{"id":240465,"date":"2026-07-05T10:10:00","date_gmt":"2026-07-05T14:10:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/05\/cyber-security-news-bulletin-weekly\/"},"modified":"2026-07-05T11:10:12","modified_gmt":"2026-07-05T15:10:12","slug":"cyber-security-news-bulletin-weekly","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/05\/cyber-security-news-bulletin-weekly\/","title":{"rendered":"Cyber Security News Bulletin Weekly"},"content":{"rendered":"<p><a href=\"https:\/\/cybersecuritynews.com\/cyber-security-news-bulletin-weekly\/\">Cyber Security News Bulletin Weekly<\/a><\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/cyber-security-news-bulletin-weekly\/\">https:\/\/cybersecuritynews.com\/cyber-security-news-bulletin-weekly\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-05 10:10:00<\/a><\/p>\n<p>Source Domain: <a href=\"cybersecuritynews.com\">cybersecuritynews.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>This week\u2019s roundup covers a major AI security model redeployment, several critical RCE vulnerabilities across popular tools, a landmark WhatsApp privacy update, and the latest Kali Linux release.<\/p>\n<p>Anthropic Confirms Claude Mythos 5 Redeployment<\/p>\n<p>Anthropic\u2019s most powerful AI cybersecurity model Claude Mythos 5 is being restored to vetted US critical infrastructure organizations\u00a0after a government-led suspension that began June 12, 2026.<\/p>\n<p>The model demonstrated an unprecedented\u00a072% success rate\u00a0generating working exploits on the first attempt, discovered vulnerabilities spanning a 27-year-old OpenBSD flaw and a 16-year-old FFmpeg bug, and autonomously chained Linux kernel exploits achieving full privilege escalation.<\/p>\n<p>The US government officially cleared redeployment on June 27 for organizations in energy, healthcare, financial services, and telecom \u2014 while work continues toward a broader rollout including Claude Fable 5. Read More<\/p>\n<p>Chrome 151 Patches 382 Vulnerabilities<\/p>\n<p>Google\u2019s Chrome 151 stable update delivers patches for\u00a0382 security vulnerabilities, with 15 classified as critical, mostly \u201cuse after free\u201d bugs in Extensions, GPU, WebUSB, Bluetooth, and Chromoting components. Exploiting these flaws could enable drive-by code execution. Users on Windows, macOS, Linux, and iOS should update immediately. Read More<\/p>\n<p>\u201cBad Epoll\u201d 0-Day Gives Root Access on Linux &#038; Android Devices<\/p>\n<p>A race condition and use-after-free in the Linux kernel\u2019s\u00a0epoll subsystem\u00a0allows unprivileged local users to escalate to root with ~99% reliability. Dubbed Bad Epoll, the flaw targets servers, desktops, and Android. Since epoll cannot be disabled, the only mitigation is applying the upstream kernel patch immediately. Read More<\/p>\n<p>CitrixBleed Vulnerability Exploited Within 24 Hours of Disclosure<\/p>\n<p>A new CitrixBleed-class memory disclosure flaw in\u00a0Citrix NetScaler\u00a0appliances was actively exploited less than a day after public release. The unauthenticated flaw targets NetScaler instances configured as SAML IdPs, leaking session tokens via an XML parser out-of-bounds read. Affects ADC\/Gateway 14.1 before 14.1-72.61. Patch immediately. Read More<\/p>\n<p>Microsoft 365 Apps RCE Vulnerability<\/p>\n<p>An out-of-bounds read in Excel\u2019s file parsing allows\u00a0arbitrary code execution\u00a0when a user opens a weaponized spreadsheet. No authentication or privileges required \u2014 only user interaction. Affects Microsoft 365 Apps, Excel 2016, Office 2019, LTSC 2021\/2024. Enable Protected View and apply Microsoft\u2019s security patches. Read More<\/p>\n<p>Critical Gemini CLI Vulnerability<\/p>\n<p>Improper workspace trust in\u00a0Google\u2019s Gemini CLI\u00a0lets attackers inject malicious environment variables via pull requests, triggering remote code execution in GitHub Actions pipelines \u2014 no user interaction needed. Affects versions before 0.39.1. Upgrade to 0.39.1 or 0.40.0-preview.3 and review all CI\/CD workflows using the tool. Read More<\/p>\n<p>Cursor IDE Zero-Click RCE via