{"id":242554,"date":"2026-07-12T10:23:00","date_gmt":"2026-07-12T14:23:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/12\/cybersecurity-newsletter-weekly-top-40-biggest-cyber-stories-of-the-week-july-2026\/"},"modified":"2026-07-12T12:35:09","modified_gmt":"2026-07-12T16:35:09","slug":"cybersecurity-newsletter-weekly-top-40-biggest-cyber-stories-of-the-week-july-2026","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/12\/cybersecurity-newsletter-weekly-top-40-biggest-cyber-stories-of-the-week-july-2026\/","title":{"rendered":"Cybersecurity Newsletter Weekly: Top 40 Biggest Cyber Stories of the Week, July 2026"},"content":{"rendered":"<p><a href=\"https:\/\/gbhackers.com\/weekly-cybersecurity-newsletter-july-6-10-2026\/\">Cybersecurity Newsletter Weekly: Top 40 Biggest Cyber Stories of the Week, July 2026<\/a><\/p>\n<p><a href=\"https:\/\/gbhackers.com\/weekly-cybersecurity-newsletter-july-6-10-2026\/\">https:\/\/gbhackers.com\/weekly-cybersecurity-newsletter-july-6-10-2026\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-12 10:23:00<\/a><\/p>\n<p>Source Domain: <a href=\"gbhackers.com\">gbhackers.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\nWelcome to this week\u2019s edition of the GBHackers cybersecurity newsletter \u2014 your weekly cybersecurity bulletin covering the 40 most important stories from July 6\u201310, 2026. <\/p>\n<p>This week the security world collided with AI head-on: prompt-injection attacks turned chatbots into C2 agents, five major AI coding assistants fell to a single attack pattern, and thousands of MCP servers were found exposed. <\/p>\n<p>Meanwhile, CitrixBleed 2 exploitation went from theory to DragonForce ransomware deployments, Android 17 got rooted with one click, and a ransomware negotiator went to prison for playing both sides. Here\u2019s everything your peers are reading this week.<\/p>\n<p>IN THIS ISSUE<\/p>\n<p>Top Stories of the Week\u00a0 \u2014\u00a0 5 storiesAI Under Attack\u00a0 \u2014\u00a0 7 storiesCritical Vulnerabilities &#038; Exploits\u00a0 \u2014\u00a0 11 stories|Ransomware &#038; Extortion\u00a0 \u2014\u00a0 5 storiesPhishing &#038; Social Engineering\u00a0 \u2014\u00a0 6 storiesBreaches, Malware &#038; Supply Chain\u00a0 \u2014\u00a0 6 stories<\/p>\n<p>\ud83d\udd25 TOP STORIES OF THE WEEK<\/p>\n<p>1. Hackers Exploit CitrixBleed 2 to Hijack MFA-Protected Sessions and Deploy DragonForce Ransomware<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Threat actors are exploiting CVE-2025-5777 to hijack active NetScaler sessions \u2014 even those protected by multi-factor authentication. Once inside, they\u2019re moving laterally and deploying DragonForce ransomware across enterprise networks.<\/p>\n<p>2. Claude AI Prompt Injection Attack Turns Chatbot Into Stealthy C2 Agent to Achieve Remote Code Execution<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Researchers show Claude Desktop\u2019s synced Personal Preferences feature can be abused as a covert prompt-injection channel, turning the assistant into a de facto command-and-control agent. The technique chains all the way to remote code execution on the victim\u2019s machine.<\/p>\n<p>3. 281 Android VPN Apps Expose Users to Traffic Leaks, Tracking and Tunnel Hijacking<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A sweeping security analysis found 281 Android VPN apps exposing users to traffic leaks, third-party tracking, and tunnel hijacking. The tools millions installed for privacy may be the biggest privacy risk on the phone.<\/p>\n<p>4. IonStack Exploit Chain Lets Hackers Root Android 17 Phones With a Single URL Click<\/p>\n<p>July 8, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Nebula Security\u2019s \u201cIonStack\u201d exploit chain achieves full root access on Android 17 devices from a single malicious URL click. Even Google\u2019s newest, most hardened Android build can fall to one tap.<\/p>\n<p>5. Ransomware Negotiator Jailed for Leaking Victim Secrets to BlackCat Hackers<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A Florida ransomware negotiator has been sentenced to federal prison for conspiring with ALPHV\/BlackCat operators while supposedly negotiating on victims\u2019 behalf. He was quietly profiting from both sides of the extortion table.<\/p>\n<p>\ud83e\udd16 AI UNDER ATTACK<\/p>\n<p>6. GhostApproval Attack Impacts Amazon Q, Claude Code, Cursor, Google Antigravity, and Windsurf<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A newly disclosed vulnerability pattern dubbed \u201cGhostApproval\u201d breaks the human-approval trust boundary at the heart of AI coding assistants. Amazon Q, Claude Code, Cursor, Google Antigravity, and Windsurf are all affected.<\/p>\n<p>7. GitHub Copilot IDE Coding Agents Vulnerable to Workflow-Level Jailbreak Attacks<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>GitHub Copilot\u2019s new IDE coding agents can be jailbroken at the workflow level, bypassing the guardrails built into the editor. Attackers can steer the agent into actions the developer never approved.<\/p>\n<p>8. Google Gemini Live API Flaw Allows RCE via Unconstrained Ephemeral Tokens<\/p>\n<p>July 7, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Misconfigured ephemeral tokens in Google\u2019s Gemini Live API left integrating applications open to remote code execution. Researchers show how unconstrained tokens hand attackers far more power than developers intended.<\/p>\n<p>9. Thousands of MCP Servers Found Vulnerable to File Access and Injection Attacks<\/p>\n<p>July 7, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Thousands of Model Context Protocol servers \u2014 the connectors linking LLMs to external systems \u2014 are vulnerable to critical file access and injection attacks. The AI ecosystem\u2019s fastest-growing plumbing is also its least secured.<\/p>\n<p>10. Hackers Compromise AWS AI Gateway Connected to Amazon Bedrock to Deploy XMRig Cryptominer<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Attackers compromised an enterprise AI gateway linked to Amazon Bedrock and used it to deploy an XMRig cryptominer. Generative AI infrastructure has officially joined the enterprise attack surface.<\/p>\n<p>11. US Cyber Agency Uses Anthropic Mythos to Audit Government Code for Bugs<\/p>\n<p>July 7, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>CISA has begun using Anthropic\u2019s advanced Mythos model to audit government software for vulnerabilities. It marks the first large-scale federal deployment of a frontier AI model for code security review.<\/p>\n<p>12. Microsoft Uses AI-Powered Agentic Scanning to Find Windows Security Flaws and Accelerate Patching<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Microsoft is expanding a multi-model \u201cagentic\u201d AI scanning system that hunts Windows security flaws before attackers find them. The company says it will meaningfully accelerate patch delivery worldwide.<\/p>\n<p>\u26a0\ufe0f CRITICAL VULNERABILITIES &#038; EXPLOITS<\/p>\n<p>13. Microsoft Edge High-Severity Vulnerability Allows Remote Code Execution<\/p>\n<p>July 7, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Microsoft has disclosed CVE-2026-57992, a high-severity remote code execution flaw in its Chromium-based Edge browser. A crafted page could hand attackers control of unpatched systems \u2014 update immediately.<\/p>\n<p>14. Linux FUSE Vulnerability Allows Unprivileged Users to Pop a Root Shell<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A newly disclosed flaw in the Linux kernel\u2019s FUSE subsystem lets unprivileged local users corrupt the page cache and escalate straight to root. Any shared or multi-user Linux system is in the blast radius.<\/p>\n<p>15. Bad Epoll Linux Kernel UAF Flaw Lets Unprivileged Attackers Gain Root on Linux and Android<\/p>\n<p>July 6, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>CVE-2026-46242, dubbed \u201cBad Epoll,\u201d is a race-condition use-after-free in the kernel\u2019s epoll subsystem. It hands unprivileged attackers root on both Linux servers and Android devices.<\/p>\n<p>16. 16-Year-Old Januscape KVM Escape Vulnerability Lets Attackers Compromise Linux Hosts<\/p>\n<p>July 7, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>CVE-2026-53359, named \u201cJanuscape,\u201d exposes a flaw that sat in KVM\/x86 virtualization for 16 years. A malicious guest VM can escape and fully compromise the underlying Linux host.<\/p>\n<p>17. Veeam Backup BinaryFormatter Flaw Enables Remote Code Execution<\/p>\n<p>July 6, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>CVE-2026-44963 is a BinaryFormatter deserialization flaw in Veeam Backup &#038; Replication that lets authenticated domain users execute remote code. Backup servers are exactly the target ransomware crews hit first.<\/p>\n<p>18. Critical BeyondTrust Authentication Flaws Expose Remote Support Appliances to Attacks<\/p>\n<p>July 7, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>BeyondTrust disclosed multiple critical and high-severity flaws in its Remote Support and Privileged Remote Access appliances. The tools built to guard privileged access have become the doorway in.<\/p>\n<p>19. Roundcube Webmail Security Update Patches Critical Zero-Click XSS and SSRF Bypass Flaws<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Roundcube 1.7.2 patches a zero-click stored XSS that fires with no user interaction at all, plus an SSRF bypass. Self-hosted webmail admins should treat this as an emergency update.<\/p>\n<p>20. Critical Opera GX Vulnerability Lets Attackers Inject CSS Across Every Webpage<\/p>\n<p>July 6, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A critical flaw in Opera GX\u2019s Mods feature allowed attackers to inject malicious CSS into every webpage a user visits. A feature built for browser customization became a universal injection channel.