involving names, addresses, Social Security numbers and financial information, including account, credit-card or debit-card numbers. The Texas filing listed 368 affected Texas residents.
Where: United States
When: Published July 7, 2026; unauthorized access occurred April 1-7, 2026; HHS disclosure June 5, 2026
What happened: Heart of America Eye Care disclosed unauthorized network access in which some information was viewed or taken. The review of affected data was still ongoing. A group called CMD Organization had previously claimed on the dark web that it obtained 730 GB, but PHI exposure was not yet confirmed.
Where: United States
When: Published July 7, 2026; occurred in April 2026; the source narrative says April 26-27 while the same page’s summary lists April 16-17
What happened: Ohio Living disclosed unauthorized access to network systems and file copying. Potentially exposed information included names, dates of birth, Social Security numbers/taxpayer IDs, financial/payment-card data and extensive medical/health-insurance records affecting current and former employees, patients, residents and others.
Where: United States
When: Published July 6, 2026; reported to Massachusetts/Vermont regulators starting July 6, 2026; exact occurrence date not public
What happened: T.A. Solberg disclosed unauthorized access in which files were viewed and obtained. Exposed categories included names, Social Security numbers, driver’s licence/state ID and passport numbers, financial/pay-card data, medical information and health-insurance information.
Where: United States
When: Published July 6, 2026; disclosed to SEC June 27, 2026; occurrence date not public
What happened: AdaptHealth disclosed a breach involving patient information. The company said exposed data included passwords associated with insurance billing plus some patient PII and PHI; the specific fields and total number of affected individuals were not public.
Where: United States
When: Published July 6, 2026; discovered June 4, 2026; disclosed to Massachusetts OCABR June 30, 2026
What happened: Credit Acceptance disclosed an incident exposing consumer names and Social Security numbers. The company is offering affected individuals 24 months of identity-monitoring services.
Where: United States
When: Published July 6, 2026; occurred Jan. 17-18, 2026; HHS disclosure June 2, 2026; notifications began June 10, 2026
What happened: Henry Rossi disclosed unauthorized access affecting about 2,720 people. Files included audit records for the Steamfitters Local #449 Medical & Benefit Fund; exposed personal information included full names, Social Security numbers and dates of birth.
Where: United States
When: Published July 6, 2026; occurred April 15, 2026; disclosed to Indiana Attorney General June 22, 2026
What happened: NTN Bearing disclosed an April ransomware-related breach. Payouts King claimed it obtained 596 GB, including employee PII, financial records, confidential business documents, internal correspondence and engineering files, but the specific data types have not been publicly confirmed.
Where: United States
When: Published July 6, 2026; reported to Massachusetts and Texas regulators starting July 1, 2026; occurrence date not public
What happened: Lake Region Healthcare disclosed a breach exposing PII and PHI across multiple states. Exposed data included names, addresses, contact information, dates of birth, Social Security numbers, financial information, government ID numbers, medical/treatment information, health-insurance information, medical record numbers and patient account numbers.
Where: United States
When: Published July 6, 2026; suspicious activity identified March 20, 2026; HHS disclosure May 15, 2026
What happened: Centers for Dialysis Care disclosed a breach affecting about 8,000 people. An unknown actor accessed the network and files, potentially exposing names, Social Security numbers, dates of birth, tax or financial information, medical/health information, treatment or diagnostic information and health-insurance information.
Where: United Kingdom / international
When: Published July 7, 2026; credential theft/exposure date not specified
What happened: Cybernews reported that UK Foreign Office Fortinet VPN/firewall credentials, including privileged embassy-related logins, appeared in a dark-web dataset being sold by a threat actor. NHS, energy and medicine-supplier credentials were also reportedly present. Treat as a reported credential leak, not a confirmed systems breach.
Where: United States
When: Published July 6-7, 2026; suspicious activity detected Friday, July 3, 2026
What happened: Jacksonville, Texas took some city systems offline after detecting suspicious network activity. Public reporting described service disruption and workarounds while third-party specialists investigated. I found no public confirmation of data theft, so treat this as a cyber incident rather than a confirmed data breach.
Where: Global
When: Published July 8, 2026
What happened: Help Net Security examined how agentic AI systems introduce risks that may not show up as classic indicators of compromise. The article highlights “belief injection,” where poisoned retrieval, feedback or memory can gradually shift an agent’s decisions without producing the deterministic signals SIEM, EDR or XDR tools usually monitor.
Where: United States
When: Published July 8, 2026
What happened: CyberScoop argued that the U.S. government’s proposed AI cybersecurity clearinghouse should be measured by whether it helps organizations remediate vulnerabilities, not just discover them. The core issue is governance and execution: AI can accelerate vulnerability finding, but coordinated intake, triage, disclosure and patch adoption remain the harder operational problems.
Where: Global
When: Published July 8, 2026
What happened: Help Net Security covered ESET research finding more than 25,000 suspicious AI skills and over 3,000 malicious ones across a large sample of agent skills. These skills can support command execution, file access, credential loading, code injection and obfuscation, creating a new supply-chain risk for AI-agent ecosystems.
