Cyber Security News Bulletin Weekly
Cyber Security News Bulletin Weekly
https://cybersecuritynews.com/cyber-security-news-bulletin-weekly/
Publish Date: 2026-07-05 10:10:00
Source Domain: cybersecuritynews.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
This week’s roundup covers a major AI security model redeployment, several critical RCE vulnerabilities across popular tools, a landmark WhatsApp privacy update, and the latest Kali Linux release.
Anthropic Confirms Claude Mythos 5 Redeployment
Anthropic’s most powerful AI cybersecurity model Claude Mythos 5 is being restored to vetted US critical infrastructure organizations after a government-led suspension that began June 12, 2026.
The model demonstrated an unprecedented 72% success rate generating working exploits on the first attempt, discovered vulnerabilities spanning a 27-year-old OpenBSD flaw and a 16-year-old FFmpeg bug, and autonomously chained Linux kernel exploits achieving full privilege escalation.
The US government officially cleared redeployment on June 27 for organizations in energy, healthcare, financial services, and telecom — while work continues toward a broader rollout including Claude Fable 5. Read More
Chrome 151 Patches 382 Vulnerabilities
Google’s Chrome 151 stable update delivers patches for 382 security vulnerabilities, with 15 classified as critical, mostly “use after free” bugs in Extensions, GPU, WebUSB, Bluetooth, and Chromoting components. Exploiting these flaws could enable drive-by code execution. Users on Windows, macOS, Linux, and iOS should update immediately. Read More
“Bad Epoll” 0-Day Gives Root Access on Linux & Android Devices
A race condition and use-after-free in the Linux kernel’s epoll subsystem allows unprivileged local users to escalate to root with ~99% reliability. Dubbed Bad Epoll, the flaw targets servers, desktops, and Android. Since epoll cannot be disabled, the only mitigation is applying the upstream kernel patch immediately. Read More
CitrixBleed Vulnerability Exploited Within 24 Hours of Disclosure
A new CitrixBleed-class memory disclosure flaw in Citrix NetScaler appliances was actively exploited less than a day after public release. The unauthenticated flaw targets NetScaler instances configured as SAML IdPs, leaking session tokens via an XML parser out-of-bounds read. Affects ADC/Gateway 14.1 before 14.1-72.61. Patch immediately. Read More
Microsoft 365 Apps RCE Vulnerability
An out-of-bounds read in Excel’s file parsing allows arbitrary code execution when a user opens a weaponized spreadsheet. No authentication or privileges required — only user interaction. Affects Microsoft 365 Apps, Excel 2016, Office 2019, LTSC 2021/2024. Enable Protected View and apply Microsoft’s security patches. Read More
Critical Gemini CLI Vulnerability
Improper workspace trust in Google’s Gemini CLI lets attackers inject malicious environment variables via pull requests, triggering remote code execution in GitHub Actions pipelines — no user interaction needed. Affects versions before 0.39.1. Upgrade to 0.39.1 or 0.40.0-preview.3 and review all CI/CD workflows using the tool. Read More
Cursor IDE Zero-Click RCE via Prompt Injection — “DuneSlide”
Two CVSS 9.8 flaws in Cursor IDE allow attackers to escape the sandbox via prompt injection — no user action needed beyond a routine prompt. “DuneSlide” exploits working directory manipulation and symlink canonicalization to overwrite the sandboxing binary itself, enabling full system compromise and SaaS workspace takeover. Read More
Multiple Apache Tomcat Vulnerabilities Allow Authentication Bypass
Two flaws in Apache Tomcat let attackers bypass HTTP method-based security constraints on the default servlet. CVE-2026-55957 (Important) affects JNDIRealm with GSSAPI; CVE-2026-55956 (Moderate) exposes a broader version range. Upgrade to Tomcat 11.0.5, 10.1.37, or 9.0.101, respectively. Read More
Apache ActiveMQ Vulnerabilities Enable DoS and Unauthorized Access
Three flaws hit Apache ActiveMQ 5.x and 6.x: memory allocation abuse causing broker DoS crashes, broken temporary destination isolation allowing cross-tenant snooping, and low-privilege users accessing admin Web Console paths. Upgrade to ActiveMQ 6.2.7 or 5.19.8 to resolve all three. Read More
Claude Cowork Sandbox Vulnerability Allows Root Shell via DLL Sideloading
A vulnerability chain in Anthropic’s Claude Cowork (Windows) lets a local attacker escalate to root inside the product’s isolated Linux sandbox. The exploit chains DLL sideloading into claude.exe, RPC protocol reverse-engineering, and a logic flaw in the isResume parameter that bypasses all user-isolation checks, granting a root shell. Read More
Massive Password Spray Hits Microsoft 365 With 81 Million Login Attempts