<\/p>\n<p>21. Over 70% of Public WordPress Sites Running Outdated PHP Exposed to Cyberattacks<\/p>\n<p>July 8, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>New analysis shows more than 70% of publicly accessible WordPress sites run outdated, unsupported PHP versions. That\u2019s tens of millions of sites exposed to known, already-weaponized exploits.<\/p>\n<p>22. Attackers Exploit WordPress Plugin Vulnerabilities for Remote Code Execution and Webshell Access<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A large-scale campaign is actively weaponizing known WordPress plugin flaws for remote code execution and webshell deployment. Unpatched plugins remain the single easiest way into the CMS ecosystem.<\/p>\n<p>23. Wireshark 4.6.7 Released to Patch 12 Vulnerabilities in SSH, TLS, Wi-Fi and pcapng<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Wireshark 4.6.7 fixes 12 security flaws across SSH, TLS and Wi-Fi dissectors and pcapng file parsing. A booby-trapped capture file could compromise the very analyst investigating an incident.<\/p>\n<p>\ud83d\udd12 RANSOMWARE &#038; EXTORTION<\/p>\n<p>24. Everest Ransomware Encryptor Uses ConfuserEx-Protected .NET Binary With Wake-on-LAN Capability<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Technical analysis of an Everest encryptor reveals a heavily obfuscated, ConfuserEx-protected .NET binary with built-in Wake-on-LAN capability. The malware literally wakes sleeping machines on the network so it can encrypt them too.<\/p>\n<p>25. GodDamn Ransomware Attack Uses PsExec Lateral Movement and NirSoft Toolkit for Credential Theft<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>The \u201cGodDamn\u201d ransomware turns out to be the latest rebrand of a long-running family rather than something new. Its operators lean on PsExec for lateral movement and NirSoft utilities for credential theft.<\/p>\n<p>26. New Helix Extortion Group Targets Enterprises With MFA Abuse and SharePoint Exfiltration<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A previously unreported extortion crew dubbed \u201cHelix\u201d is hitting enterprises with voice phishing, MFA abuse, and automated SharePoint data theft. It\u2019s identity-first extortion \u2014 no encryptor required.<\/p>\n<p>27. TeamPCP Supply Chain Attacks Feed VECT Ransomware With Stolen CI\/CD Credentials<\/p>\n<p>July 7, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>TeamPCP\u2019s wide-scale supply-chain compromises have amassed a vast archive of stolen CI\/CD credentials now directly fueling VECT ransomware operations. Your pipeline secrets may already be in their hands.<\/p>\n<p>28. GigaWiper Uses OneDrive Update Scheduled Task for Persistent Destructive Access<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>GigaWiper is a Golang-based backdoor that hides its persistence inside a scheduled task disguised as a OneDrive update. Behind its extensive C2 controls sit multiple destructive wiper payloads awaiting the trigger.<\/p>\n<p>\ud83c\udfa3 PHISHING &#038; SOCIAL ENGINEERING<\/p>\n<p>29. Forg365 PhaaS Uses Telegram and AI Lures to Hijack Microsoft 365 Accounts<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Forg365 is a commercial phishing-as-a-service platform aimed squarely at Microsoft 365, combining device-code phishing, adversary-in-the-middle workflows, and AI-assisted lures. The whole operation is run and sold through Telegram.<\/p>\n<p>30. Fake Robinhood Sign-In Alerts Trick Users Into Calling Hacker-Controlled Phone Numbers<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A callback-phishing wave is sending fake Robinhood \u201cnew sign-in\u201d alerts that pressure users into dialing attacker-controlled phone numbers. The panic is manufactured; the account takeover that follows is real.<\/p>\n<p>31. Hackers Use Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts<\/p>\n<p>July 6, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Attackers are weaponizing a legitimate Microsoft OAuth 2.0 flow and one-time codes to take over corporate accounts \u2014 no stolen passwords required. Because the lure lives on a trusted Microsoft domain, email filters wave it straight through.<\/p>\n<p>32. Hackers Abuse Cross-Tenant Teams Chat to Deliver EtherRAT Through Malicious MSI Loader<\/p>\n<p>July 7, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A campaign observed in late June pairs email phishing with abused cross-tenant Microsoft Teams chats to deliver the sophisticated EtherRAT via a malicious MSI loader. External Teams messages are the new phishing inbox.<\/p>\n<p>33. SNOW Malware Ecosystem Uses Teams Phishing, WebSocket Tunnels, and Browser Extensions<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>The SNOW malware ecosystem chains convincing Teams phishing, covert WebSocket tunnels, and rogue browser extensions into one believable intrusion path. It\u2019s a full-stack social-engineering operation, not a single payload.