Prompt Injection \u2014 \u201cDuneSlide\u201d<\/p>\n<p>Two CVSS 9.8 flaws in\u00a0Cursor IDE\u00a0allow attackers to escape the sandbox via prompt injection \u2014 no user action needed beyond a routine prompt. \u201cDuneSlide\u201d exploits working directory manipulation and symlink canonicalization to overwrite the sandboxing binary itself, enabling full system compromise and SaaS workspace takeover. Read More<\/p>\n<p>Multiple Apache Tomcat Vulnerabilities Allow Authentication Bypass<\/p>\n<p>Two flaws in\u00a0Apache Tomcat\u00a0let attackers bypass HTTP method-based security constraints on the default servlet. CVE-2026-55957 (Important) affects JNDIRealm with GSSAPI; CVE-2026-55956 (Moderate) exposes a broader version range. Upgrade to Tomcat 11.0.5, 10.1.37, or 9.0.101, respectively. Read More<\/p>\n<p>Apache ActiveMQ Vulnerabilities Enable DoS and Unauthorized Access<\/p>\n<p>Three flaws hit\u00a0Apache ActiveMQ 5.x and 6.x: memory allocation abuse causing broker DoS crashes, broken temporary destination isolation allowing cross-tenant snooping, and low-privilege users accessing admin Web Console paths. Upgrade to ActiveMQ 6.2.7 or 5.19.8 to resolve all three. Read More<\/p>\n<p>Claude Cowork Sandbox Vulnerability Allows Root Shell via DLL Sideloading<\/p>\n<p>A vulnerability chain in\u00a0Anthropic\u2019s Claude Cowork\u00a0(Windows) lets a local attacker escalate to root inside the product\u2019s isolated Linux sandbox. The exploit chains DLL sideloading into claude.exe, RPC protocol reverse-engineering, and a logic flaw in the isResume parameter that bypasses all user-isolation checks, granting a root shell. Read More<\/p>\n<p>Massive Password Spray Hits Microsoft 365 With 81 Million Login Attempts<\/p>\n<p>A large-scale campaign abusing\u00a0Azure CLI\u2019s legacy OAuth ROPC flow\u00a0bypassed MFA in 64 organizations, compromising 78 accounts during June 12\u201326, 2026. The actor (linked to IPv6 range 2a0a:d683::\/32) is replaying breached credentials against poorly scoped Conditional Access Policies. Apply \u201cAll Cloud Apps\u201d MFA and disable ROPC grants. Read More<\/p>\n<p>Google &#038; FBI Dismantle NetNut Residential Proxy<\/p>\n<p>Google, working with the FBI and Lumen Technologies,\u00a0dismantled the NetNut \u201cPopa\u201d botnet\u00a0\u2014 estimated at 1.5\u20132.5 million compromised home devices daily. The proxy was linked to Alarum Technologies (NASDAQ: ALAR) and used by 316 threat clusters in a single week for password spraying and infrastructure obfuscation. Play Protect updated to block NetNut SDKs. Read More<\/p>\n<p>PamStealer Mimics Maccy Clipboard Manager<\/p>\n<p>A new Rust-based macOS infostealer disguises itself as the popular\u00a0Maccy clipboard manager. PamStealer uses a two-stage AppleScript dropper, steals Keychain data and browser credentials via SQLite, monitors clipboard via pbpaste, and validates captured passwords using macOS PAM to guarantee correctness. C2 at avenger-sync[.]live. Read More<\/p>\n<p>Peter Stokes, 19, a dual US-Estonian citizen, was extradited from Finland under Operation Riptide and charged with conspiracy, computer intrusion, and fraud. The\u00a0Scattered Spider collective\u00a0(also tracked as Octo Tempest\/UNC3944) is linked to 100+ corporate breaches and $100M+ in ransoms. Stokes allegedly demanded $8M after breaching a luxury jewelry retailer. Read More<\/p>\n<p>ChatGPT File Download Vulnerability<\/p>\n<p>A researcher chained a guardrail bypass with a path traversal flaw in\u00a0ChatGPT\u2019s file download API\u00a0to access \/etc\/passwd from the execution sandbox. The exploit used social engineering to trick the LLM into generating a valid download URL, then bypassed validation via preserved-path traversal. OpenAI has since redesigned the URL download flow. Read More<\/p>\n<p>Researcher Used Claude AI to Exploit SQL Injection<\/p>\n<p>A researcher used\u00a0Claude Code (Opus)\u00a0to bypass an AWS WAF and conduct blind SQL injection against Front Gate Tickets \u2014 a Live Nation subsidiary powering EDC, Bonnaroo, and Outside Lands. Full admin takeover was achieved, granting unlimited \u201ccomp\u201d tickets. FGT fixed the bug and is launching a bug bounty program. Read More<\/p>\n<p>Alibaba Set to Ban Claude Code<\/p>\n<p>Alibaba is reportedly banning\u00a0Anthropic\u2019s Claude Code\u00a0starting July 10 over claims the tool silently checks proxy configs and time zones against a list of Chinese enterprise identifiers (Alibaba, Baidu, ByteDance). Anthropic suggests it was an anti-abuse mechanism and says a fix is in progress. No third-party verification yet. Read More<\/p>\n<p>Your iPhone Will Alert You in Real Time<\/p>\n<p>iOS 27 introduces Trust Insights, an on-device behavioral analysis framework that detects scam coaching patterns across calls, messages, payments, and apps. It assigns medium\/high risk scores in real time without inspecting message content. Apps can integrate it via WWDC26 APIs to delay risky transactions or prompt re-verification. Read More<\/p>\n<p>WhatsApp Launches Username Feature<\/p>\n<p>WhatsApp officially launched username reservations\u00a0for its 3 billion+ users ahead of a full rollout later in 2026. Handles (3\u201335 chars, letters\/numbers\/underscores) operate on a zero-discovery model \u2014 no public directory, no search. An optional 4-digit \u201cusername key\u201d adds a second gate against unsolicited messages. Existing Meta handles can be claimed directly. Read More<\/p>\n<p>Apple \u201cHide My Email\u201d Vulnerability<\/p>\n<p>An unpatched flaw in\u00a0Apple\u2019s iCloud+ Hide My Email\u00a0allows attackers to reverse-engineer the real email address behind anonymized aliases  with minimal technical skill. Researcher Tyler Murphy reported the issue over a year ago with proof-of-concept steps, but Apple has not deployed a fix. High-risk users should treat aliases as linkable to their real identity. Read More<\/p>\n<p>Indian Govt Bans Apps Being Misused to Remotely Disable E-Rickshaws<\/p>\n<p>India directed Google and Apple to remove\u00a0BAT-BMS, Lossigy, and Epoch-i-ion\u00a0battery management apps whose remote kill-switch APIs were exploited by unauthorized users to disable e-rickshaws in motion. The apps lacked authentication controls and speed-based lockouts. India invoked Section 69A of the IT Act to force platform removal. Read More<\/p>\n<p>Kali Linux 2026.2 Released \u2014 9 New Tools, 3\u00d7 Faster VM Boot<\/p>\n<p>The Q2 Kali release brings\u00a0GNOME 50, KDE Plasma 6.6, Linux kernel 6.19, and a complete VM graphics firmware overhaul that trims initrd from 200 MB to 60 MB \u2014 cutting QEMU boot times by 3\u00d7. Nine new tools added: arsenal-ng, legba, oletools, penelope, shell-gpt, tailscale, tookie-osint, uro, and hydra-gtk. NetHunter gains Qcacld-3.0 Wi-Fi injection support on OnePlus 7\/9, POCO X3 Pro, Samsung A73, and more. Upgrade via\u00a0sudo apt full-upgrade. Read More<\/p>\n<p>\u00a0Strengthen Your SOC by Accelerating Threat Detection &#038; Rapid Investigations.\u00a0-> Integrate ANY.RUN With Your SOC Now.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber Security News Bulletin Weekly https:\/\/cybersecuritynews.com\/cyber-security-news-bulletin-weekly\/ Publish Date: 2026-07-05 10:10:00 Source Domain: cybersecuritynews.com Author: Using&#8230;<\/p>\n","protected":false},"author":1,"featured_media":240466,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2026\/07\/Cyber-Security-News-Bulletin-Weekly.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,36,17,27],"class_list":["post-240465","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-infostealer","tag-llm","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/240465"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=240465"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/240465\/revisions"}],"predecessor-version":[{"id":240467,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/240465\/revisions\/240467"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/240466"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=240465"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=240465"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=240465"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}