A large-scale campaign abusing Azure CLI’s legacy OAuth ROPC flow bypassed MFA in 64 organizations, compromising 78 accounts during June 12–26, 2026. The actor (linked to IPv6 range 2a0a:d683::/32) is replaying breached credentials against poorly scoped Conditional Access Policies. Apply “All Cloud Apps” MFA and disable ROPC grants. Read More
Google & FBI Dismantle NetNut Residential Proxy
Google, working with the FBI and Lumen Technologies, dismantled the NetNut “Popa” botnet — estimated at 1.5–2.5 million compromised home devices daily. The proxy was linked to Alarum Technologies (NASDAQ: ALAR) and used by 316 threat clusters in a single week for password spraying and infrastructure obfuscation. Play Protect updated to block NetNut SDKs. Read More
PamStealer Mimics Maccy Clipboard Manager
A new Rust-based macOS infostealer disguises itself as the popular Maccy clipboard manager. PamStealer uses a two-stage AppleScript dropper, steals Keychain data and browser credentials via SQLite, monitors clipboard via pbpaste, and validates captured passwords using macOS PAM to guarantee correctness. C2 at avenger-sync[.]live. Read More
Peter Stokes, 19, a dual US-Estonian citizen, was extradited from Finland under Operation Riptide and charged with conspiracy, computer intrusion, and fraud. The Scattered Spider collective (also tracked as Octo Tempest/UNC3944) is linked to 100+ corporate breaches and $100M+ in ransoms. Stokes allegedly demanded $8M after breaching a luxury jewelry retailer. Read More
ChatGPT File Download Vulnerability
A researcher chained a guardrail bypass with a path traversal flaw in ChatGPT’s file download API to access /etc/passwd from the execution sandbox. The exploit used social engineering to trick the LLM into generating a valid download URL, then bypassed validation via preserved-path traversal. OpenAI has since redesigned the URL download flow. Read More
Researcher Used Claude AI to Exploit SQL Injection
A researcher used Claude Code (Opus) to bypass an AWS WAF and conduct blind SQL injection against Front Gate Tickets — a Live Nation subsidiary powering EDC, Bonnaroo, and Outside Lands. Full admin takeover was achieved, granting unlimited “comp” tickets. FGT fixed the bug and is launching a bug bounty program. Read More
Alibaba Set to Ban Claude Code
Alibaba is reportedly banning Anthropic’s Claude Code starting July 10 over claims the tool silently checks proxy configs and time zones against a list of Chinese enterprise identifiers (Alibaba, Baidu, ByteDance). Anthropic suggests it was an anti-abuse mechanism and says a fix is in progress. No third-party verification yet. Read More
Your iPhone Will Alert You in Real Time
iOS 27 introduces Trust Insights, an on-device behavioral analysis framework that detects scam coaching patterns across calls, messages, payments, and apps. It assigns medium/high risk scores in real time without inspecting message content. Apps can integrate it via WWDC26 APIs to delay risky transactions or prompt re-verification. Read More
WhatsApp Launches Username Feature
WhatsApp officially launched username reservations for its 3 billion+ users ahead of a full rollout later in 2026. Handles (3–35 chars, letters/numbers/underscores) operate on a zero-discovery model — no public directory, no search. An optional 4-digit “username key” adds a second gate against unsolicited messages. Existing Meta handles can be claimed directly. Read More
Apple “Hide My Email” Vulnerability
An unpatched flaw in Apple’s iCloud+ Hide My Email allows attackers to reverse-engineer the real email address behind anonymized aliases with minimal technical skill. Researcher Tyler Murphy reported the issue over a year ago with proof-of-concept steps, but Apple has not deployed a fix. High-risk users should treat aliases as linkable to their real identity. Read More
Indian Govt Bans Apps Being Misused to Remotely Disable E-Rickshaws
India directed Google and Apple to remove BAT-BMS, Lossigy, and Epoch-i-ion battery management apps whose remote kill-switch APIs were exploited by unauthorized users to disable e-rickshaws in motion. The apps lacked authentication controls and speed-based lockouts. India invoked Section 69A of the IT Act to force platform removal. Read More
Kali Linux 2026.2 Released — 9 New Tools, 3× Faster VM Boot
The Q2 Kali release brings GNOME 50, KDE Plasma 6.6, Linux kernel 6.19, and a complete VM graphics firmware overhaul that trims initrd from 200 MB to 60 MB — cutting QEMU boot times by 3×. Nine new tools added: arsenal-ng, legba, oletools, penelope, shell-gpt, tailscale, tookie-osint, uro, and hydra-gtk. NetHunter gains Qcacld-3.0 Wi-Fi injection support on OnePlus 7/9, POCO X3 Pro, Samsung A73, and more. Upgrade via sudo apt full-upgrade. Read More
Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.