Where: Global, with focus on exposed networking devices
When: Published July 8, 2026
What happened: Cisco Talos reported that China-linked UAT-7810 is expanding the LapDogs operational relay box network by compromising internet-facing networking devices. The group is using updated LONGLEASH malware and related tools to turn routers and embedded devices into relay infrastructure for follow-on espionage operations.
Where: Global
When: Published July 8, 2026
What happened: Researchers disclosed GhostLock, a 15-year-old Linux kernel use-after-free vulnerability that can give a local user root access and enable container escape. Exploit code is now public, so shared Linux hosts, cloud servers, CI runners and container-heavy environments should be prioritized for kernel updates.
Where: Global
When: Published July 8, 2026, 04:15 AM ET
What happened: Ubiquiti released fixes for seven critical UniFi OS vulnerabilities, including a maximum-severity command-injection issue affecting UniFi Connect Application. The risk is material because Censys tracks more than 100,000 UniFi OS instances exposed online, and Ubiquiti devices have been repeatedly targeted for botnet and proxy infrastructure.
Where: United States
When: Published July 8, 2026, 05:58 AM ET
What happened: CISA ordered U.S. federal agencies to patch an actively exploited Langflow authorization bypass flaw by Friday. The vulnerability can let authenticated attackers access other users’ AI flows and sensitive data, making exposed Langflow deployments a priority for AI-platform and cloud-security teams.
Where: Global
When: Reported July 2026
What happened: A phishing campaign is impersonating more than 30 major brands, including Adobe, Netflix, Coca-Cola and OpenAI, to lure marketing professionals into fake job interviews. The attackers abuse legitimate platforms and recruiter identities to build trust before redirecting victims to malicious pages designed to steal Google account credentials.
Where: European Union / Greece
When: Reported July 6, 2026; infections dated October 2022 and March 2023
What happened: Citizen Lab found that former Greek MEP Stelios Kouloglou’s iPhone was infected with Pegasus spyware while he was involved in the European Parliament’s inquiry into spyware abuse. Civil liberties groups say the case raises serious concerns about oversight, accountability and the integrity of EU investigations into government-grade spyware.
Where: Australia
When: Reported July 2026
What happened: Researchers testing Australia’s new under-16 social media restrictions created 50 accounts across covered platforms and found that nearly all accepted a self-declared age of 16 without requiring proof. The study suggests current age-assurance methods are weak, especially where platforms rely on inferred behaviour rather than robust verification.
Where: Europe / Nordics
When: Reported July 2026; attacks observed since last autumn
What happened: Nordea says a small number of Nordic customers have been targeted by payment-card relay attacks. In this fraud model, criminals intercept and forward a one-time payment authentication signal from a legitimate card transaction to another terminal, enabling a fraudulent purchase or cash withdrawal. Unlike classic skimming, the attackers do not necessarily copy reusable card data.
Where: United States
When: Reported July 2026
What happened: Reuters sources say CISA is using Anthropic’s Mythos AI model to scan U.S. government code repositories for software flaws that could be exploited by foreign intelligence services or cybercriminals. The reported use reflects growing U.S. government interest in AI-assisted security reviews, even as Anthropic’s relationship with the White House has reportedly remained strained.
AI-Generated Malware Powers New Armored Likho APT Campaign
The Armored Likho APT group is leveraging AI-generated malware and the BusySnake Stealer to conduct targeted espionage against government agencies and power grids in Russia, Kazakhstan, and Brazil. This campaign employs sophisticated spear-phishing techniques and modular tools to exfiltrate sensitive data while maintaining stealthy control over compromised hosts.
Microsoft Introduces Execution Containers to Secure AI Agents on Windows
Microsoft introduced the Microsoft Execution Containers (MXC) SDK to provide OS-level security, identity, and governance for autonomous AI agents on Windows. By embedding containment models like process and session isolation, this architecture allows organizations to enforce strict, policy-driven controls on dynamic AI behavior.
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
A suspected China-aligned threat cluster known as UNK_MassTraction is targeting university departments through the exploitation of Roundcube webmail vulnerabilities to deploy malware and gain persistent network access. This campaign uses phishing and N-day security flaws to siphon credentials and install backdoors like VShell.
Kazuar Backdoor Uses DLL Side-Loading and PowerShell Loaders for Stealthy Execution
The Kazuar backdoor utilizes DLL side-loading and PowerShell loaders to achieve stealthy execution and resilient command-and-control by embedding malicious code within legitimate processes. Defenders can mitigate these risks by monitoring process parent-child relationships, enabling PowerShell script block logging, and employing memory and API monitoring to detect anomalous loader behaviors.
Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available
An unpatched authentication backdoor in several Tenda routers allows attackers to bypass login screens and gain full administrative access using a hidden password. Because no fix is currently available, users should disable remote management to secure their devices from potential takeover.