Cybersecurity News | Daily Recap [02 Jul 2026]

Cybersecurity News | Daily Recap [02 Jul 2026]
Daily Recap, cybersecurity coverage highlighted rapid exploitation of widely used software flaws, including Cisco Unified CM attacks, a CitrixBleed issue exploited immediately after disclosure, a SharePoint RCE added to CISA KEV, active targeting of Oracle E-Business instances, and an unpatched Argo CD repo-server flaw that could enable takeover of Kubernetes clusters. The same roundup also covered the FortiBleed credential-theft campaign tied to INC and Lynx ransomware, ChocoPoC RAT attempts to compromise vulnerability researchers, 81 million login attempts against Microsoft 365, and ShinyHunters’ data breach impacting Medtronic customers. #UnifiedCM #CitrixBleed #SharePointRCE #CISAKEV #OracleEBS #ArgoCD #Kubernetes #FortiBleed #INC #Lynx #ChocoPoC #ChocoPoCRAT #ClickFix #Microsoft365 #ShinyHunters #Medtronic #BioShocking #Claude #Teams #Copilot #ScatteredSpider #Kubota #HSIN #DHS

Vulnerability Exploits

  • Cisco confirmed in-the-wild attacks against its Unified CM flaw, while a new CitrixBleed issue was exploited immediately after disclosure and an active SharePoint RCE was added to CISA KEV after exploitation – Unified CM, CitrixBleed, SharePoint RCE
  • More than 900 Oracle E-Business instances were exposed to ongoing attacks as researchers also reported exploitation of another critical Oracle defect – Oracle EBS, Oracle defect
  • An unpatched Argo CD repo-server flaw could let attackers take over Kubernetes clusters – Argo CD

Ransomware & Malware

  • The FortiBleed credential-theft campaign was linked to INC and Lynx ransomware attacks – FortiBleed, Lynx
  • ChocoPoC RAT and malware campaigns targeted vulnerability researchers using trojanized fake PoC exploit repositories – ChocoPoC RAT, ChocoPoC
  • The dominant malware delivery method highlighted this week was ClickFix, underscoring how widely social-engineering lures are being used – ClickFix

Identity & Cloud Attacks

  • Attackers launched 81 million login attempts against Microsoft 365 accounts, showing sustained pressure on cloud identities – M365 Attacks
  • ShinyHunters was tied to a data breach affecting Medtronic customers, continuing the group’s extortion-focused campaign – Medtronic Breach

AI Security & Controls

  • A BioShocking attack tricked AI browsers into stealing credentials, while researchers also warned that Claude model restrictions were lifted after a cybersecurity alarm – BioShocking, Claude Models
  • Microsoft added new Teams controls to block unauthorized AI bots from meetings and separately fixed a bug that removed Copilot buttons in Outlook – Teams Controls, Copilot Fix
  • Guidance on auditing AI-driven software development focused on keeping security checks effective as AI coding use expands – AI Audit

Phishing & Access Abuse

  • Crafty phishing campaigns now auto-adapt to the victim’s device and OS, making lures harder to detect – Adaptive Phishing

Threat Actor Actions

  • An alleged Scattered Spider hacker, described as a 19-year-old suspect, was extradited to the United States to face hacking charges – Scattered Spider, Extradition
  • Kubota said hackers maintained month-long access to its network systems before detection – Kubota Intrusion
  • The DHS confirmed a breach of the HSIN information-sharing platform, raising concerns about government network exposure – HSIN Breach

Cybersecurity News | Daily Recap – hendryadrian.com