Categories Breaking News

Breaking News – Cyber Threats – 2026-07-02 08:00 PDT

Breaking News – Cyber Threats (last 6h)

Generated: 2026-07-02 08:00 PDT

  • ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
    BleepingComputer • 2026-07-02 07:00 • www.bleepingcomputer.com
    ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. […]
    https://www.bleepingcomputer.com/news/security/consentfix-and-clickfix-how-microsoft-365-accounts-are-hijacked-in-3-seconds/
  • ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
    The Hacker News • 2026-07-02 06:04 • thehackernews.com
    The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that’s designed to gain surreptitious access to a victim’s email correspondence via the Google API.

    “In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs,” Kaspersky said in a detailed report published this week. “
    https://thehackernews.com/2026/07/toddycat-linked-umbrij-malware-abuses.html

  • Microsoft fixes bug that removed Copilot buttons in Outlook
    BleepingComputer • 2026-07-02 05:15 • www.bleepingcomputer.com
    Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. […]
    https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-that-removed-copilot-button-in-outlook/
  • Cisco finally confirms attackers exploiting Unified CM flaw
    BleepingComputer • 2026-07-02 04:35 • www.bleepingcomputer.com
    Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. […]
    https://www.bleepingcomputer.com/news/security/cisco-finally-confirms-attackers-exploiting-unified-cm-flaw/
  • Identity Lifecycle Management Wasn't Built for AI Agents
    The Hacker News • 2026-07-02 04:30 • thehackernews.com
    Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren’t designed to detect. This guide covers where that model breaks, what it
    https://thehackernews.com/2026/07/identity-lifecycle-management.html
  • Cybersecurity Mission Creep in the US
    Schneier on Security • 2026-07-02 04:11 • www.schneier.com

    Interesting paper: “Cybersecurity Mission Creep.”

    Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what this Article calls “cybersecuritized.” Before this reframing, these issues present …
    https://www.schneier.com/blog/archives/2026/07/cybersecurity-mission-creep-in-the-us.html

  • CISA: Microsoft SharePoint RCE flaw now actively exploited
    BleepingComputer • 2026-07-02 03:52 • www.bleepingcomputer.com
    CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. […]
    https://www.bleepingcomputer.com/news/security/cisa-microsoft-sharepoint-rce-flaw-now-actively-exploited/
  • Opera rolls out Paste Protect feature to fight ClickFix attacks
    BleepingComputer • 2026-07-02 03:46 • www.bleepingcomputer.com
    Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. […]
    https://www.bleepingcomputer.com/news/security/opera-rolls-out-paste-protect-feature-to-fight-clickfix-attacks/
  • AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
    The Hacker News • 2026-07-02 02:13 • thehackernews.com
    Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent.

    Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company’s production database.

    Ransomware has always
    https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html

  • Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects
    Securelist • 2026-07-02 02:00 • securelist.com
    Kaspersky Compromise Assessment specialists analyze trends from the service’s 2025 projects and provide tips on how to enhance your organization’s security.
    https://securelist.com/compromise-assessment-findings-2025/120542/

Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.

Written By

More From Author

You May Also Like