<\/p>\n<p>34. New Multi-Stage LNK Attack Targets Hospitality Firms With Node.js Backdoor<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>Hotels and travel firms are being hit with fake booking-related emails that trigger a multi-stage LNK attack chain. The final payload is a Node.js backdoor giving attackers full remote control.<\/p>\n<p>\ud83e\udda0 BREACHES, MALWARE &#038; SUPPLY CHAIN<\/p>\n<p>35. AssuranceAmerica Confirms Massive Data Breach Exposing Driver\u2019s License and Insurance Data<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>US auto and renters insurer AssuranceAmerica confirmed a significant breach exposing customers\u2019 personal information and driver\u2019s license data. Affected policyholders now face elevated identity-theft and fraud risk.<\/p>\n<p>36. npm and PyPI Malware Campaign Exfiltrates CI\/CD Secrets Through Fake Payment SDKs<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A coordinated campaign pushed 17 malicious npm and PyPI packages masquerading as SDKs for PaySafe, Skrill, and other payment services. Their real job: silently exfiltrating CI\/CD secrets from build environments.<\/p>\n<p>37. RedHook Abuses Accessibility Service to Enable Developer Options and Wireless Debugging<\/p>\n<p>July 9, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>The RedHook Android RAT has resurfaced with the ability to autonomously enable Developer Options and wireless debugging by abusing accessibility services. That unlocks a far deeper level of device control than before.<\/p>\n<p>38. Lurking Lizard Uses Drop-Catch Domains and Lookalike Brands to Distribute Proxyware<\/p>\n<p>July 8, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>The long-running \u201cLurking Lizard\u201d operation uses drop-catch domains and lookalike brands \u2014 including a fake 7-Zip installer \u2014 to spread proxyware. Infected PCs are silently rented out as residential proxy exit nodes.<\/p>\n<p>39. ESET Threat Report H1 2026 Highlights Malicious AI Skills, ClickFix Surge, and EDR Killers<\/p>\n<p>July 8, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>ESET\u2019s first-half 2026 report flags malicious AI skills, a surging ClickFix technique, and increasingly common EDR-killer tooling. Attackers aren\u2019t inventing new playbooks \u2014 they\u2019re supercharging old ones with AI.<\/p>\n<p>40. Malicious Braintree.Net Typosquat Steals PAN, CVV, and Payment Gateway Credentials<\/p>\n<p>July 10, 2026\u00a0 \u2022\u00a0 gbhackers.com<\/p>\n<p>A malicious NuGet package typosquatting Braintree\u2019s official .NET client was caught stealing card numbers, CVVs, and payment gateway credentials. Automated scanning flagged it as malware within minutes of its July 3 publication.<\/p>\n<p>\u2753 FREQUENTLY ASKED QUESTIONS<\/p>\n<p>What does this weekly cybersecurity newsletter cover?<\/p>\n<p>Each issue of the GBHackers cybersecurity newsletter rounds up the week\u2019s 40 most important stories \u2014 critical vulnerabilities, ransomware attacks, data breaches, AI security threats, phishing campaigns, and malware research \u2014 curated by our editorial team from everything published on gbhackers.com.<\/p>\n<p>How is a cybersecurity bulletin different from daily security news?<\/p>\n<p>A cybersecurity bulletin condenses hundreds of daily headlines into a single prioritized weekly briefing. Instead of monitoring feeds all day, security teams get the exploited CVEs, active campaigns, and breaches that actually matter \u2014 with direct links to the full analysis of each story.<\/p>\n<p>How do I subscribe to the GBHackers weekly cybersecurity newsletter?<\/p>\n<p>Visit gbhackers.com and follow us on LinkedIn or X (@gbhackers_news) to get every weekly issue. The newsletter is free and lands once a week, every week.<\/p>\n<p>Found this cybersecurity bulletin useful? Get the weekly cybersecurity newsletter in your inbox \u2014 free, every week, from GBHackers.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity Newsletter Weekly: Top 40 Biggest Cyber Stories of the Week, July 2026 https:\/\/gbhackers.com\/weekly-cybersecurity-newsletter-july-6-10-2026\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":242555,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/07\/cybersecurity-newsletter.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,31,35,32,25,27],"class_list":["post-242554","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-exploit","tag-hacker","tag-malware","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/242554"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=242554"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/242554\/revisions"}],"predecessor-version":[{"id":242556,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/242554\/revisions\/242556"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/242555"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=242554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=242554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=242554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}