📰 DAILY THREAT BRIEFING
Friday, July 3, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of July 3, 2026.

  1. Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
    — Dark Reading

    Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian busines…
  2. How We Added WebAuthn to a Browser-Based RDP Client
    — Unit 42

    A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post …
  3. Apple Reverses Age-Old Patch Policy to Keep Up With AI
    — Dark Reading

    Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
  4. FBI Seizes NetNut Proxy Platform, Popa Botnet
    — Krebs on Security

    The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a…
  5. FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
    — Dark Reading

    After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Ne…
  6. Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
    — The Hacker News

    Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic.…
  7. Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
    — The Hacker News

    Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability…
  8. ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
    — The Hacker News

    This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in …
  9. Google loses final appeal to overturn €4.1 billion EU fine
    — Bleeping Computer

    Court of Justice of the European Union (CJEU) has dismissed Google's final appeal against a €4.1 billion ($4.7 billion) antitrust fine ove…
  10. ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
    — Bleeping Computer

    ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics…
  11. Microsoft fixes bug that removed Copilot buttons in Outlook
    — Bleeping Computer

    Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Cop…
  12. ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (8037 in last 30 days).
Critical: 6 · High: 6 · Medium: 8 · Low: 0. View full dashboard →

  1. CVE-2026-55726
    — CVSS 5.3 (MEDIUM)

    The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container.
  2. CVE-2026-54477
    — CVSS 5.4 (MEDIUM)

    The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.
  3. CVE-2026-13768
    — CVSS 10.0 (CRITICAL)

    Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio dev…
  4. CVE-2026-57100
    — CVSS 9.9 (CRITICAL)

    Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
  5. CVE-2026-54998
    — CVSS 8.8 (HIGH)

    Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
  6. CVE-2026-45499
    — CVSS 9.9 (CRITICAL)

    Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
  7. CVE-2026-41106
    — CVSS 9.3 (CRITICAL)

    Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
  8. CVE-2026-26145
    — CVSS 4.8 (MEDIUM)

    Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.
  9. CVE-2026-50722
    — CVSS 8.1 (HIGH)

    Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A rem…
  10. CVE-2026-50721
    — CVSS 8.1 (HIGH)

    Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as pe…
  11. CVE-2026-12413
    — CVSS 7.5 (HIGH)

    An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown o…
  12. CVE-2026-58460
    — CVSS 7.7 (HIGH)

    react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name value c…
  13. CVE-2026-52830
    — CVSS 9.4 (CRITICAL)

    fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram…
  14. CVE-2026-59102
    — CVSS 5.4 (MEDIUM)

    Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload an…
  15. CVE-2026-59101
    — CVSS 5.8 (MEDIUM)

    AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected se…
  16. CVE-2026-59100
    — CVSS 5.0 (MEDIUM)

    LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Atta…
  17. CVE-2026-59099
    — CVSS 9.1 (CRITICAL)

    Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the s…
  18. CVE-2026-59098
    — CVSS 6.5 (MEDIUM)

    LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting miss…
  19. CVE-2026-59097
    — CVSS 5.3 (MEDIUM)

    Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story…
  20. CVE-2026-59096
    — CVSS 7.5 (HIGH)

    Dapr Sentry's OIDC discovery endpoint derives the issuer and jwks_uri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation wh…

Source: NVD CVE API 2.0


Generated by CryptXNet.ai Threat Intelligence Platform · July 3, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com