
Hello all,
The biggest news this week, in my opinion, is the 250th birthday of The United States of America. Celebrations were held nationwide to honor and commemorate this momentous occasion. In addition, it is a three-day weekend for most Americans, so hopefully your defenses were ready since threat actors love to attack when there are less of us watching. There were quite a few other news items of note, so let’s get to them.
Headline NEWS:
- Adobe Patched 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic. The Coldfusion web-application development environment has continued to receive modernization enhancements and is used in enterprise applications, public websites and intranets, mobile applications and in high-traffic and scalable environments. Campaign Classic is a enterprise-grade marketing automation platform that can be self-hosted, or cloud-hosted. The defects found require applying the patch to any self-hosted instances of either product. Don’t wait since there is already evidence of active exploitation.
- Citrix NetScaler ADC and NetScaler Gateway have received patches for six vulnerabilities, one of which is named CitrixBleed2. The vulnerabilities all have different configuration-specific preconditions and customers need to check their particular environment to determine what may be vulnerable. There are some mitigations that can be applied, but the most effective is to apply the official patches as soon as possible. Active exploitation of the CitrixBleed defect began less than 24 hours after publication of the exploit.
- FortiBleed, we love the “Bleed” name in security, don’t we? This Fortinet credential harvesting and exploitation campaign is actively continuing. The latest development is that researchers have correlated some of the servers being used with the infrastructure of the evil spawns of hell known as INC and Lynx ransomware.
In Ransomware, Malware, and Vulnerabilities News:
- Third-Party Breaches are increasing. The full listing of links in this week’s news lists nearly a dozen exploits, breaches, or leaks that can be directly attributed to a third-party integration, or vendor. For far too long, these connections have been almost implicitly trusted as being secured, with little to no formal vetting, vulnerability testing, or regression testing required of the integrations or vendors. Who checks when a library that is used in your application receives an update? Or when your vendor performs a major rewrite and release? Somehow, we need to rethink these paths to our data and networks and validate them in real-time against what is known to be good and secure. Will this be easy? No. Is it necessary? Yes.
In Other News Events of Note and Interest:
- Anthropic Claude Fable 5 is back. The US government, after receiving assurances, and after changes were made by Anthropic, gave the AI vendor permission to open access back up to the rest of the world. More details about the jailbreak controls that Anthropic implemented, and the safeguards that are now in place, can be found in the full article listing.
Musings
I am unapologetic about loving my country. As a legal immigrant that escaped the evil of communism, I, above many others that don’t understand what they have, value the freedoms, the opportunity, and the way of life that I am blessed to experience in the United States of America. There is a reason that there are nearly four million people on the current waiting list to get in. For over 250 years the resilient people of this land have forged a unique culture, language, and standard of living that the rest of the world envies and struggles to match. Has it been perfect, of course not. As a country plenty of mistakes, blunders, and outright sins have been committed. We learn, we grow, we change and move forward. But without this bastion of freedom, faith, and hope shining the light of liberty and prosperity in a world so steeped in darkness, I shudder to think what would be. I know that I am eternally grateful for my adopted homeland. Happy Birthday American, may you have many more!

Keep the shields up!
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic
- Adobe patches seven max severity ColdFusion, Campaign flaws
- Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack
- New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure
- FortiBleed credential-theft campaign linked to INC and Lynx ransomware
Ransomware, Malware, and Vulnerabilities News
- Good News, Government News, and Interesting
- DoD issues guidance as ban on Chinese companies takes effect
- US offers $10 million for hackers targeting WhatsApp, Signal users
- Montenegro arrests Iran-linked hacker wanted by US
- 19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
- Scattered Spider Hackers Plead Guilty on Day 1 of Trial
- Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
- Vulnerabilities and Exploits
- CISA: Microsoft SharePoint RCE flaw now actively exploited
- NIST Enrichment Reductions Impact CVE Coverage, Accuracy
- Chrome 150 fixes nearly 400 security flaws, including 15 critical ones
- Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
- Anonymous researcher drops 0-day ‘exploitarium’ repo
- Vulnerability reports are arriving faster than GitHub can review them
- CISA: Windows BlueHammer flaw now exploited by ransomware gangs
- Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
- Public PoC Released for Deserialization RCE Vulnerability in Splunk Secure Gateway
- Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
- libssh2 Vulnerability CVE-2026-58050 PoC Code Released
- Hackers have a new way to disable Mac security software
- Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
- In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
- Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
- Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs
- Apple releases iOS 26.5.2 with dozens of security fixes for iPhone
- DirtyClone: A Linux Privilege Escalation That Leaves No Trace on Disk
- New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages
- KDE Plasma Affected By Arbitrary Code Execution To Break Sandboxes With “Open New Window”
- Longinus: 2 Boundaries in One Bug, Piercing Chrome’s Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307
- Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit
- Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution
- DuneSlide: Two Critical RCE vulnerabilities in Cursor IDE
- Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability
- Phishing, Malware, and Similar
- Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
- Amazon blames piracy apps with malware for killing new Fire Stick sideloading
- RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
- Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
- Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses
- Microsoft 365 Apps RCE Vulnerability Exploited Using a Malicious Excel File
- WhatsApp usernames are already raising impersonation red flags
- Newly discovered PamStealer isn’t your typical macOS malware
- Malware found spreading through sponsored ad on X – 9to5Mac
- Opera rolls out Paste Protect feature to fight ClickFix attacks
- Breaches, Leaks, and Ransomware
- NAIC says public data stolen in ShinyHunters’ PeopleSoft breach
- US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw
- US Government Agency Paid $1M to Data Extortion Group Kairos
- DHS confirms hackers breached HSIN info-sharing platform
- Nissan discloses employee data breach linked to Oracle zero-day attacks
- You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials
- Insurance giant Aflac discloses data breach after subsidiary hack
- Huntress CEO says threat hunter used ‘poor judgment’ in alerting ransomware crim about law enforcement probe
- Blackfield ransomware asks Nidec Corporation for $2 million ransom
- India’s central bank mandated use of .bank domains to enhance trust – but its registry leaked sensitive info
- AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
- Kubota says hackers had month-long access to network systems
- Pacemaker manufacturer Medtronic warns patients cybercrooks may have swiped health data
- Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM
Other News Events of Note and Interest
- Cool Tool – Kali Linux 2026.2 released with 9 new tools, NetHunter updates
- The ‘Father of the Internet’ is finally retiring
- We Can Still Stop California’s 3D Printer Surveillance Scheme
- Amazon has enough satellites to launch its Starlink competitor
- Citrix says it’s back as a mainstream server virtualization player that won’t send scary bills
- Digital sovereignty at the UN: Inside the global push to replace US cloud giants with open-source tech
- LastPass Receives Best All-in-One Secure Access Solution Award from Best Reviews
- Nmap Tutorial: Network Scanning From Beginner to Advanced (2026)
- WhatsApp Lets 3 Billion Users Reserve Usernames for Greater Privacy
- Rebuilding the computer room
- macOS 27 Golden Gate marks the end of built-in DVD support
- Intel releases major new Wi-Fi and Bluetooth drivers for Windows 11
- Are You Overwhelmed with Information?
- Intel’s Chip Business Shows Signs of Life After Years of Struggle
- The Customer Is Always Right in Matters of Taste: What It Really Means
- Your old graphics drivers could be causing problems on your PC
- T-Mobile moving tens of thousands of virtual machines off VMware amid lawsuit
- WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes
- User swore hacker called General Failure had invaded his PC
- Reminder: Samsung Messages shuts down sometime this month
- Organizations struggle to prioritize known cyber risks
- AI, LLM’s, and Skynet
- Ford rehires human engineers after AI fails to match quality checks
- Cloudflare sets AI crawler deadline: separate search or be blocked
- Palo Alto Networks CEO: Workers Are in ‘Darwinian Moment’ With AI
- TCS+ | IBM Bob: an AI-powered development partner for the enterprise
- Anthropic restores Claude Fable 5 as US lifts export controls
- Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
- More details on Fable 5’s cyber safeguards and our jailbreak framework – Anthropic
- Anthropic releases Claude Sonnet 5 with improved agentic capabilities
- Anthropic launches Claude Sonnet 5 at a steep discount to its top model as the company races toward a blockbuster IPO
- OpenAI GPT-5.6 gets better at cybersecurity
- GPT-5.6 Preview System Card – OpenAI Deployment Safety Hub
- OpenAI proposes U.S. government own 5% stake to address political blowback
- Gemini’s personalized AI image generation is now free for US users
- Start building with Nano Banana 2 Lite and Gemini Omni Flash
- Here’s a photo of OpenAI’s Codex hardware
- China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection
- DeepSeek open sources DSpark, a new framework to speed up LLM inference by up to 85%
- Somebody told DeepSeek to build in-browser ransomware and it gleefully complied
- The 2026 Agent Confidence Index: Where 300 builders see real momentum
- Microsoft
- Microsoft extends Windows Server 2022 hotpatching until October 2027
- Microsoft Announces Public Preview For Linux Containers On WSL
- Microsoft Entra Backup and Recovery is now generally available
- Microsoft fixes GIF functionality in the Windows Emoji Panel
- Advanced Microsoft Intune capabilities now available in Microsoft 365 E3 and E5
- Windows 11’s new Start menu released to all ahead of next big update
- Windows 11 is getting a new Screen Tint mode, and your eyes might thank Microsoft
