📰 DAILY THREAT BRIEFING
Wednesday, July 8, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of July 8, 2026.

  1. Accenture confirms breach after hacker offers stolen data for sale
    — Bleeping Computer

    IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and…
  2. Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation
    — Unit 42

    A cybercrime campaign combined a loader-as-a-service framework and DLL sideloading via a Go-compiled fake MpClient.dll, a novel evasion laye…
  3. Big Brand Jobs Scam Targets Marketing Pros' Google Accounts
    — Dark Reading

    The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets.
  4. Dialogflow CX 'Rogue Agent' Flaw Enabled AI Chatbot Data Theft
    — Dark Reading

    Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infras…
  5. Chinese hackers develop LONGLEASH malware to expand ORB network
    — Bleeping Computer

    Chinese hackers tracked as 'UAT-7810' are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromisin…
  6. More Odd DNS Records: NIMLOC, (Tue, Jul 7th)
    — SANS ISC

    Yesterday, I talked about NAPTR records and how they are related to RCS. But there is another "odd" record that shows up in my DNS logs. Thi…
  7. Hidden backdoor in Tenda router firmware grants admin access
    — Bleeping Computer

    A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain adminis…
  8. RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
    — The Hacker News

    A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill cr…
  9. Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
    — The Hacker News

    A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code …
  10. 'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows
    — Dark Reading

    The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org's public repository and then silently pull data from its priva…
  11. DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
    — The Hacker News

    A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts bet…
  12. ISC Stormcast For Tuesday, July 7th, 2026 https://isc.sans.edu/podcastdetail/9996, (Tue, Jul 7th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7725 in last 30 days).
Critical: 3 · High: 11 · Medium: 6 · Low: 0. View full dashboard →

  1. CVE-2026-55429
    — CVSS 8.7 (HIGH)

    Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `UpsertWorkspaceApp` overwrites an existing app's `agent_id` on a primary-key c…
  2. CVE-2026-55428
    — CVSS 8.2 (HIGH)

    Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's `Addresses` derive from its a…
  3. CVE-2026-55427
    — CVSS 8.3 (HIGH)

    Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHCo…
  4. CVE-2026-55079
    — CVSS 4.9 (MEDIUM)

    Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `NewDataBuilder` in `provisionersdk/proto/dataup…
  5. CVE-2026-59705
    — CVSS 9.8 (CRITICAL)

    mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authen…
  6. CVE-2026-59704
    — CVSS 7.1 (HIGH)

    Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs…
  7. CVE-2026-55078
    — CVSS 6.5 (MEDIUM)

    Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `POST /api/v2/files` converts zip uploads to tar…
  8. CVE-2026-55077
    — CVSS 7.2 (HIGH)

    Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `PUT /api/v2/users/{user}/password` endpoint authorized only `ActionUpdateP…
  9. CVE-2026-55076
    — CVSS 7.4 (HIGH)

    Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked `email_verified` with a direct Go `bool` type ass…
  10. CVE-2026-59706
    — CVSS 9.3 (CRITICAL)

    mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve sto…
  11. CVE-2026-58266
    — CVSS 6.5 (MEDIUM)

    Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor…
  12. CVE-2026-55490
    — CVSS 6.5 (MEDIUM)

    OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash th…
  13. CVE-2026-55418
    — CVSS 8.6 (HIGH)

    FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, with…
  14. CVE-2026-55075
    — CVSS 7.4 (HIGH)

    Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user…
  15. CVE-2026-54607
    — CVSS 7.7 (HIGH)

    FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta4, the HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle, whose remote reference resolv…
  16. CVE-2026-54601
    — CVSS 6.3 (MEDIUM)

    FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that p…
  17. CVE-2026-50179
    — CVSS 4.2 (MEDIUM)

    Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Categ…
  18. CVE-2026-49229
    — CVSS 8.3 (HIGH)

    Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user rem…
  19. CVE-2026-49033
    — CVSS 7.8 (HIGH)

    The application contains a stack-based buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code.
  20. CVE-2026-46354
    — CVSS 9.1 (CRITICAL)

    Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, `azureidentity.Validate()` verifies that the PKCS#7 signer…

Source: NVD CVE API 2.0


Generated by CryptXNet.ai Threat Intelligence Platform · July 8, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com