July 4, 2026

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

The biggest news this week, in my opinion, is the 250th birthday of The United States of America. Celebrations were held nationwide to honor and commemorate this momentous occasion. In addition, it is a three-day weekend for most Americans, so hopefully your defenses were ready since threat actors love to attack when there are less of us watching. There were quite a few other news items of note, so let’s get to them.

Headline NEWS:

  • Adobe Patched 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic. The Coldfusion web-application development environment has continued to receive modernization enhancements and is used in enterprise applications, public websites and intranets, mobile applications and in high-traffic and scalable environments. Campaign Classic is a enterprise-grade marketing automation platform that can be self-hosted, or cloud-hosted. The defects found require applying the patch to any self-hosted instances of either product. Don’t wait since there is already evidence of active exploitation.
  • Citrix NetScaler ADC and NetScaler Gateway have received patches for six vulnerabilities, one of which is named CitrixBleed2. The vulnerabilities all have different configuration-specific preconditions and customers need to check their particular environment to determine what may be vulnerable. There are some mitigations that can be applied, but the most effective is to apply the official patches as soon as possible. Active exploitation of the CitrixBleed defect began less than 24 hours after publication of the exploit.
  • FortiBleed, we love the “Bleed” name in security, don’t we? This Fortinet credential harvesting and exploitation campaign is actively continuing. The latest development is that researchers have correlated some of the servers being used with the infrastructure of the evil spawns of hell known as INC and Lynx ransomware.

In Ransomware, Malware, and Vulnerabilities News:

  • Third-Party Breaches are increasing. The full listing of links in this week’s news lists nearly a dozen exploits, breaches, or leaks that can be directly attributed to a third-party integration, or vendor. For far too long, these connections have been almost implicitly trusted as being secured, with little to no formal vetting, vulnerability testing, or regression testing required of the integrations or vendors. Who checks when a library that is used in your application receives an update? Or when your vendor performs a major rewrite and release? Somehow, we need to rethink these paths to our data and networks and validate them in real-time against what is known to be good and secure. Will this be easy? No. Is it necessary? Yes.

In Other News Events of Note and Interest:

  • Anthropic Claude Fable 5 is back. The US government, after receiving assurances, and after changes were made by Anthropic, gave the AI vendor permission to open access back up to the rest of the world. More details about the jailbreak controls that Anthropic implemented, and the safeguards that are now in place, can be found in the full article listing.

Musings

I am unapologetic about loving my country. As a legal immigrant that escaped the evil of communism, I, above many others that don’t understand what they have, value the freedoms, the opportunity, and the way of life that I am blessed to experience in the United States of America. There is a reason that there are nearly four million people on the current waiting list to get in. For over 250 years the resilient people of this land have forged a unique culture, language, and standard of living that the rest of the world envies and struggles to match. Has it been perfect, of course not. As a country plenty of mistakes, blunders, and outright sins have been committed. We learn, we grow, we change and move forward. But without this bastion of freedom, faith, and hope shining the light of liberty and prosperity in a world so steeped in darkness, I shudder to think what would be. I know that I am eternally grateful for my adopted homeland. Happy Birthday American, may you have many more!

Visc. Jan Broucinek

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Share this with: